Masterjun3
commented
1 year ago Important to note that this is purely a visual bug!
The server properly checks it again, and throws away changes that are not authorized.
Good news: People can't grant more roles than they are allowed.
Bad news: People can take away every role.
As a Senior Moderator, I'm able to remove any existing role, including the Site Admin role, by either unchecking it or pressing the "x" next to it. Doesn't matter if I don't have permissions to set it in the first place.