How to disable "password change" for selected users?

How to disable "password change" for selected users?

by Kai Niethammer -
Number of replies: 12

I have a couple of users that should not be allowed to change neither the password nor username/profile details.

I already followed the idea to create a separate role, based on authenticated user and set changeownpassword to Prohibit and also profile modification rights.

I assigned this role to the affected user, however this does not help. Assume it is because the user also automatically blows to authenticated users, who have these rights.

Any hint, how to solve this?

Average of ratings: -
In reply to Kai Niethammer

Re: How to disable "password change" for selected users?

by Giovanni Vosloo -
Hi Kai,

This is a very strange request. Any user on any system should change their own password. In fact, I think you might pic up some issues with GDPR with this one.

In any case, why is this required? Perhaps if we known the end goal we can assist better.
Average of ratings: -
In reply to Giovanni Vosloo

Re: How to disable "password change" for selected users?

by Kai Niethammer -
Hi Giovanni,
we would like to add a course to our platform, which is targeted to all parents. However we don't want to grant access too this content to any guest, but only to parents.
Thus we had the idea to create one generic account "parents" and share user credentials with the parent community.

Of course, the "user" shall not be able to change password and or any profile details.

This is what we would like to achieve
Average of ratings: -
In reply to Kai Niethammer

Re: How to disable "password change" for selected users?

by Giovanni Vosloo -
This does in a way seem viable. So here are my tips for doing this.

This must be on system level.
It needs to be a new role that you need to base on the "authenticated user".
You can start with a blank role and use the role pre-sets.
You then need to "REMOVE" the role from that user as normal authenticated user and add this new role on system level.
No overrides needed.
No roles changed

This should give you the desired outcome I believe.
Average of ratings: -
In reply to Kai Niethammer

Re: How to disable "password change" for selected users?

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Hello,

Please note that the role must be assigned as a system role (Site administration > Users > Permissions > Assign system roles). If you assign the role in a course category or as a course role, it won't work.

Average of ratings: -
In reply to Helen Foster

Re: How to disable "password change" for selected users?

by Kai Niethammer -
Thank you Helen.
Did this at system level. However, it does not have the desired effect. Assume this is caused by the additional role authenticated user which gets assigned by default to everyone, right?

Average of ratings: -
In reply to Kai Niethammer

Re: How to disable "password change" for selected users?

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Hmm, if the changeownpassword capability is set to Prohibit, then this should override it being set to Allow for the authenticated user role.

I just tried on the Moodle sandbox demo logging in as admin, creating a restricted user role, system context, with the changeownpassword capability prohibited. I then assigned the restricted user role to the student account then logged out and logged in again as the student. I checked my Preferences and found no option to change my password.

Can you think of anything different on your site which might affect things?

Average of ratings: -
In reply to Helen Foster

Re: How to disable "password change" for selected users?

by Kai Niethammer -
🤔 when you create the restricted user role, do you start with an empty role or do you select a role or archetype?
And do I have to make any settings in the allow overrides section?
Average of ratings: -
In reply to Kai Niethammer

Re: How to disable "password change" for selected users?

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

When I created the restricted user role, I started with no role. Nothing needed changing in the allow overrides section.

Average of ratings: -
In reply to Helen Foster

Re: How to disable "password change" for selected users?

by Kai Niethammer -
Thank you Helen ... I managed to get it work as desired smile

My fault ... because I don't use the role definition option that often I just left the according rights to change the password "empty" instead of using the advanced section to explicitly prohibit it. This is why I also thought that the standard role overrides the settings.

Sorry for the "dummy" thread and thank you for your support! smile
Average of ratings: -
In reply to Kai Niethammer

Re: How to disable "password change" for selected users? [Solved]

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Good to hear that you got things working Kai. smile

It's easy to miss the 'Show advanced' button which you need to click to show the four different permission types in order to be able to select prohibit.

I'm just attaching a screenshot for anyone else reading this thread:

Average of ratings: -
In reply to Kai Niethammer

Re: How to disable "password change" for selected users?

by Mark Sharp -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Plugin developers
If you look at authentication methods, you'll see that there are all sorts of settings around locking user fields and some include settings around passwords. Might be worth looking at a few (e.g. ldap) to see if you can emulate something. Perhaps there's a plugin in the repo that already does it.
Average of ratings: -