Temporary Admin Access #4491
Comments
lorikrell
added
the
Contribution Day
erikmarr
added
the
Waiting for Response
lorikrell
removed
the
Contribution Day
|
Removed the Contribution Day label at this time. The repo required for this content is not live yet for open source contribution. |
|
Closing issue and moving to the new MerchDocs repo. The repository and contribution submissions for the Magento Merchant content (User Guide) will be available at a later date. Thank you! |
|
What is the issue number in the new repo? I couldn't find any issues in there. |
|
@lfolco, the new repo is still private at the moment. Cc: @leslietilling to comment on how to track this going forward. |
hguthrie
removed
the
Waiting for Response
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Created issue at 2019 Imagine Contribution Day. This will move to Merchdocs when that repo is ready.
New feature request
At Imagine 2019 Contribution Day, there is a Security issue for creating options and code for configuring temp admin access. Merchants sometimes create accounts for extension developers/partners/etc to access and test issues. They may forget to delete the account, leaving it as a potential access point if the credentials are simple.
Description
Content in Admin:
Create User.
Admin can set expiration date on user acct.
CRON job runs every hour looking for active expired accounts.
If one is found, removes the date and sets as inactive.
If you edit the user account in the Admin, the status is inactive without an expiration date.
To reuse, the account can be set "active" with a new expiration date.
Issue magento/magento2#22833
PR magento/magento2#22837
Expected result
Benefits
Possible solutions
Additional information
The text was updated successfully, but these errors were encountered: