Idea ID: 2689857

Setting users can only manage their own passwords, and cannot manage passwords of other users

Status : Declined
over 1 year ago

Dear All,

After OO10.X, users cannot manage their passwords reasonably.


For example, users' passwords can be managed via "Manage Security Configuration" Permission.
1. Have "Manage Security Configuration" permission
Users can change their own and other user's passwords, which is not safe for other users.

2. No "Manage Security Configuration" permission
Users cannot change their own passwords, passwords can only be changed by users who have "Manage Security Configuration" permission, and users lose the right to set their own passwords.

In the 9.X version, there is no such restriction, so the customer hopes that after 10.X, the management of the user password can be more friendly, and the user can change his or her own password without changing other users' password.

 

Thanks,
Tian

  • Some legacy features should have been provided as they were basic user management related. Particularly in larger deployments.

    Hopefully as stated it will be addressed in upcoming releases.

  • Given the low community support on this idea we are declining it for now.

    The user management experience will evolve in the next releases to a new solution that will address also these concerns.

  • Changing status to Waiting for Votes to get community feedback

  • Dears,I think this is a very important feature about security.

    Could anyone can check this request.

    Thanks

  • Yes, I agree!  So much in 10.x has now gone to an all or nothing permissions type model that is completely changing everything in a bad way.  Users/Customers can no longer control many of the aspects they used to be able to in 9.x and it is causing more and more admin overhead for everyone!

    Please make things as granular as they were in 9.x so we can hand over much of the administration tasks back to the groups where it belongs.