Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum
Apps | Demo | Docs | Install

Feature request: Optionally restrict user profile editing

Scheduled Pinned Locked Moved Discuss
usermanagement
4 Posts 3 Posters 209 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • jimcavoliJ Offline
    jimcavoliJ Offline
    jimcavoli App Dev
    wrote on last edited by girish
    #1

    Especially when operating in business environments, I tend to want to force users' primary email address to be their "official" email address and only have it be editable by administrators, as well as ensuring that they keep their actual name set as their name. Currently, there's no way to restrict users to only be able to change their password recovery email address and not the other fields - it would be very useful for these types of deployments if there were settings available to turn off the ability of users to self-edit certain field(s) of their profile.

    1 Reply Last reply
    1
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #2

    That sounds like an important use-case indeed and goes into a whole field of more fine-grained control over what users can and cannot do. So far we have tried to not overcomplicate the access control settings, but we are open to small useful adjustments. Given that Cloudron has a special permissions group, the admins and then simply the rest of the other users, would it be sufficient for your use-case to have an admin setting to prevent non-admins from changing their own profile? And if so, what fields should be protected?

    From your list, restricted fields should be:

    • display name
    • primary email

    Non-restricted ones are like:

    • password
    • recovery email

    Is this what you had in mind or are we missing some? (For example forcing users to use 2fa)

    jimcavoliJ 1 Reply Last reply
    0
  • jimcavoliJ Offline
    jimcavoliJ Offline
    jimcavoli App Dev
    replied to nebulon on last edited by
    #3

    @nebulon That's exactly what I had in mind; just keeping non-admins out of the fields you listed. Anything more advanced, like forcing 2FA or allowing app installation or email administration on certain domain(s) would all be cool, but I get that it becomes a more advanced permission system build-out, so I wouldn't consider it in-scope for this ask - the simpler case covers 90% of my headaches.

    1 Reply Last reply
    0
  • W Offline
    W Offline
    williamgomes Banned
    wrote on last edited by girish
    #4

    @nebulon said in Feature request: Optionally restrict user profile editing:

    That sounds like an important use-case indeed and goes into a whole field of more fine-grained control over what users can and cannot do. So far we have tried to not overcomplicate the access control settings, but we are open to small useful adjustments. Given that Cloudron has a special permissions group, the admins and then simply the rest of the other users, would it be sufficient for your use-case to have an admin setting to prevent non-admins from changing their own profile? And if so, what fields should be protected?

    agreed!!

    1 Reply Last reply
    0

  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login
  • Don't have an account? Register
  • Login or register to search.