User creation available without any role selected

Hi,

I gave user creation to admin only. On user creation i always had administrator selected by default which was a security issue.

I created users/admin.yml with following options in order to prevent a admin create an other admin (update is always available).

options:
  create: false

Now admin is not available during user creation process for administrator.

Problem is, even if i don’t see anymore Admin in list i still can create administrator if i don’t select a role. The role radio is required but seems to already has admin value.

I don’t understand why admin is selected by default anyway. It’ a security issue my point of view. A default role should be the lower role. So why give admin role as default for all new users created by admin ?

Having no role selected is the quickest way to solve this issue.

may i bring this up again, as i am currently trying to solve a similar issue.

I read through the discussion in Setting default user role on creating in panel and also followed the argumentation given in Setting default user role and language on creating in panel · Issue #347 · getkirby/ideas · GitHub which i can follow … but … what if we start dialog with the given option (which seems to the users’ own role) and then store the latest option which is preselected when another user is created?