Max, I just tried on 5.79.0, and I can’t replicate the behavior. I made an administrator account, logged out as the owner, clicked the link to activate my new administrator, and added a member successfully from the members part of the dashboard. Caveat: This is a local install. It’s possible the behavior is different in production.
You might want to go ahead and upgrade to 5.79.0 (ghost update). If the problem disappears, great. If it doesn’t, you’ll be reporting a problem with the latest release, which is usually a good idea. :)
Can you inspect the network request and look at the body? That should tell you if the 403 is coming from Ghost or if there’s something else in your setup that’s causing it. Quite frequently we see Cloudflare or other security software put in front of a site which then incorrectly blocks requests.
I’m struggling to come up with an idea that breaks specifically this route and no others and that doesn’t also break it for the owner.
Just to confirm: Other admin functionality is fine? Change the theme? Add navigation?
And: can we rule out the possibility that this is some sort of browser security settings misbehavior? Does the problem persist on another device (or at least in another browser)?
Yes, all other functionalities can be edited and saved.
Browser is not the problem. Tried multiple devices and browser.
Can i somehow overwrite the permissions for admin only?
Just thinking… have you tested the classic clear cache, delete all cookies, try different browser/machine and re-login on ghost? There’s always the quantum flux thing where a bit gets flipped due to solar storms and black-swan events and related madness.
I spent 48 hrs trying to get a video to render - it would crash randomly until I ran it with the render-server case open and … it was a heating problem - got an industrial floor fan blowing into the case, and it rendered. Memorable event.