Overview
The Back-office Access Restriction module allows to deny access to specific administration pages even for users with permission to access them. This module is intended to be installed on production sites so that some sensitive pages can no more be accessed. Such pages could be:
- Extend
- Extend > Uninstall
- People > Permissions
The typical use case is when user 1 is active and you don't want him/her to be able to change sensitive settings such as installed modules list, permissions/roles configuration...
This module has no configuration page. And it should not! It is intended for developers that will need to edit their services.yml
file.
By default when enabling the module the Extend page will return a 403 response but you can define any other specific route by providing the backoffice_access_restriction.routes
service parameter in the sites/default/services.yml
file.
Example:
parameters:
backoffice_access_restriction.routes:
- system.modules_list
- system.modules_uninstall
- user.admin_permissions
Crédits
- Maintained by Romain JARRAUD (romainj).
Project information
- Module categories: Administration Tools, Security, Developer Tools
- Created by romainj on , updated
- Stable releases for this project are covered by the security advisory policy.
There are currently no supported stable releases.