One thing that we might want to consider is that the backup function allows any admin to download the full source code and db of a project that might be closed source. I had to take away several people's admin privileges on my own projects because of this. What are your thoughts on making backups master only? Or maybe if we take away some of the messages, all admins could hit the backup button, but not see any of the logging or download backups?
I'm not okay with this as I for security purposes keep my User ID 1 as a placeholder account and ban it, and make a secondary account for myself with full admin access, but no master access. Purely a security thing as I don't want someone to get access to my account and have complete and utter access to every aspect of the system even if I do whatever to lock them out. (eg I sign in from the Dev Account and remove their permission levels, but they still got access bc they are master).
I would use it in the following manner if you were to restrict it:
Jr Admin - Click backup
Sr Admin - Can download and logging
Or in my terms of what I use:
Administrator
Database Admin (would be same as Jr Admin above)
Right.
Forcing out a new permission level gets sticky because the permissions are usually hard coded into the php, but I'm sure we can get creative.
Why don't we add a variable to the user profiles? That can only be modified based on whatever criteria we set? And if they have a value of whatever (1 I guess) in that spot they have access to all of admin_backup, where if they dont and only have the admin permission, they lose whatever we set
What permission level would you recommend be able to set that variable?
Master Account would be fine to set this variable. Ultimately you can change this in the DB (change the value) if you needed to give someone permission and something fatal happened or whatever
That's kind of a problem.
You might want to fix that!