[AwesomeShark305]

So I recently learned via my forums that anyone of my administrators can change another admins privileges... Thus allowing for them to ban one another. Regular admins also have the ability to strip a super Administrators permissions from them and ban them. I need to know how to stop this.

[Max Taxable]

Originally Posted by AwesomeShark305

So I recently learned via my forums that anyone of my administrators can change another admins privileges... Thus allowing for them to ban one another. Regular admins also have the ability to strip a super Administrators permissions from them and ban them. I need to know how to stop this.

If the Super Administrator is also defined as unalterable in the config file, there is NO way anyone can make any changes to his account.

You should have only ONE Super Administrator. The rest of them should just be regular admins with permissions only you can set. If you're going to add another SA, make damn sure it is someone you trust implicitly.

Make sure to check the config file and set yourself as unalterable/undeletable.

[In Omnibus]

What Max said. You can also add any user ID to the config.php file as an undeletable / unalterable user. It doesn't have to be an administrator although that is the general use.

[AwesomeShark305]

Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?

[In Omnibus]

Originally Posted by AwesomeShark305

Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?

You have far too many administrators. The software is designed to have a limited number of administrators. Many sites have only one. The odds are that most of those people do not need administrator permissions. If they do they don't need all of the administrator permissions. That is why you have problems. My recommendation would be to remove all administrator permissions from anyone who does not need to have them. In Usergroups > Administrator Permissions remove permissions from anyone who does not need that specific permission. Then those people will not have the ability to alter other administrators.

[AwesomeShark305]

Originally Posted by In Omnibus

You have far too many administrators. The software is designed to have a limited number of administrators. Many sites have only one. The odds are that most of those people do not need administrator permissions. If they do they don't need all of the administrator permissions. That is why you have problems. My recommendation would be to remove all administrator permissions from anyone who does not need to have them. In Usergroups > Administrator Permissions remove permissions from anyone who does not need that specific permission. Then those people will not have the ability to alter other administrators.

My site is used in reference to a gaming community spread across Xbox, PlayStation, & PC gaming. my admins are not the problem. The problem is the common sense that was "Lacked" when creating this forum software in the vBulletin program. A regular Admin should not be able to edit a Super Administrators permissions! What is the word "Super" for if it means absolutely nothing? I need to know where to go and edit this coding. IF, the creators of Vbulletin can't comment on here and explain the issue of their own system. Maybe someone has came across this coding somewhere in their files.

[MarkFL]

You need to look in the file "includes/config.php" for a section like this:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

For each category, put the comma delimited list of users by userid you wish to have those permissions/attributes. Bear in mind any admin with access to the server can alter this file as well.

[AwesomeShark305]

Originally Posted by MarkFL

You need to look in the file "includes/config.php" for a section like this:

Block Disabled:      (Update License Status)
Suspended or Unlicensed Members Cannot View Code.

For each category, put the comma delimited list of users by userid you wish to have those permissions/attributes. Bear in mind any admin with access to the server can alter this file as well.

I have edited these setting already, however the problem is that a basic admin can go change our primary usergroup from admin to moderator or something, and then ban the account.

[MarkFL]

No one can alter the account of someone set as undeletable/unalterable from within the AdminCP (administration of users). Of course anyone who knows MySQL can run a query, either in a plugin or manually (if they are permitted to run manual queries) to alter anyone's account, if they know what they're doing.

[Max Taxable]

Originally Posted by AwesomeShark305

I have edited these setting already, however the problem is that a basic admin can go change our primary usergroup from admin to moderator or something, and then ban the account.

That is IMPOSSIBLE if you have the settings correct in the config file.

Period.

Originally Posted by AwesomeShark305

Myself & my other lead admin are super administrators, just like the head admin account. A regular admin that we can appoint, can change our primary user group and then ban our accounts. we have about 9 normal admins. A regular admin should not have the ability to change my user groups. also my server is written to where I am a Super admin, so in the event this actually happened, the site should always allow me access to the admin panel no matter what. why is this a thing?

It's a thing because you do NOT have the config.php file modified correctly.

Originally Posted by AwesomeShark305

The problem is the common sense that was "Lacked" when creating this forum software in the vBulletin program. A regular Admin should not be able to edit a Super Administrators permissions! What is the word "Super" for if it means absolutely nothing? I need to know where to go and edit this coding. IF, the creators of Vbulletin can't comment on here and explain the issue of their own system. Maybe someone has came across this coding somewhere in their files.

There is nothing lacking in the vBulletin system for this issue. What is lacking is your settings in the config file.

Please post what you have there, for the relevant settings. I almost bet you're using usernames instead of userid numbers.

[AwesomeShark305]

Originally Posted by Max Taxable

That is IMPOSSIBLE if you have the settings correct in the config file.

Period.It's a thing because you do NOT have the config.php file modified correctly.There is nothing lacking in the vBulletin system for this issue. What is lacking is your settings in the config file.

Please post what you have there, for the relevant settings. I almost bet you're using usernames instead of userid numbers.

// ****** USERS WITH ADMIN LOG VIEWING PERMISSIONS ******
// The users specified here will be allowed to view the admin log in the control panel.
// Users must be specified by *ID number* here. To obtain a user's ID number,
// view their profile via the control panel. If this is a new installation, leave
// the first user created will have a user ID of 1. Seperate each userid with a comma.
$config['SpecialUsers']['canviewadminlog'] = '1,3,4';

// ****** USERS WITH ADMIN LOG PRUNING PERMISSIONS ******
// The users specified here will be allowed to remove ("prune") entries from the admin
// log. See the above entry for more information on the format.
$config['SpecialUsers']['canpruneadminlog'] = '1,3,4';

// ****** USERS WITH QUERY RUNNING PERMISSIONS ******
// The users specified here will be allowed to run queries from the control panel.
// See the above entries for more information on the format.
// Please note that the ability to run queries is quite powerful. You may wish
// to remove all user IDs from this list for security reasons.
$config['SpecialUsers']['canrunqueries'] = '';

// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '1';

// ****** SUPER ADMINISTRATORS ******
// The users specified below will have permission to access the administrator permissions
// page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1,3,4';


I am using numbers...

--------------- Added 10 Sep 2018 at 04:24 ---------------

I am not trying to make my account undetectable. I am trying to make it where if you are a Super Administrator, not regular admin can change you primary usergroup and then ban your account.

[MarkFL]

With those settings, only the user with userid 1 cannot be altered via the AdminCP.

[snakes1100]

"I am not trying to make my account undetectable."

un·de·tect·a·ble
ˌəndəˈtektəb(ə)l/Submit
adjective
not able to be detected.

----------------------------------

// ****** UNDELETABLE / UNALTERABLE USERS ******
// The users specified here will not be deletable or alterable from the control panel by any users.
// To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '1'; <-- Add the user id's of account that you dont want being changed.


undeletable
Adjective
(not comparable)

(computing) That cannot be deleted; indelible.
(computing) That can be undeleted.


un·al·ter·a·ble
ˌənˈôlt(ə)rəbəl/Submit
adjective
not able to be changed.