Site admins can remove super admins from a site

[johnbillion]

Pretty much what the title says. In multisite, a site administrator can remove a super admin from their site. I don't think this is desirable. A regular admin should not be able to change a super admin's access rights.

[scribu]

A super admin has access to all sites, no matter if he has ab=n actual role on that site.

The problem is that get_blogs_of_user() doesn't return all the blogs when it's called for a super-admin.

[nacin]

I don't think get_blogs_of_user() should return all blogs for a super admin. It should only return those that are explicit. I don't have a problem with admins being able to remove a super admin, either.

If you want to prevent this, it's pretty easy to hook into the promote_user meta cap.

[wonderboymusic]

Nacin marked this "close" 10 months ago, no comments since.