SoftPro Developer Forum

Free support for custom code within SoftPro's products, monitored by SoftPro employees with a 24-48 hr expected turn time on business days.
https://devforum.softprocorp.com/

Management Console - Users

https://devforum.softprocorp.com/viewtopic.php?t=1385

Page 1 of 1

Management Console - Users

Posted: Thu Apr 23, 2020 6:45 am
by enendza
Hi -

We have a number of users that have the checkbox "Allow edit" on their user profilt set to true.

Two questions:

What does this flag mean / do? Does it mean that the user doesn't get updated from Active Directory?
Where in the database can I globally update this flag?

See print screen

Thanks in advance for your help

Emma

Re: Management Console - Users

Posted: Fri Apr 24, 2020 8:57 am
by BobRichards
The ability to create/update/delete user information is controlled by a permission in the SPAdmin Management Console. The separate permission settings can be applied to groups and/or users. (Location in SPAdmin: Security/Permissions, Permissions/SPAdmin/Users/Groups)

I *believe* the purpose of this checkbox is to enable the textboxes so the user information can be changed - assuming they have the permissions listed above. I don't see a reason normal users should have this permission. You may want to consider removing the permission from normal users and leaving it to you administrators to create new users, delete old ones, and change/view potentially sensitive user information.

Re: Management Console - Users

Posted: Sun Apr 26, 2020 8:42 pm
by enendza
Thanks - I thought it was just a UI element to enable the fields BUT ... After I edit and save the changes I go back to the user record DAYS later and the checkbox is still checked. I was thinking this was database driven.

It was also reported the the Active Directory updates don't work if the user profile has this checkbox checked? Ever heard of that issue happening?

I can't find anything in the database related to this field, therefore, validating it is just a UI field, but that doesn't explain the behavior that was reported above.

Re: Management Console - Users

Posted: Mon Apr 27, 2020 12:00 pm
by BobRichards
This was trickier than I initially thought. Good job pressing for a better answer. I found a developer that works in this area.

When the box is checked for an Active Directory user, it means that you want to modify previously written information synced from AD with a different value. While checked, subsequent AD changes will be ignored so the manually entered info is not overwritten.

Re: Management Console - Users

Posted: Wed Apr 29, 2020 7:16 am
by enendza
Hi Bob -

Thanks for the additional info. Now is there a FLAG in the DB that I can "flip" so that no user profile is in EDIT mode?

Re: Management Console - Users

Posted: Wed Apr 29, 2020 11:40 am
by BobRichards
You can see the users that are in the editable mode:

Code: Select all

SELECT *
FROM core.SecurityIdentity s
JOIN core.SecurityIdentityProperty p
ON s.ID = p.SecurityIdentityID
WHERE p.Name = 'AllowUserOverride'
	AND p.Value = 'true'
But if the Edit checkbox is reset, the original values do not return. I even forced a Select AD sync but that did not restore it either. I will have to send this to another department for answers. How important is this to you?

Re: Management Console - Users

Posted: Sat May 02, 2020 8:52 am
by enendza
Let me check with the client - thanks for the response

Re: Management Console - Users

Posted: Tue May 05, 2020 7:16 am
by enendza
Thanks for the response. When I test this in our environment on the click event of the "Edit" button (turning it off) the information changes. ?? Anyway, I think we are good for now. Thanks again for the help
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited