Motivation
In some situations you may want to restrict which users passwords can be reset. Such as preventing password reset on administrators.
Original report by jbrauer
It would be outstanding if the request new password functionality was limited by user role. This would allow administrators to have configurations where roles with high levels of permissions need a different form of account recovery. Such a permission could go on the permissions page, though this has problems in 1) stating the permission as an additive permission and 2) requires visiting the permissions page on adding a new role. Perhaps a better approach would be on the Account Settings page to provide a section "prevent user password recovery for these roles: ".
Along with this would be a new type of message needed for users, the message to be displayed to users who cannot use password recovery so sites can direct them what to do.
Comments
Comment #1
fizk CreditAttribution: fizk commentedAssuming that you first need to login to gain a role other than Anonymous, why would you use the password reset feature if you could simply go to your account edit page and change your password there?
Comment #2
jbrauer CreditAttribution: jbrauer commentedA user in the system has a role associated with it. That role exists and is associated with the user regardless of their current login/logout state. It would be ideal to be able to block password reset attempts, say for site administrators, so that someone cannot get an admin login because of an email account being compromised.
Comment #3
fizk CreditAttribution: fizk commentedAh, ok. That would be nice.
Comment #4
jp.stacey CreditAttribution: jp.stacey commentedAs D8 has passed feature freeze, moving this to D9 for consideration.
Comment #5
catchComment #8
dpiBefore any progress is made on this it we should investigate whether this is possible to live in contrib.
I have rewritten the issue summary using the template. The original post is still available in the last subhead.
Comment #9
dpiComment #11
dpiReverted some of my IS edits, proposed resolution won't solve the issue.