I am using Contribute 3.0
After setting myself as an administrator for a given
directory, I have no problem creating user roles and sending keys.
*** HOWEVER, anyone having write-access to the files in that
directory can set themselves up as administrators too -- thereby
bypassing whatever user roles I have given them.
I have set an administrator password as suggested in the
documentation, but this does not prevent the above problem. The web
site runs on a UNIX box.