How would one go about creating an account that can ADD user accounts but
not edit them after they've been created?
I was able to do it (with repercussions)
1. Creating a !user.template.userMaker realm (copied from !user.template.maintain)
2. Ensure that only user.Add is checked in the .auth functions for the .userMaker realm
3. Adding a new page to the !user site – the page has the Admin.User Editor
tool on it.
4. Create a new account with type-'userMaker'
5. Logout and login as the new account.
Unfortunately, this method has 2 flaws:
1) It allows ANY new user to access the User Edit tool and create new users
– not just userMakers. Is there some way to use templates for MyWorkspace
initialization? !user.userMaker???
2) This user can edit his/her own usertype (change from userMaker to
Admin)...
Any ideas?
Chris Brandt, DVM, MS
When you added the new page/tool to the !user site, you added the tool
to the site template that any new user gets for their my workspace.
Better would be to create a new site, add the tool to that site, and
then give the userMaker users membership in that site. They would go to
that site to use the tool.
But I don't think we have the granularity on the Admin User editor to
control add but not edit - if you can use the tool, you can do either.
John Leashia, U. Michigan