Yes, I read the help section. Seems simple enough, but it just doesn't work as I understand it should.

I need to create a login that will be used by many people (press contacts), and I don't want them to be able to change any of the account details.

Here is what I tried:
I installed User Protect.
I created a user called "press".
I added the user "press" to the protected users list in User Protect.
I checked all the boxes - but when logged in as press, all details could still be edited.
I tried checking only the "all account edits" box - but when logged in as press, all details could still be edited.
I read the directions three times - no more luck

What am I missing? Besides sleep....

Comments

hunmonk’s picture

Priority: Critical » Normal
Status: Active » Fixed

userprotect is specifically designed to allow users to edit their own information by default. try disabling these userprotect permissions:
change own e-mail
change own password

for username, you need to disable the 'change own username' permission, which is a part of user module.

GreenStage’s picture

thanks hummonk. Those suggestions solved some of my issues....

BUt, this only disables the ability to edit username and password, but these users can still access "My Account" where they can change Comment, Contact, and Locale settings. I would prefer for them to not have access to "My Account" link at all. I've seen other posts that suggest disabling My Account in the php, but I do still have users who need access.

Am I missing something?

hunmonk’s picture

i've given all that this module can do. you'll have to look elsewhere if you want the account to be more locked down.

GreenStage’s picture

The module page says that it protects "all edits (any accessed via user/X/edit)", but I cannot get that to work.

If only SOME of the info edited from user/x/edit can be locked down, fine, just let me know. If on the other hand, it can actually protect "all edits (any accessed via user/X/edit)", then please tell me how.

Thanks!

hunmonk’s picture

a user editing their own account is a special case. userprotect was designed to provide limited access control to user admins, _not_ to take away all editing privileges from a user editing their own account.

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.