id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
16528,delete_users cap should distinguish roles,linuxologos,,"Extending the approach of #16501...

If a user (other than Admin) has the edit_users cap, he can edit only user accounts which currently are given a role theoretically lower than his own (that means for example, an Editor can edit only Authors/Contributors/Subscribers).

delete_users does not distinguish roles. If a user has this cap, he can delete *any* user account. This is very powerful and makes delete_users inflexible. Practically it can not be granted to any other than Admin (otherwise the Admin *could* be deleted).

I think it would be more useful, if it worked like edit_users, unless it must be kept so powerful for some reason.

Another approach associated with this has been mentioned too: #14460. I don't know which is better or whether they can coexist. ",enhancement,closed,normal,,Role/Capability,3.0,normal,invalid,,