Overview
The Back-office Access Restriction module allows to deny access to specific administration pages even for users with permission to access them. This module is intended to be installed on production sites so that some sensitive pages can no more be accessed. Such pages could be:
- Extend
- Extend > Uninstall
- People > Permissions
The typical use case is when user 1 is active and you don't want him/her to be able to change sensitive settings such as installed modules list, permissions/roles configuration...
This module has no configuration page. And it should not! It is intended for developers that will need to edit their services.yml file.
By default when enabling the module the Extend page will return a 403 response but you can define any other specific route by providing the backoffice_access_restriction.routes service parameter in the sites/default/services.yml file.
Example:
parameters:
backoffice_access_restriction.routes:
- system.modules_list
- system.modules_uninstall
- user.admin_permissionsCrédits
- Maintained by Romain JARRAUD (romainj).
Supporting organizations:
Project information
- Project categories: Administration tools, Security, Developer tools
- Created by romainj on , updated
Stable releases for this project are covered by the security advisory policy.
There are currently no supported stable releases.
