Anthony Baxter wrote:
Chris Withers wrote
Not if you have any kind of need for an audit trail. You want to know who did what, and when. The approach I suggested is particularly handy as you get a transaction entry when yo ureset their password, so you can tell when they should have stopped doing things ;-)
Nope, sorry, doesn't work for me. If you can't safely delete a user, then a) the 'delete' button should be removed from the acl_users tab b) an alternate 'retire' option should be created.
"Just change the password" is not a particularly safe or sane way to do things.
Well, ideally there should be both a 'delete' and 'retire' button (I'd prefer to call it 'disable') but given that the current functionality makes it easier to make the disable button function without bugs, I reckon that'd be the way to go. If you write and proposaland drag it through the fishbowl, I'd be happy to do the coding... cheers, Chris