Community Wishlist Survey 2019/Admins and patrollers/Allow De-Privileged logons to webui

Allow De-Privileged logons to webui

  • Problem: Currently privileged users must maintain multiple user accounts when wanting to log on with lesser access.
  • Who would benefit: Any privileged user, especially highly privileged users such as admins, interface editors, stewards
  • Proposed solution: Allow users to create sub-identities similar to Special:BotPasswords with different access grants, that allow interactive logon.
  • More comments: This will allow users that want to log on with less access (for example from mobile devices, from less trusted devices, or just to test things) to do so without having to maintain multiple accounts, with possibility of not requiring 2FA if otherwise enabled for sub-identities.
  • Phabricator tickets: T153454
  • Proposer: — xaosflux Talk 14:59, 8 November 2018 (UTC)


  • I think having two accounts with different privileges is a much easier concept to explain and understand than one account that has different privileges depending on which password you put in. Multiple accounts seems like a much simpler solution to the problem and it's also a solution that already exists. I don't think this wish is a bad idea per se, but personally I'd rather see Community Tech focus their limited resources on problems that do not have fairly workable solutions already. --Deskana (talk) 16:28, 9 November 2018 (UTC)
Single accounts already do get different privileges depending on the credentials used with BotPassword and OAuth, however they are limited to the API instead of the WebUI. Keep in mind, this would not prevent the existing method of creating all the accounts someone wants. — xaosflux Talk 20:24, 9 November 2018 (UTC)
Noted, but I believe my general point about prioritisation stands. --Deskana (talk) 21:53, 9 November 2018 (UTC)
  • Nice idea, but I wonder if the admins will use it. I sort of doubt it. — Jeblad 08:54, 18 November 2018 (UTC)
  • Some things to keep in mind: if/once this is implemented, would there be a window for users with multiple accounts to merge their contributions? And if/once those mergers are complete, should we amend the relevant policy as to disallow users having separate accounts (as opposed to using this feature)? Rehman 02:18, 20 November 2018 (UTC)
  • Actually like this idea a lot. The best way to implement it is to have the user always login without privileges. When he/she need admin permission, he would click on a button, may be get prompted for password and then his/her privileges are elevated. 15 minutes later, they fall back to normal privileges. See how Atlassian have implemented it for example in Jira —The preceding unsigned comment was added by Wk muriithi (talk) 13:48, 24 November 2018 (UTC)
  • Security measures that you allow will always have a tiny fraction of the impact of security measures that you require. It will be used by the most security-conscious users, who have strong unique passwords and good account security and thus aren't an easy target anyway. Unless you are ready to make this required, and to acutally enforce it by software (and I don't see how that would work), it's just not a good use of time. Something along the lines of what Wk muriithi said (make all logins de-privileged, and require a temporary elevation) makes more sense, and actually we are sort of doing it already for some very limited things (like password change), but figuring out how to do it without crippling the productivity of privileged users is not easy. --Tgr (talk) 04:00, 25 November 2018 (UTC)


  •   Support as proposer. — xaosflux Talk 20:19, 16 November 2018 (UTC)
  •   Support Dolotta (talk) 01:05, 17 November 2018 (UTC)
  •   Support Hell yeah — regards, Revi 02:05, 17 November 2018 (UTC)
  •   Support Liuxinyu970226 (talk) 03:33, 17 November 2018 (UTC)
  •   Support Kpgjhpjm (talk) 04:08, 17 November 2018 (UTC)
  •   Support Hiàn (talk) 04:46, 17 November 2018 (UTC)
  •   Support FF-11 (talk) 09:46, 17 November 2018 (UTC)
  •   Support Jo-Jo Eumerus (talk, contributions) 10:00, 17 November 2018 (UTC)
  •   Support Patriccck (talk) 10:35, 17 November 2018 (UTC)
  •   Support --Alaa :)..! 10:36, 17 November 2018 (UTC)
  •   SupportThanks for the fish! talkcontribs 19:53, 17 November 2018 (UTC)
  •   Support Sebastian Wallroth (talk) 10:33, 18 November 2018 (UTC)
  •   Support Would go nicely with the marginally-related phab:T199118. ~ Amory (utc) 11:27, 18 November 2018 (UTC)
  •   Support stwalkerster (talk) 17:01, 18 November 2018 (UTC)
  •   Support — Draceane talkcontrib. 17:29, 18 November 2018 (UTC)
  •   Support And we should be able to test the Visual Editor even when we had chosen the wikicode (on some wikis the second modification tab is absent so we have to choose one the first time). JackPotte (talk) 19:42, 18 November 2018 (UTC)
  •   Support --Wargo (talk) 20:57, 18 November 2018 (UTC)
  •   Support Don't know if I'd use it personally, but it seems like a good idea. Kudpung (talk) 08:59, 19 November 2018 (UTC)
  •   Support I have often had problems in other platforms that were difficult to resolve because the person trying to help me was too privileged to see the problem, or I was the one who was too privileged to see the problem. This is a sound concept for all computing environments. Jc3s5h (talk) 11:00, 19 November 2018 (UTC)
  •   Support Martin Urbanec (talk) 14:01, 19 November 2018 (UTC)
  •   Support Katietalk 16:36, 19 November 2018 (UTC)
  •   Support. It would take away the headache of having to maintain multiple accounts for different uses (editing from home, editing from office, editing from unsafe network), and would also reduce the opacity of certain users (i.e. admins) reviewing editors owning multiple accounts. Rehman 02:18, 20 November 2018 (UTC)
  •   Support Edgars2007 (talk) 18:40, 20 November 2018 (UTC)
  •   Support Novak Watchmen (talk) 22:59, 20 November 2018 (UTC)
  •   Support Vulphere 06:15, 21 November 2018 (UTC)
  •   Support Arian Talk 18:27, 21 November 2018 (UTC)
  •   Support Framawiki (talk) 19:34, 21 November 2018 (UTC)
  •   Support Nihlus 22:09, 21 November 2018 (UTC)
  •   Support Good idea! YaganZ (talk) 23:46, 22 November 2018 (UTC)
  •   Support MisterSynergy (talk) 10:19, 23 November 2018 (UTC)
  •   Support ~Cybularny Speak? 15:43, 23 November 2018 (UTC)
  •   Support Nice idea, adopt the sudo strategy so that it get wide usage. William —The preceding unsigned comment was added by Wk muriithi (talk) 13:59, 24 November 2018 (UTC)
  •   Support Arne (Amjaabc) (talk) 08:40, 25 November 2018 (UTC)
  •   Support IKhitron (talk) 19:21, 25 November 2018 (UTC)
  •   Support Ranjithsiji (talk) 22:35, 25 November 2018 (UTC)
  •   Support This would be great for the more security conscious among us. — AfroThundr (u · t · c) 01:02, 26 November 2018 (UTC)
  •   Support Daniel Case (talk) 03:58, 26 November 2018 (UTC)
  •   Support Dreamy Jazz (talk) 12:05, 27 November 2018 (UTC)
  •   Support Nemo 22:23, 27 November 2018 (UTC)
  •   Support Ahm masum (talk) 21:17, 28 November 2018 (UTC)
  •   Support Courcelles 15:44, 29 November 2018 (UTC)
  •   Support Tacsipacsi (talk) 20:03, 29 November 2018 (UTC)
  •   Support I do use 2FA, and would absolutely prefer the proposed setup. Xymmax (talk) 04:18, 30 November 2018 (UTC)