I'm using the Members plug-in to change WordPress' default Roles / Permissions.
I want to give Editors the ability to add new users and edit the details of existing users. It's pretty obvious that I just give them the
edit_users and either
add_users (that's not the issue)...but I only want to give them this ability if the roles they can give are only Editor and below roles.
As I'm sure many WordPress developers are aware, there's not much between an Editor and Author; most differences in capabilities are that Editors can edit other posts (inc. switch authors). Adding these User capabilities seems logical, but only if they can't self-promote
I trust my Editor, and I trust the staff he's also giving Editor status...but I only trust them with the capabilities that the Editor gives them. If I don't lock down this self-promotion, they could very well make themselves Admins and do some major damage.
I base this concern on a previous project where I temporarily promoted a user, only to find him meddling with Appearance, Settings and Plugins. I had WP-DBManager running a daily back-up every evening, so he did minimal damage, but I'd like to avoid the scenario in the future.