I was recently asked, at a networking meeting, whether I thought my clients should have administrator access to their CMS based website. I immediately replied “No”. This is because giving an inexperienced website owner admin rights is just inviting trouble. It is just too easy for them to break the site that I have spent hours, days, or weeks carefully constructing. They don’t mean to, it just happens. Even if they don’t break the site outright, they may unintentionally spoil the carefully thought out design of the site and, in the blink of an eye, change it from a think of beauty that is a pleasure to use, to an ugly nightmare that is no better than the millions of amateur home made sites that spoil the browsing experience every day.
By giving website owners and content publishers Editor permission, they can manage the content of the site safely without interfering with the carefully thought out and constructed design precepts.
In addition to protecting the website from accidental damage, it is also good practice to control who has admin rights in order to be able to trace who has done what to the site. An incidental benefit to the developer of limiting the website owner to Editor access is that this ties her in as a customer.
Going back to the question at the start of this discussion: as a developer, I stand by my original “No”, but as a consultant advising website owners, my advice would be the opposite. As owner of a website, you need to protect yourself against the risk of losing contact with your developer. Without access to the administrator role it will be very difficult to fix problems or transfer the site to another developer. As website owner, you should also ensure that you have access to file transfer (ftp) and hosting control panel credentials. Ideally, you should also have full access to the domain registration and DNS control panel, although this may be more difficult as, for many resellers, this would mean giving you the credentials for their entire reseller account, which of course would not be possible. At least make sure that your domain is registered in your own name and not that of your developer, which is all too often the case.
With regard to the conflict between your developer wanting to protect the site from accidental damage and owner needing to remove the risk of their developer disappearing, a reasonable compromise might be to give the website owner a user account with just Editor permission but to create an administrator account with credentials that are kept in a sealed envelope, only to be opened if the developer fails to provide the necessary services that require admin access.