Restrict password change
1,070 sites
Security covered
This module restricts the ability to change other users' passwords, emails, or delete users. It adds a new permission to control who can change other users' passwords, ensuring that only administrators or users editing their own accounts can modify these sensitive details.
Sometimes we wanted to be able to allow some users to add other users, but not change any user's password.
This module:
- Adds a new permission 'change other users password'.
- When the user_profile_form is loaded it checks to see if the current user has the proper permission or if they are editing their own account, otherwise it removes the password change option.
- There would be no point restricting the ability to change a user's password if they can still change the user's e-mail address, this option is removed as well.
- This also removes the option to delete a user.
Credits
Currently maintained by Heissen Lopez (heilop). The initial development was by James Glasgow (jrglasgow).