You are not logged in.
Hi!
Just a question for security reasons:
Is it possible to delete the superadmin account with a tech account?
The tech user must be able to:
- add user
- change user
- delete user
Is it possible to change, add or delete a superadmin only from the superadmin account?
The tech user should not be able to change superuser password or add a new superuser or delete the superuser.
Thanks for the good work!
Greeting,
Mike
Offline
Hi Mastermixer,
You can change this in :
Administration -> Profiles -> Tech (or the profile you want to modifiy).
In the profile, go to "Administration". You will find a line named "Users" where you can allow or forbid updates, creation, deletions etc... of users.
Hope this will help you.
Pippo
GLPI 9.4.6 (additionalfields 1.10.3 + fusioninventory 9.4+2.4 + datainjection 2.7.1 + printtopdf 1.6.0) - PHP 7.4 - MySQL 8.0 Community InnoDB cluster (3 nodes - single primary) - All on CentOS 8
Offline
You can only delete profile with less rights than your profile
CentOS 6.5 - CentOS 7.x
PHP 5.6 - PHP 7.x - MySQL 5.6 - MariaDB 10.2 + APC + oOPcache
GLPI from 0.72 to dev version
Certifiée ITIL (ITV2F, ITILF, ITILOSA)
Offline
Hi Nelly,
First try: "tech - Root Entity (R)" user can delete a new created superuser with "superuser - Root Entity (R)" profile.
What means "less rights"? Which settings are responsible to decide "less"?
Thanks for your help.
Best regards,
Mike
Offline
glpi compares value of all rights for each profile.
Has your Tech profile right to manage profile?
CentOS 6.5 - CentOS 7.x
PHP 5.6 - PHP 7.x - MySQL 5.6 - MariaDB 10.2 + APC + oOPcache
GLPI from 0.72 to dev version
Certifiée ITIL (ITV2F, ITILF, ITILOSA)
Offline
No, the tech profile has no right to manage profiles.
The first five checkmarks and the add external are set for the administration (user).
The tech user is recursive (R).
Which settings are responsible next?
Thank you.
Best regards,
Mike
Offline
For your tech profile, don't allow right to delete user
CentOS 6.5 - CentOS 7.x
PHP 5.6 - PHP 7.x - MySQL 5.6 - MariaDB 10.2 + APC + oOPcache
GLPI from 0.72 to dev version
Certifiée ITIL (ITV2F, ITILF, ITILOSA)
Offline
Ok, this works and a tech user can only create users with a profile that has equal or less rights.
If a user has to be deleted, the team leader will do this with different rights (profile).
But in this case we have the same problem as before... this means, only superadmins should have the right to delete users?
Best regards,
Mike
Offline
For me, yes.
A superadmin profile should be given to very few people. The superadmin is the global manager of all the entity, it's not a technician.
CentOS 6.5 - CentOS 7.x
PHP 5.6 - PHP 7.x - MySQL 5.6 - MariaDB 10.2 + APC + oOPcache
GLPI from 0.72 to dev version
Certifiée ITIL (ITV2F, ITILF, ITILOSA)
Offline