If a Non-Global Administrator is set to Manage Customers allowed (and Manage Customer Roles not permitted) in Access Control List. He is still able to set him to Global Administrators role in Customer Roles in Edit Customer Details.
My suggestion:
Only persons who has Manage Customer Roles permission allowed to open tab Customer Roles in Edit Customer Details
Global Administrators role will be stolen if a Non-Global Administrator has permission to Manage Customers
- 39
- 511
- 18/01/2011
- United States
Has anyone figured out a simple solution to protect the global administrator accounts from being changed (demoted) or users from adding themselves to the Global Admin group if they just have manage customer ACL access? We want some internal administrators to be able to manage customers/users for customer access, but not to change/add/remove admin rights of any sort for admin users.
Thanks!
Thanks!
- 39
- 511
- 18/01/2011
- United States
Thank you. I actually did check that post and probably should have followed up on that thread since it was more detailed. I also voted for the fix on the codeplex site. I was hoping someone in nopCommerce land had come up with a good work around at this point. I'm looking at a couple of options myself as this is a pretty critical issue for larger stores with many administrators.