Feature request: Optionally restrict user profile editing

jimcavoli

Especially when operating in business environments, I tend to want to force users' primary email address to be their "official" email address and only have it be editable by administrators, as well as ensuring that they keep their actual name set as their name. Currently, there's no way to restrict users to only be able to change their password recovery email address and not the other fields - it would be very useful for these types of deployments if there were settings available to turn off the ability of users to self-edit certain field(s) of their profile.

nebulon

That sounds like an important use-case indeed and goes into a whole field of more fine-grained control over what users can and cannot do. So far we have tried to not overcomplicate the access control settings, but we are open to small useful adjustments. Given that Cloudron has a special permissions group, the admins and then simply the rest of the other users, would it be sufficient for your use-case to have an admin setting to prevent non-admins from changing their own profile? And if so, what fields should be protected?

From your list, restricted fields should be:

• display name
• primary email

Non-restricted ones are like:

• password
• recovery email

Is this what you had in mind or are we missing some? (For example forcing users to use 2fa)

jimcavoli

@nebulon That's exactly what I had in mind; just keeping non-admins out of the fields you listed. Anything more advanced, like forcing 2FA or allowing app installation or email administration on certain domain(s) would all be cool, but I get that it becomes a more advanced permission system build-out, so I wouldn't consider it in-scope for this ask - the simpler case covers 90% of my headaches.

williamgomes

@nebulon said in Feature request: Optionally restrict user profile editing:

That sounds like an important use-case indeed and goes into a whole field of more fine-grained control over what users can and cannot do. So far we have tried to not overcomplicate the access control settings, but we are open to small useful adjustments. Given that Cloudron has a special permissions group, the admins and then simply the rest of the other users, would it be sufficient for your use-case to have an admin setting to prevent non-admins from changing their own profile? And if so, what fields should be protected?

agreed!!