Last modified: 2011-03-13 18:04:30 UTC
The page Special:Userrights is used to assign critical privileges in the Wiki
like ''Sysop'' or ''Bureaucrat''. This requires being sure about the identity of
the person, whom privileges are assigned. Valuable information to do so is the
email address and the email confirmation status. A further hint but not reliable
is the ''real name''.
Unfortunately the page Special:Userrights does not show any of the necessary
information. This forces resorting to phpMyAdmin for checking the user.
Especially when administring sites with a more restrictive role concept, where
editing (and reading) privileges have to be specifically assigned to new readers
this is not acceptable.
Users' email addresses are considered private data, and are not revealed to other users.
Created attachment 2328 [details]
Dispaly real name, email address and email confirmation status in Special:Userrights
The appended patch shows the relevant information. It is using existing text
messages. It might be preferrable to create new messages instead of
'emailauthenticated' and 'emailnotauthenticated'.
(In reply to comment #1)
> Users' email addresses are considered private data, and are not revealed to
Special:Userrights can only be used by bureaucrats and not by any other users.
Assignment of userrights like 'bureaucrat' without any hint about the identity
is bound to ruin the Wiki.
doesn't appear to have ruined all wikis so far.
(In reply to comment #3)
> Special:Userrights can only be used by bureaucrats and not by any other users.
They also shouldn't see it, if the user doesn't want them to see it. Also, they
might use this page *only* to see the E-mail address, which is of course
> Assignment of userrights like 'bureaucrat' without any hint about the identity
> is bound to ruin the Wiki.
Send an E-mail to the user with some code, and if he replies with the code, you
can verify his identity. You shouldn't see his E-mail address unless he writes
it in his user page, or in any other place.