Multisite. Ability for Administrators to edit user info. #2574
Labels
feature
New features or functionality
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now on multisites only super admins can update a user's info. This is a security feature and protect's against this attack:
User A is and administrator on only subsite A
User B is a user (of any role) of subsite A and subsite B
User A changes user B's password and now has access to subsite B
By default the current security implementation is good. Some multisites aren't set up in away that needs this security and we'd like the administrator or user manager to be able to help users set their passwords and change this email address.
The feature:
Build a setting or way to modify the a role to give Administrators the ability to edit users on a multisite.
This user should not be able to update super admin users.
This user should not be able to update users who are not on the subsite they are one.
This could be just an extra UI on the user management section on the front end.
A super admin would have to enable this feature.
The text was updated successfully, but these errors were encountered: