Prevent a Non-admin user from Modifying Admin user accounts



  • Hi,

    I created a group and gave it the set of User Manager related permissions. Then I created new users and associated them to that group. I've tested one of these accounts and I noticed that it can modify the accounts of users who belong to the admin group and even the default Admin account.

    What I would like to do is to prevent a non-admin  user (does not belong to the admin group) from modifying any object that are associated with admin users e.g. their user accounts, admin group and permissions. Another example is that, I would like to prevent a non-admin user who has a User Manager permission from creating a new user and assigning it to the admin group.

    How can I do this? I'm thinking if I have access to the source code for the User Manager pages, I can modify them to incorporate these requirements. Is this possible?

    Thanks!



  • Hi,

    Let me share my progress. I've managed to modify the relevant source to incorporate my requirements.
    I have changed only 1 file so far. I hope it's enough. The overall structure/organization of the this software is really good and it helped me a lot in doing do what I needed to do.

    Thanks pfSense Team!



  • I know this is an old thread, but you did exactly what I am trying to do - what file did you need to modify?  I was trying to create my own "version" for the System -> User Manager menu item, but so far have failed to make it work.  Any help would be greatly appreciated!!


Log in to reply