Hi all. I am trying to achieve a feature where a user is allowed to change ONLY his/her own name. If I check off the “Update user” under Permissions" and the “Account/Roles” section on the group the user is registered under, it works. However, that will also give the same user the capability to change any other user. How to achieve this without elevating this users rights?
I am doing this without using any service.
Any feedback is appreciated
Hi Emma and thank you for this. Its possible that I am missing something here, but the user object does not seem to be available in the “Object Classes” permissions?
Note that a user can update their own name without any additional permissions. From the documentation:
A user does not require any special permissions to update their own first name, last name and phone number.
To update another user, the user requires the permission Update User. In addition, the user needs permission to update a user in each role that they are assigned under Update User in Role.
To solve this case the user will need a role with the “Update User” permission granted. This will allow them to update their own user account, but alone won’t let them update other user accounts. For a role to be able to update other user accounts, it also needs the permission “Update User in Role [Role Name]“. So the fear of a user being able to edit other users is only relevant if their role also has the extra permission to update users in a given role.