- πΊπΈUnited States smustgrave
Thank you for sharing your idea for improving Drupal.
We are working to decide if this proposal meets the Criteria for evaluating proposed changes. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or there is no community support. Your thoughts on this will allow a decision to be made.
Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.
Thanks!
This issue seems obsolete due to this change record: Super user access policy can be turned off β . See also Securing the admin super user (#1) β .
Site admins can also install the Paranoia β module.
The proper way to secure a Drupal site is to create a lesser admin role with safer permissions and use that for people who are admins, then remove all access checks of UID 1 and the 'administrator' role in the code. Processes that need to run with admin permissions can use a dummy user session:
$this->accountSwitcher->switchTo(new UserSession(['roles' => ['administrator']]));Or you can even narrow down access by permission.