Restrict Group Access to one User Login Account
|
View:
New views
20 Messages
—
Rating Filter:
Alert me
|
| < Prev | 1 - 2 | Next > |
 |
Restrict Group Access to one User Login Account
by Holly Ferree
::
Rate this Message:
Hi All,
I work for a college (drupal 6). They want all of the nursing students to be able to login using the same username and password that will allow them to access only nursing tagged content (video pages). I got the access issue to work with tac-lite. But have had no luck in researching my problem. My problem is: How do I restrict a username (ex. Nursing) from accessing the user/(number)/edit and going to the Account Information section where they can change the email and reset the password? I don't want one student to be able to block out 100+ fellow students. That just seems like asking for trouble. Thanks, Holly Ferree PS On a related note...Is there a good module to play movie files or do I even need one with Drupal 6? _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Shai Gluskin-2
::
Rate this Message:
Holly,
The whole idea is asking for trouble. I don't even want to think about how to answer this question because this is such a bad idea. I'd tell the folks that Drupal simply doesn't do this. Maybe a single userid/pw can be encoded into the video files themselves? Is the video file being streamed from your site or a third party service? I'm sure someone else will have an idea how to help. But I'd recommend against ideas that get Drupal itself to hide the account page for a logged in user. Among other bad consequences, you'd be defeating a huge amount of Drupal functionality and crippling the site for future use-cases. Shai On Thu, Oct 8, 2009 at 11:11 AM, Holly Ferree <hferree@...> wrote: Hi All, _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Bhavin Joshi
::
Rate this Message:
>
> My problem is: > > How do I restrict a username (ex. Nursing) from accessing the > user/(number)/edit and going to the Account Information section where they > can change the email and reset the password? I don't want one student to be > able to block out 100+ fellow students. That just seems like asking for > trouble. > Develop a custom module and write down hook_menu_alter() Here, you have to sett access_arguments such that no user but the admin, can view/edit user profiles Regards. -- Bhavin H. Joshi Mobile: +91 999 886 0979 Skype: bhavinjoshi19 http://joshics.in Portfolio: http://sites.google.com/site/bhavinhjoshi/portfolio [bhavinjosi.vcf] begin:vcard fn:Bhavin Joshi n:Joshi;Bhavin org:Joshi Consultancy Services adr:;;;Rajkot;Gujarat;360006;India email;internet:bhavinjosi@... title:Founder in Chief tel;cell:+91 999 886 0979 note:Skype/gtalk: bhavinjoshi19 x-mozilla-html:TRUE url:http://joshics.in version:2.1 end:vcard _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Michael Goldsmith
::
Rate this Message:
Some parts of this message have been removed.
Learn more about Nabble's security policy.
I tend to agree with Shai here. It’s not a great
practice by any stretch of the imagination. HOWEVER, I’ve never met
a bad idea that I didn’t like. How about setting up a script to run
on cron to periodically change the email and password back to what you want it to.
Or you can probably set up some kind of an action to do it, where whenever a
user gets edited, change the email and password to whatever you wanted.
So try as they might, every time they edit the user, the action runs. Just a thought. If I come up with anything else, I’ll
let you know. Thank you very much for your time and consideration, From:
consulting-bounces@... [mailto:consulting-bounces@...] On
Behalf Of Shai Gluskin Holly, On Thu, Oct 8, 2009 at 11:11 AM, Holly Ferree <hferree@...> wrote: Hi All, _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Sam Cohen-2
::
Rate this Message:
I actually had a client with the very same issue. They needed to have multiple people use the same login and didn't want any of them changing their password .
This module may do the job http://drupal.org/project/noreqnewpass It didn't for me -- I can't exactly recall why, but I think it was because I only needed it for one account -- but it was very easy to do this using the hook form alter in a custom module, where you first check for that form, and then for the user uid. If it's the account in question you just use the form api to lock the password field and through up a message explaining why -- or alternatively you could just redirect the user. Sam On Thu, Oct 8, 2009 at 11:29 AM, Shai Gluskin <shai@...> wrote: Holly, _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Brian Vuyk-2
::
Rate this Message:
Hacky, but...
Hide the form elements on the user form for that user with hook_form_alter. To stop the pesky bugger with Firebug, write a quick hook_user implementation to trigger on $op = 'update' to not allow the username, email, and password to be changed unless the logged in user making the change is an administrator. Brian Michael Goldsmith wrote: > > I tend to agree with Shai here. It’s not a great practice by any > stretch of the imagination. HOWEVER, I’ve never met a bad idea that I > didn’t like. How about setting up a script to run on cron to > periodically change the email and password back to what you want it > to. Or you can probably set up some kind of an action to do it, where > whenever a user gets edited, change the email and password to whatever > you wanted. So try as they might, every time they edit the user, the > action runs. > > Just a thought. If I come up with anything else, I’ll let you know. > > *Thank you very much for your time and consideration,* > > */Michael Goldsmith/* > /(732) 619-6865 - mobile/ > /ixlr8@... <mailto:ixlr8@...> - email/ > /http://www.platypustheory.com <http://www.ixlr8.org/> - website/ > > *From:* consulting-bounces@... > [mailto:consulting-bounces@...] *On Behalf Of *Shai Gluskin > *Sent:* Thursday, October 08, 2009 11:30 AM > *To:* A list for Drupal consultants and Drupal service/hosting providers > *Subject:* Re: [consulting] Restrict Group Access to one User Login > Account > > Holly, > > The whole idea is asking for trouble. > > I don't even want to think about how to answer this question because > this is such a bad idea. I'd tell the folks that Drupal simply doesn't > do this. > > Maybe a single userid/pw can be encoded into the video files themselves? > > Is the video file being streamed from your site or a third party service? > > I'm sure someone else will have an idea how to help. But I'd recommend > against ideas that get Drupal itself to hide the account page for a > logged in user. Among other bad consequences, you'd be defeating a > huge amount of Drupal functionality and crippling the site for future > use-cases. > > Shai > > On Thu, Oct 8, 2009 at 11:11 AM, Holly Ferree <hferree@... > <mailto:hferree@...>> wrote: > > Hi All, > > I work for a college (drupal 6). They want all of the nursing students > to be > able to login using the same username and password that will allow them to > access only nursing tagged content (video pages). I got the access > issue to > work with tac-lite. But have had no luck in researching my problem. > > My problem is: > > How do I restrict a username (ex. Nursing) from accessing the > user/(number)/edit and going to the Account Information section where they > can change the email and reset the password? I don't want one student > to be > able to block out 100+ fellow students. That just seems like asking for > trouble. > > Thanks, > Holly Ferree > > PS On a related note...Is there a good module to play movie files or do I > even need one with Drupal 6? > > > _______________________________________________ > consulting mailing list > consulting@... <mailto:consulting@...> > http://lists.drupal.org/mailman/listinfo/consulting > > ------------------------------------------------------------------------ > > _______________________________________________ > consulting mailing list > consulting@... > http://lists.drupal.org/mailman/listinfo/consulting > _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Greg Knaddison - GVS
::
Rate this Message:
On Thu, Oct 8, 2009 at 9:45 AM, Sam Cohen <sam@...> wrote:
> I actually had a client with the very same issue. They needed to have > multiple people use the same login and didn't want any of them changing > their password . This seems backward to me and I think this is the root of the concern that Shai and some others have expressed. Rather than sharing an account among 100 people why not have 100 accounts for them and let them share a single "Nursing" role? Regards, Greg -- Greg Knaddison | 303-800-5623 | http://growingventuresolutions.com Cracking Drupal - Learn to protect your Drupal site from hackers Now available from Wiley http://crackingdrupal.com _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Greg Knaddison - GVS
::
Rate this Message:
On Thu, Oct 8, 2009 at 9:46 AM, Brian Vuyk <brian@...> wrote:
> Hacky, but... > > Hide the form elements on the user form for that user with hook_form_alter. > Sounds good. > To stop the pesky bugger with Firebug, write a quick hook_user > implementation to trigger on $op = 'update' to not allow the username, > email, and password to be changed unless the logged in user making the > change is an administrator. The Form API protects against so-called semantic forgeries, unless the site has some other way to edit users beside the main user form or has an improper use of $_POST variables. I suggest you try adding a form field or a select option and see if it works - if it does, mail security@... with the steps to repeat it because that's a vulnerability. Regards, Greg -- Greg Knaddison | 303-800-5623 | http://growingventuresolutions.com Cracking Drupal - Learn to protect your Drupal site from hackers Now available from Wiley http://crackingdrupal.com _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Shai Gluskin-2
::
Rate this Message:
This whole thread raises the issue of how we relate to our clients' bad ideas. It's their site and they are paying us, right?
But certainly if your client asked you to do something illegal you wouldn't do it. Are there other things you wouldn't do if your client asked you? Shai _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Sam Cohen-2
::
Rate this Message:
In my case the organization had very limited resources. They didn't have the time or resources to create an account for everyone or to have everyone create their own account and then for them to approve it. They just wanted to send out a username and password that a number of people can use.
While it's not ideal, I don't really see any big risk here. Especially if the account only has viewing permission and they can't edit anything. Though given the specific situation mentioned here, I wouldn't go about i that way. I'd probbaly suggest a simple custom page that doesn't require any access permissions and using Drupals user accounts. Just something simple that asks for a single password to view that one page. Sam On Thu, Oct 8, 2009 at 11:52 AM, Greg Knaddison <Greg@...> wrote:
_______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Matt Chapman-10
::
Rate this Message:
First, I also think to goal is a bad one, but I can see how it would
potentially be more work for the administration (or for the developer) to devise a means to authenticate each user as a nursing student. So to the point, I think the OP wanted to restrict the user edit form entirely, not just certain form fields. And IMO, presenting a form with no enabled fields is bad for UX. So the better solution is hook_menu_alter on ['user/%user_category/edit']['access callback'] etc... Docs: http://api.drupal.org/api/function/hook_menu_alter/6 http://api.drupal.org/api/function/user_menu/6 Don't forget to rebuild the menu cache after implementing this... -Matt Brian Vuyk wrote: > Hacky, but... > > Hide the form elements on the user form for that user with hook_form_alter. > > To stop the pesky bugger with Firebug, write a quick hook_user > implementation to trigger on $op = 'update' to not allow the username, > email, and password to be changed unless the logged in user making the > change is an administrator. > > Brian > > Michael Goldsmith wrote: > >> I tend to agree with Shai here. It’s not a great practice by any >> stretch of the imagination. HOWEVER, I’ve never met a bad idea that I >> didn’t like. How about setting up a script to run on cron to >> periodically change the email and password back to what you want it >> to. Or you can probably set up some kind of an action to do it, where >> whenever a user gets edited, change the email and password to whatever >> you wanted. So try as they might, every time they edit the user, the >> action runs. >> >> Just a thought. If I come up with anything else, I’ll let you know. >> >> *Thank you very much for your time and consideration,* >> >> */Michael Goldsmith/* >> /(732) 619-6865 - mobile/ >> /ixlr8@... <mailto:ixlr8@...> - email/ >> /http://www.platypustheory.com <http://www.ixlr8.org/> - website/ >> >> *From:* consulting-bounces@... >> [mailto:consulting-bounces@...] *On Behalf Of *Shai Gluskin >> *Sent:* Thursday, October 08, 2009 11:30 AM >> *To:* A list for Drupal consultants and Drupal service/hosting providers >> *Subject:* Re: [consulting] Restrict Group Access to one User Login >> Account >> >> Holly, >> >> The whole idea is asking for trouble. >> >> I don't even want to think about how to answer this question because >> this is such a bad idea. I'd tell the folks that Drupal simply doesn't >> do this. >> >> Maybe a single userid/pw can be encoded into the video files themselves? >> >> Is the video file being streamed from your site or a third party service? >> >> I'm sure someone else will have an idea how to help. But I'd recommend >> against ideas that get Drupal itself to hide the account page for a >> logged in user. Among other bad consequences, you'd be defeating a >> huge amount of Drupal functionality and crippling the site for future >> use-cases. >> >> Shai >> >> On Thu, Oct 8, 2009 at 11:11 AM, Holly Ferree <hferree@... >> <mailto:hferree@...>> wrote: >> >> Hi All, >> >> I work for a college (drupal 6). They want all of the nursing students >> to be >> able to login using the same username and password that will allow them to >> access only nursing tagged content (video pages). I got the access >> issue to >> work with tac-lite. But have had no luck in researching my problem. >> >> My problem is: >> >> How do I restrict a username (ex. Nursing) from accessing the >> user/(number)/edit and going to the Account Information section where they >> can change the email and reset the password? I don't want one student >> to be >> able to block out 100+ fellow students. That just seems like asking for >> trouble. >> >> Thanks, >> Holly Ferree >> >> PS On a related note...Is there a good module to play movie files or do I >> even need one with Drupal 6? >> >> >> _______________________________________________ >> consulting mailing list >> consulting@... <mailto:consulting@...> >> http://lists.drupal.org/mailman/listinfo/consulting >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> consulting mailing list >> consulting@... >> http://lists.drupal.org/mailman/listinfo/consulting >> >> > > _______________________________________________ > consulting mailing list > consulting@... > http://lists.drupal.org/mailman/listinfo/consulting > consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Eric Goldhagen-2
::
Rate this Message:
I have to agree with all the folks that think it's a terrible idea to share accounts. Maybe there is a way to do what is necessary without using a drupal login at all? I wonder if you could do what's necessary using .htaccess user/pass and url access restrictions for the content? this would give them what they want and not create such a huge potential for problems. --Eric At 9:12 AM -0700 10/8/09, Matt Chapman wrote: >First, I also think to goal is a bad one, but I can see how it would >potentially be more work for the administration (or for the developer) >to devise a means to authenticate each user as a nursing student. > >So to the point, I think the OP wanted to restrict the user edit form >entirely, not just certain form fields. And IMO, presenting a form with >no enabled fields is bad for UX. > >So the better solution is hook_menu_alter on >['user/%user_category/edit']['access callback'] etc... > >Docs: >http://api.drupal.org/api/function/hook_menu_alter/6 >http://api.drupal.org/api/function/user_menu/6 > >Don't forget to rebuild the menu cache after implementing this... > >-Matt > > > >Brian Vuyk wrote: >> Hacky, but... >> >> Hide the form elements on the user form for that user with hook_form_alter. >> >> To stop the pesky bugger with Firebug, write a quick hook_user >> implementation to trigger on $op = 'update' to not allow the username, >> email, and password to be changed unless the logged in user making the >> change is an administrator. >> >> Brian >> >> Michael Goldsmith wrote: >> >>> I tend to agree with Shai here. It¹s not a great practice by any >>> stretch of the imagination. HOWEVER, I¹ve never met a bad idea that I >>> didn¹t like. How about setting up a script to run on cron to >>> periodically change the email and password back to what you want it >>> to. Or you can probably set up some kind of an action to do it, where >>> whenever a user gets edited, change the email and password to whatever >>> you wanted. So try as they might, every time they edit the user, the >>> action runs. >>> >>> Just a thought. If I come up with anything else, I¹ll let you know. >>> >>> *Thank you very much for your time and consideration,* >>> >>> */Michael Goldsmith/* >>> /(732) 619-6865 - mobile/ >>> /ixlr8@... <mailto:ixlr8@...> - email/ >>> /http://www.platypustheory.com <http://www.ixlr8.org/> - website/ >>> >>> *From:* consulting-bounces@... >>> [mailto:consulting-bounces@...] *On Behalf Of *Shai Gluskin >>> *Sent:* Thursday, October 08, 2009 11:30 AM >>> *To:* A list for Drupal consultants and Drupal service/hosting providers >>> *Subject:* Re: [consulting] Restrict Group Access to one User Login >>> Account >>> >>> Holly, >>> >>> The whole idea is asking for trouble. >>> >>> I don't even want to think about how to answer this question because >>> this is such a bad idea. I'd tell the folks that Drupal simply doesn't >>> do this. >>> >>> Maybe a single userid/pw can be encoded into the video files themselves? >>> >>> Is the video file being streamed from your site or a third party service? >>> >>> I'm sure someone else will have an idea how to help. But I'd recommend >>> against ideas that get Drupal itself to hide the account page for a >>> logged in user. Among other bad consequences, you'd be defeating a >>> huge amount of Drupal functionality and crippling the site for future >>> use-cases. >>> >>> Shai >>> >>> On Thu, Oct 8, 2009 at 11:11 AM, Holly Ferree <hferree@... >>> <mailto:hferree@...>> wrote: >>> >>> Hi All, >>> >>> I work for a college (drupal 6). They want all of the nursing students >>> to be >>> able to login using the same username and password that will allow them to >>> access only nursing tagged content (video pages). I got the access >>> issue to >>> work with tac-lite. But have had no luck in researching my problem. >>> >>> My problem is: >>> >>> How do I restrict a username (ex. Nursing) from accessing the > >> user/(number)/edit and going to the Account Information section where they >>> can change the email and reset the password? I don't want one student >>> to be >>> able to block out 100+ fellow students. That just seems like asking for >>> trouble. >>> >>> Thanks, >>> Holly Ferree >>> >>> PS On a related note...Is there a good module to play movie files or do I >>> even need one with Drupal 6? >>> >>> >>> _______________________________________________ >>> consulting mailing list >>> consulting@... <mailto:consulting@...> >>> http://lists.drupal.org/mailman/listinfo/consulting >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> consulting mailing list >>> consulting@... >>> http://lists.drupal.org/mailman/listinfo/consulting >>> >>> >> >> _______________________________________________ >> consulting mailing list >> consulting@... >> http://lists.drupal.org/mailman/listinfo/consulting >> >_______________________________________________ >consulting mailing list >consulting@... >http://lists.drupal.org/mailman/listinfo/consulting -- ------------------------------------------------ | Openflows Community Technology Lab, Inc. | | Members of: the Mayfirst/Peoplelink Network | Local 1180, Communications Workers of America | | http://openflows.com | People are intelligent. Machines are tools. ------------------------------------------------ _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Sam Cohen-2
::
Rate this Message:
Shai asked "Are there other things you wouldn't do if your client asked you?"
I have often found that Drupal consultants tell clients something is a bad idea when they don't know how to do it, so I think clients are often wise to be skeptical of what their consultants tell them. That said, there are lots of really bad ideas I have been asked to implement, but I think you need to face it with humility, as sometimes a bad idea isn't that bad. Then again, often it is bad. An example is how many clients want all kinds of social media or forums that I know are not going to work -- mainly because they don't have the resources or time to make work. But I don't think its our place to refuse to put up, say, a forum if a client insists on it. Or even if something proposes a security risk -- like they refuse to pay for upgrades. As long as we tell them what the risks are, it is their site. Sam On Thu, Oct 8, 2009 at 12:03 PM, Shai Gluskin <shai@...> wrote: This whole thread raises the issue of how we relate to our clients' bad ideas. It's their site and they are paying us, right? _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Bill Fitzgerald
::
Rate this Message:
Greg Knaddison wrote:
> On Thu, Oct 8, 2009 at 9:45 AM, Sam Cohen <sam@...> wrote: >> I actually had a client with the very same issue. They needed to have >> multiple people use the same login and didn't want any of them changing >> their password . > > This seems backward to me and I think this is the root of the concern > that Shai and some others have expressed. Rather than sharing an > account among 100 people why not have 100 accounts for them and let > them share a single "Nursing" role? > why not put the site (and it could just as easily be a drupal site as a set of static html pages) inside a .htpasswd protected directory? Cheers, Bill _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Thund3r box
::
Rate this Message:
Is the entire site ONLY for nurses and affiliated folks, meaning, is it like an intranet? If so, you could restrict the entire site with the securesite module, which authenticates via HTTP Auth (http://drupal.org/project/securesite) then give the anonymous user any permissions a nurse user would need. Just a thought...
On Thu, Oct 8, 2009 at 8:11 AM, Holly Ferree <hferree@...> wrote: Hi All, _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
|
|
|
Re: Restrict Group Access to one User Login Account
by Brian Vuyk-2
::
Rate this Message:
I agree - if the accounts aren't meant to be personal, don't hold any
personal information, then where is the harm, other than it's not a use case most Drupal developers don't have in mind? One of my past clients had ~3000 users worldwide over ~10 departments. It was much easier for them to use 10 generic, per-department accounts to access various data than manage 3000 separate user accounts. Brian Sam Cohen wrote: > > On Thu, Oct 8, 2009 at 12:18 PM, Eric Goldhagen <eric@... > <mailto:eric@...>> wrote: > > > I have to agree with all the folks that think it's a terrible idea to > share accounts. > > > I don't get it. Maybe there's something I don't understand. Why is > it such a terrible idea to share accounts? It seems to me the risk > of something happening is next to nothing. I mean, I'm not advocating > it as a general practice, but I fail to see why it would be such a > problem or what types or risks it poses. > > Sam > > ------------------------------------------------------------------------ > > _______________________________________________ > consulting mailing list > consulting@... > http://lists.drupal.org/mailman/listinfo/consulting > _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Laura Scott-2
::
Rate this Message:
What happens when a nurse leaves the program and should no longer have
access? Change the password and tell 1000 people? Laura On Oct 8, 2009, at Thu 10/8/09 11:22am, Brian Vuyk wrote: > I agree - if the accounts aren't meant to be personal, don't hold any > personal information, then where is the harm, other than it's not a > use > case most Drupal developers don't have in mind? > > One of my past clients had ~3000 users worldwide over ~10 departments. > It was much easier for them to use 10 generic, per-department accounts > to access various data than manage 3000 separate user accounts. > > Brian > > Sam Cohen wrote: >> >> On Thu, Oct 8, 2009 at 12:18 PM, Eric Goldhagen <eric@... >> <mailto:eric@...>> wrote: >> >> >> I have to agree with all the folks that think it's a terrible >> idea to >> share accounts. >> >> >> I don't get it. Maybe there's something I don't understand. Why is >> it such a terrible idea to share accounts? It seems to me the risk >> of something happening is next to nothing. I mean, I'm not >> advocating >> it as a general practice, but I fail to see why it would be such a >> problem or what types or risks it poses. >> >> Sam >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> consulting mailing list >> consulting@... >> http://lists.drupal.org/mailman/listinfo/consulting >> > > _______________________________________________ > consulting mailing list > consulting@... > http://lists.drupal.org/mailman/listinfo/consulting _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Bhavin Joshi
::
Rate this Message:
Okay. Its done. Now, How can one differentiate between admin & normal user?
Separate username/password for directory access? why not with separate drupal accounts? Bill Fitzgerald wrote: > > This is my exact question as well -- If one account is needed/required, > why not put the site (and it could just as easily be a drupal site as a > set of static html pages) inside a .htpasswd protected directory? > > Cheers, > > Bill > _______________________________________________ > consulting mailing list > consulting@... > http://lists.drupal.org/mailman/listinfo/consulting > > -- Bhavin H. Joshi Mobile: +91 999 886 0979 Skype: bhavinjoshi19 http://joshics.in'>joshics.in Portfolio: http://sites.google.com/site/bhavinhjoshi/portfolio [bhavinjosi.vcf] begin:vcard fn:Bhavin Joshi n:Joshi;Bhavin org:Joshi Consultancy Services adr:;;;Rajkot;Gujarat;360006;India email;internet:bhavinjosi@... title:Founder in Chief tel;cell:+91 999 886 0979 note:Skype/gtalk: bhavinjoshi19 x-mozilla-html:TRUE url:http://joshics.in version:2.1 end:vcard _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
|
|
Re: Restrict Group Access to one User Login Account
by Brian Vuyk-2
::
Rate this Message:
Intranet.
No access once fired, in the particular case I mentioned. Brian Laura wrote: > What happens when a nurse leaves the program and should no longer have > access? Change the password and tell 1000 people? > > Laura > > On Oct 8, 2009, at Thu 10/8/09 11:22am, Brian Vuyk wrote: > > >> I agree - if the accounts aren't meant to be personal, don't hold any >> personal information, then where is the harm, other than it's not a >> use >> case most Drupal developers don't have in mind? >> >> One of my past clients had ~3000 users worldwide over ~10 departments. >> It was much easier for them to use 10 generic, per-department accounts >> to access various data than manage 3000 separate user accounts. >> >> Brian >> >> Sam Cohen wrote: >> >>> On Thu, Oct 8, 2009 at 12:18 PM, Eric Goldhagen <eric@... >>> <mailto:eric@...>> wrote: >>> >>> >>> I have to agree with all the folks that think it's a terrible >>> idea to >>> share accounts. >>> >>> >>> I don't get it. Maybe there's something I don't understand. Why is >>> it such a terrible idea to share accounts? It seems to me the risk >>> of something happening is next to nothing. I mean, I'm not >>> advocating >>> it as a general practice, but I fail to see why it would be such a >>> problem or what types or risks it poses. >>> >>> Sam >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> consulting mailing list >>> consulting@... >>> http://lists.drupal.org/mailman/listinfo/consulting >>> >>> >> _______________________________________________ >> consulting mailing list >> consulting@... >> http://lists.drupal.org/mailman/listinfo/consulting >> > > _______________________________________________ > consulting mailing list > consulting@... > http://lists.drupal.org/mailman/listinfo/consulting > _______________________________________________ consulting mailing list consulting@... http://lists.drupal.org/mailman/listinfo/consulting |
| < Prev | 1 - 2 | Next > |
| Free embeddable forum powered by Nabble | Forum Help |
