hello , need help with using this module.
i protected every fileds in account except password and status field.
1.How to protect profile2's field.
2.How to allow user edit own password but not others , even they had permission 'administor user'.
thanks!

Comments

dzy’s picture

dzy CreditAttribution: dzy commented

1.everyone can edit own password.
2.by default no one can edit other's password even they had 'administor user' permission.
3.allow specify user can edit specify role's password.

MegaChriz’s picture

MegaChriz CreditAttribution: MegaChriz commented
Category: Feature request » Support request
Status: Active » Fixed
  1. How to protect profile2's field
    That is not covered by this module. You can try the Field permissions module.
  2. How to allow user edit own password but not others
    1. Enable password protection for the authenticated user role at /admin/config/people/userprotect/protected_roles.
    2. Ensure that "password" is enabled for every protected user at /admin/config/people/userprotect because user based protection rules override role based protection rules.
    3. Ensure the option "Auto-protect new users" is turned off or "password" is checked for the "User protection defaults" at /admin/config/people/userprotect/protection_defaults. The setting "Auto-protect new users" will create an user based protection rule for every newly created user and that will override any role based protection rules.
    4. Ensure "password" is turned off for "Administrator bypass defaults" at /admin/config/people/userprotect/protection_defaults. Any fields checked by the "Administrator bypass defaults" setting basically disables the protections for these fields.
    5. Give the authenticated user role the permission "change own password" at /admin/people/permissions
dzy’s picture

dzy CreditAttribution: dzy commented

Work great! thank you.
Now base on current settings how to let some role edit other specify role. like 'manager role can edit student's password'.
'administrator bypass' can let someuser do that, but not somerole.

MegaChriz’s picture

MegaChriz CreditAttribution: MegaChriz commented

User protect for Drupal 7 doesn't have a setting to bypass a protection rule for all users in a role (the Drupal 8 version has), you can only setup bypass rules per user.

You may want to try the Administer Users by Role module instead, though I'm not sure if this module offers the option to only limit edit access on passwords.

Note that you can not have User protect and Administer Users by Role installed at the same time. See also #2399729: Module is not compatible with userprotect.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.