Allow name write privileges to be withheld #2773
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #2772 - Allow self write name privileges to be withheld. This is achieved by moving the legal name and display name write to the self name write acp, and adding a group that enables or removes this access. This allows admins to remove idm_all_persons from this group to disable the ability for users to self modify their name related values.
I don't really like this feature but I see it's importance for schools and some businesses. I don't want it to be the default, but I also recognise that it's needed in some environments.
Checklist