-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Temporary Admin Access #4491
Comments
Removed the Contribution Day label at this time. The repo required for this content is not live yet for open source contribution. |
Closing issue and moving to the new MerchDocs repo. The repository and contribution submissions for the Magento Merchant content (User Guide) will be available at a later date. Thank you! |
What is the issue number in the new repo? I couldn't find any issues in there. |
@lfolco, the new repo is still private at the moment. Cc: @leslietilling to comment on how to track this going forward. |
Created issue at 2019 Imagine Contribution Day. This will move to Merchdocs when that repo is ready.
New feature request
At Imagine 2019 Contribution Day, there is a Security issue for creating options and code for configuring temp admin access. Merchants sometimes create accounts for extension developers/partners/etc to access and test issues. They may forget to delete the account, leaving it as a potential access point if the credentials are simple.
Description
Content in Admin:
Create User.
Admin can set expiration date on user acct.
CRON job runs every hour looking for active expired accounts.
If one is found, removes the date and sets as inactive.
If you edit the user account in the Admin, the status is inactive without an expiration date.
To reuse, the account can be set "active" with a new expiration date.
Issue magento/magento2#22833
PR magento/magento2#22837
Expected result
Benefits
Possible solutions
Additional information
The text was updated successfully, but these errors were encountered: