MODX Community

Limited admin role

I need to create a role/policy which is essentially full admin but with protection to prevent my own admin account being editied or deleted and effectively blocking me out of the website.

I’m familiar with setting up ACLs but I’ve always struggled a little knowing what combination of permissions to choose in the policy. I’m following this guide: https://docs.modx.com/current/en/building-sites/client-proofing/security/security-tutorials/giving-a-user-manager-access

So far my solution would be to block access to any Roles, ACLs or User permissions but ideally I would like the new admin policy to have permission to add and edit users. Is this possible whilst still being able to protect my own admin account?

Hope this makes sense.
Thanks!

As far as I know if you give permissions to add and edit users then they will be able to edit your user.

If you deny them access_permissions permission, at least they won’t be able to change your permissions or theirs.

I think you could also create a plugin attached to OnBeforeUserFormSave that bails out if the user being edited is you and the current user is not you.