Deleted users keep the roles they had #3937
Comments
|
I strongly recommend to always use uuids as user ids, so they are unique. It is too difficult to find and remove a user's local roles everywhere in a large site. |
|
Or never delete a user. Plone misses a user "disable" checkbox. It could be an useful feature, for example to deny user to log in without changing the user password or deleting the user. |
This is what I would do in systems where the user was an employee and history of their activity must be retained. In some countries for certain websites, if a user requests permanent deletion of their data, the presiding law requires deletion. The GDPR is one example: https://gdpr-info.eu/art-17-gdpr/ |
|
@stevepiercy Good point, but in that case I think it would be best to delete all personally identifiable information but still keep the userid so it cannot be reused. Another good reason for uuid-based userids. |
|
@yurj I agree, that would be a useful feature and I have wanted it from time to time. |
BUG/PROBLEM REPORT (OR OTHER COMMON ISSUE)
When we delete a user and create him again with the same username, he keeps the roles he had before.
What I did:
What I expect to happen:
New user has no roles.
What actually happened:
The new user has the role of Editor.
What version of Plone/ Addons I am using:
Plone 6.0.10 (6021)
CMF 3.3
Zope 5.9
Python 3.11.8 (main, Feb 13 2024, 10:25:57) [GCC 10.2.1 20210110]
PIL 9.5.0 (Pillow)
WSGI: On
Server: waitress 2.1.2
The text was updated successfully, but these errors were encountered: