We want to be able to allow users access to "User Hours". Unfortunately Role permission to change it is grouped under "User Info" permission which contains other fields we can not allow users to change.
We disables "User Info" to prevent users from changing their account email address in our SSO environment. If they do that, they are unable to sign-in via campus SSO and they loose access to their RC account.
Some items underneath User Info->Settings and Permissions are appropriate and very useful to end users. For instance "User Hours".
Is there another way, or future plans, to allow users access "User Hours" without also allowing them to change the account email?
Hello @Dean Eckstrom! Yes, you can do that! By doing custom roles for your employees. Click HERE for more info. Thank you!
Jenn;
The 'User Info' permission applies Equally to these attributes of concern:
email address. - we want to disallow updates
password/pin - we want to allow updates
user hours - we want to allow updates
how does one Allow password and User hours, but Disallow updates to eMail? They are all part of 'User Info' role permission. The permission assignment needs more 'granularity'.
This is extremely critical in an SSO environment where login is based on email address. If a user changed email, they break their account access based on our testing. It also causes IT administrative headaches to correct API problems that result.
A general security philosophy is "Do not give users access to things that break things". Our user community has already, and will continuously, change this field if the App lets them.
For this reason we had to shut off User Info. However there are critical user features such as 'User Hours' and 'PIN Reset' (including via *86) that are also disabled by this permission setting.
Do not feel compelled to answer quickly. Examine the issues more carefully.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.