Security Issue: Inactivating a User
We have a security issue that I hope can be addressed. We need to give someone the ability to inactivate a user without giving them extensive access throughout CSuite. This is necessary for immediate off-boarding. Right now, the only way to provide the ability to inactivate someone is to give them Edit permission on Users. Once you have that permission, you can add anyone to groups, sufficient enough to give almost anyone system-wide permissions. That’s sensitive and dangerous. We just want to give someone the ability to do user maintenance functions, such as resetting a password, unlocking a user, or inactivating one, as mentioned, without further permissions. In our case, we have a third-party IT group supplementing our support, so it is an important need.
Joel Schwartz
shared this idea
Hello,
Thanks for your time in the idea lab. This message is to let you know we are going to archive this idea based on the level of engagement in comparison to other idea lab items. The reason we do this is to keep the Idea Lab clean and up to date based on feedback from clients like yourself. Keep in mind this idea may exist somewhere else in the Idea Lab, a quick search may give you a similar idea with higher engagement. Also, feel free to recreate this idea if you would like to, and keep in mind specific wording can help people find and vote for your idea.
If you have any questions, issues or concerns please let us know!
Thank you
-
Sara Marsowicz
commented
I agree! I would love it if permissions could be defined by user , and not just user group.