in Drupal 6, how do i set permissions so that a given role may assign roles to other users, but not access the permissions page?

I'd like to allow "staff member" users to assign roles to other users, but not to change the permissions associated with any particular role.

ideally 开发者_如何学JAVAI'd like the master permissions table to only be accessible to user #1.

Is there something obvious that I'm missing? or do i have to find/write a module to handle this?

Sounds like Role Delegation fits the bill.

I ended up throwing:

<?php
  $items['admin/user/permissions']['access callback'] = FALSE;
?>

into a custom module, but Role Delegation + Role Expire should have done what i wanted :/