Issue #6682 wontfix

Team creator/owner removed by another admin

Kevin Powick
created an issue

Currently, according to your support staff (see ticket BBS-2534), A repository owner that creates a Team can be removed from that team by another admin on that same Team.

IMO, this is a big flaw and should not be allowed. While it is important that one trusts whom they allow to be an Admin on their Team, the creator/owner of that Team should never be allowed to be removed by another Team admin.

The only way the owner/creator of a Team should be removed from that Team is if they explicitly do it themselves, or they transfer the Team to a new owner.

I hope that this suggested change can be made quickly, because I wouldn't want to risk losing access to my Team for any reason (disgruntled member, compromised member's account, etc.)

Regards,

Kevin Powick

Comments (6)

  1. Jesper Nøhr

    We do not currently distinguish between a teams creator and any other admin on that team. There also is no concept of a "super" admin.

    It's important to be able to remove other administrators from the team for similar reasons as you're stating. What if employee A created the team initially, left the company, and refused to remove themselves?

    It sounds like you might not want to leave everyone as administrators, but perhaps just as users who can create repositories.

  2. Kevin Powick reporter

    I'm not sure why my e-mail response to your initial comment did not get posted, so I'm adding here, via the web interface.

    Hi Jesper,

    I appreciate there is, not yet, any concept of a "super admin". However, the idea that one can be locked out of the team they created/own is strange. The owner should have super-admin status.

    JS: It's important to be able to remove other administrators from the team for similar reasons as you're stating. What if employee A created the team initially, left the company, and refused to remove themselves?

    No employer should allow such a situation to exist. The owner (employer) should always have supreme control over company assets. There are plenty of modern day examples of employers that made the mistake of not retaining control over IT assets such as servers, twitter accounts, etc. Repositories should be no different.

    In a less serious case, such as a few team members not being happy with the Team creator/owner, there shouldn't be anything stopping those people from forking the project and going at it on their own. This happens all the time with open source software projects. The project survives and the Team owner doesn't lose anything.

    JS: It sounds like you might not want to leave everyone as administrators, but perhaps just as users who can create repositories.

    I guess that is the only option right now. I still think it should change.

    Kevin Powick

  3. Log in to comment