On Delegating Role Delegation
I've been working through building a site with one of my pastors to replace our church's dated Drupal 5 site. Early on, I talked him through the process of figuring out what kinds of content he new site would include and how users should interact with that content. This forced him to define what I would implement as node types, user roles, and a handful of flags, Views, and who knows what else.
While the site develops, I want him to have the freedom to setup members of the church as content creators and site administrators without having to ping me every time a new user needs a role. Unfortunately, to give him that ability, I'd have to give him the permission to administer all user permissions. In other words, I'd be introducing clutter for any other site administrators (who really don't need to know what "permissions" are in Drupal speak) and the possibility that someone might grant unsafe permissions to users without me knowing about it.
I quickly imagined a module that would include a single permission along the lines of "grant users roles" and put the role element on user edit forms just like it would appear for users with "administer permissions." I was about to look for the form code in the user module when my Spidey sense started to tingle. A quick search turned up the Role Delegation module. It does exactly what I needed... no more, no less. Happy day! I recommend its use to anyone with a similar need, and I'd loooove to see this permission included in Drupal 8.
Kudos to David Lesieur for a handy utility module that makes it easier for site builders to empower site administrators without overwhelming them or introducing a security weakness.