Until it's fixed (which doesn't appear to be happening ) the best safe solution is probably to keep the ability to promote and demote a leader-only permission. If an officer wants to promote someone, they instead send a message to the leader nominating that person for promotion. It might be awkward for some groups (particularly if they have a leader who's only occasionally active and slow to respond to messages), but it's better than drastically cutting back all other permissions on the assumption they could go to anyone who exploits this flaw.