Manual:Establishing a hierarchy of bureaucrats

It may be desirable to have a hierarchy of bureaucrats. That way, if one of them goes rogue, he will not be able to remove user rights from all other bureaucrats, unless he is of the highest rank. Bureaucrats can, thus, be given different ranks depending on how trustworthy they are deemed to be.

Ranking
Under this system, the ranks and powers are as follows:

Rationale
Especially on wikis that have low standards for promoting users to sysop (e.g. on some wikis, users can become sysop within days or hours of creating an account), some users might be trustworthy enough to be allowed to add and/or remove user rights from sysops (as long as these user rights actions are subject to being reversed by other bureaucrats, and as long as there are higher-ranking bureaucrats around who can strip him of his rank if he abuses his powers), but not trustworthy enough to have power to assume total control. This is especially important in situations in which the site owner may be absent for long periods, and not able to access the server to reverse the rogue bureaucrat's coup.

Alternative options
An alternative to this approach is to establish a system like Wikipedia's in which bureaucrats can add users to groups, but only stewards can remove users from groups. A drawback to this is that a rogue bureaucrat could still wreak havoc by adding a large number of unsuitable sysops, or a rogue sysop could wreak havoc by taking a large number of inappropriate sysop actions, before a steward has a chance to intervene. On a large site like Wikipedia that has high standards for promoting users to superuser status and many stewards, any of whom is likely available at any given moment, this is not such a problem. On smaller sites, or those with laxer standards for promoting users to superuser status, it could be an issue. A hierarchy enables a more precise calibration of user rights to trustworthiness and helps ensure that each level of superusers has plenty of oversight, without granting too many people expansive and unchecked powers over the wiki.

Procedure
There are a few subtleties involved in this process. For one, it is not enough to merely add the different levels of bureaucrats to Manual:$wgAddGroups and Manual:$wgRemoveGroups; a permission must also be set using Manual:$wgGroupPermissions before they will show up in Special:UserRights. In this example, the officers are all given the powers of sysops (established in DefaultSettings.php, and the four levels of bureaucrats are colonels, majors, captains, and lieutenants. Also, the code should be placed at the end of LocalSettings.php, after the  lines for extensions such as Renameuser or DeleteBatch, so that the code eliminating the bureaucrat group will not be overridden by their default group permissions.

Establish the new groups
Start by adding this code to the end of LocalSettings.php:

Only allow officers to belong to one user group in the hierarchy
If you want, hack /includes/specials/Specialuserrights.php to only allow officers to belong to one user group in the hierarchy. Once this has been done, if a user attempts to make a user rights change that would leave a user in more than one officer rank, it will return all checkboxes to their original settings and leave the status quo in place. You may to edit MediaWiki:Userrights-groups-help to notify users of this.

This code has been verified as working in MediaWiki 1.19. After setting  and   as shown above, insert some code into   so that it reads as follows:

MediaWiki:Userrights-groups-help
You may alter the groups this user is in:
 * A checked box means the user is in that group.
 * An unchecked box means the user is not in that group.
 * A * indicates that you cannot remove the group once you have added it, or vice versa.

You may not make a change that would leave a user in more than one officer rank.

Transfer permissions from bureaucrats to other groups
Take a look at your Special:UserGroupRights page and consider what rights, presently assigned to bureaucrats (e.g.,  , etc.) you want assigned to another group besides bureaucrat. Take care of that by adding the appropriate code to LocalSettings.php, e.g.:

Add users to the new groups, remove users from the bureaucrat group, and abolish the bureaucrat group
Login to your bureaucrat account, go to Special:UserRights, and add whatever users you want to be colonels, majors, captains, lieutenants, etc. to those groups. Then remove all the bureaucrats from the bureaucrat user group. Make sure you add yourself, or whoever is going to be in charge, to the colonel group before removing yourself from the bureaucrat group, or else you will have stripped yourself of the user rights permissions needed to finish the transition to the new hierarchy. One you are done with that, add this code to LocalSettings.php to abolish the bureaucrat group entirely:

If you end up with any stray bureaucrats still in the user_groups table, you can run this SQL query: