Hi,
Our security department requesting the following:
- Create emergency user with admin role (local)
- blocking any other admin from changing password/edit roles for this specific local user.
The idea is to cover a scenario where an admin user has been hacked, the hacker wont be able to change anything or even see the emergency user.
We did it with the user`s associated entities but it`s creating another issue - after granular deselecting the Emergency user from the User Group of our admins, any new users that been created are not shown to admins. We have to login with the emergency user and edit associate permissions to add those new users. There is no way to say “All users except specific user”
The question is if there is any workflow or built-in mechanism for emergency users so no other user will be able to reset its password, except the emergency user itself.
I`d appreciate your assistance