Add the security warning to more core module permissions

Created on 12 August 2019, over 5 years ago
Updated 30 January 2023, almost 2 years ago

Problem/Motivation

Many core administrative permissions do not have "restrict access" enabled, which means there is not a warning on the permissions page when granting that permission to a role.

Proposed resolution

We should add "restrict access" to all permissions with "Administer" in the title, as well as auditing all other permissions to see where this would be a fit.

Remaining tasks

1. Write a patch.

2. Backport the patch to Drupal 7.

User interface changes

More warnings will be shown on the permissions page.

API changes

None.

Data model changes

None.

Release notes snippet

n/a

πŸ“Œ Task
Status

Needs work

Version

10.1 ✨

Component
User systemΒ  β†’

Last updated 3 days ago

Created by

πŸ‡ΊπŸ‡ΈUnited States samuel.mortenson

Live updates comments and jobs are added and updated live.
  • Novice

    It would make a good project for someone who is new to the Drupal contribution process. It's preferred over Newbie.

  • Security improvements

    It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024