Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Don't hide the initial user (also known as "SuperAdmin") from the users section
See original GitHub issueConclusion of the discussion below:
- Let’s make the user with id -1 be visible in the users editor.
- If you want to use this one as a SYSTEM user for auditing purposes, you can create an additional admin and disable the -1 account.
We’re looking for a PR to address the above: make the user visible to other admin users.
Original issue description
A recent discussion led me to think about what the initial user account in Umbraco (id 0 in v7 and id -1 in v8) really means and why it is considered “special” and needs to be hidden.
It is being called “SuperAdmin” which makes it seem like it has special powers. However, this account has no real special privileges and is just like any other administrator account. Any administrator account can edit any other administrator account. I think this is a good thing:
- when someone gets fired from the organization, their admin account can be disabled
- when an admin forgets their password someone else could reset it (in case “forgot password” is unavailable for some reason)
- an admin can demote another admin in case they don’t need admin access any more
- etc.
This is no different for the first account ever created in Umbraco. In fact, by hiding that account you risk not ever knowing about it. What if they set up that account with a password like admin123456? Easily hacked.
Also, if you did actually know about that account then you could choose to disable it if it’s not being used.
So, my proposal is: given that we allow admins to edit other admins, is there an actual risk of an admin editing the initial user account (which is just another admin account)?
I can’t think of anything and, in fact, I think that the initial admin account should not even be hidden any more. Am I missing anything?
Issue Analytics
- State:
- Created 4 years ago
- Reactions:4
- Comments:22 (16 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Okay, so we’ve come full circle.
The proposal, based on all the feedback (thank you!):
For existing installs, need a migration
UserLogintoNULLandUserPasswordtoNULLFor new installs:
UserLogintoNULLandUserPasswordtoNULLFix:
/umbraco#/users/users/user/-1if you can edit users. This should now no longer be possible, the SYSTEM user also needs to be hidden from the overview as it can never be used by a human.Did I miss anything?
Totally, and it never allows any password to work.
I think it would be great to move the existing -1 user to the next available user Id (if there’s already 12 users created, it would get id 13). We’d lose audit history but maybe that’s not so bad as it will be consistent from then on.
It doesn’t seem viable to move all the audits over, since as Callum mentions that might be very expensive. Plus… it’s still inconsistent anyway, since not all of the -1 logs will have been caused by the -1 user 🤔