You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now on multisites only super admins can update a user's info. This is a security feature and protect's against this attack:
User A is and administrator on only subsite A
User B is a user (of any role) of subsite A and subsite B
User A changes user B's password and now has access to subsite B
By default the current security implementation is good. Some multisites aren't set up in away that needs this security and we'd like the administrator or user manager to be able to help users set their passwords and change this email address.
The feature:
Build a setting or way to modify the a role to give Administrators the ability to edit users on a multisite.
This user should not be able to update super admin users.
This user should not be able to update users who are not on the subsite they are one.
This could be just an extra UI on the user management section on the front end.
A super admin would have to enable this feature.
The text was updated successfully, but these errors were encountered:
Right now on multisites only super admins can update a user's info. This is a security feature and protect's against this attack:
User A is and administrator on only subsite A
User B is a user (of any role) of subsite A and subsite B
User A changes user B's password and now has access to subsite B
By default the current security implementation is good. Some multisites aren't set up in away that needs this security and we'd like the administrator or user manager to be able to help users set their passwords and change this email address.
The feature:
Build a setting or way to modify the a role to give Administrators the ability to edit users on a multisite.
This user should not be able to update super admin users.
This user should not be able to update users who are not on the subsite they are one.
This could be just an extra UI on the user management section on the front end.
A super admin would have to enable this feature.
The text was updated successfully, but these errors were encountered: