Why can’t I simulate or change a user?

1 min read

First of all, you need the global permission Simulate persons, change password and block access (simulate persons). If you do not have this permission, you can neither simulate persons nor change them or block their access.

On the other hand, ChurchTools offers many functions that are bound to permissions. And so that no one can obtain permissions to see or do things that are not desired, a check has been built in. This checks whether there is a potential possibility that permissions can be obtained by fraud and prevents this possibility.

  • You can only simulate super admins if your user account is also registered as a super admin.
  • You cannot simulate users who have at least one other global permission than you do.
  • You can easily control who is allowed to edit a person and which data this person is allowed to edit via the permissions management and security levels. For the e-mail address we have added an additional check that makes the system more secure: You can only edit the e-mail address of another user if you have the same or more permissions. This change has been implemented to prevent the fraudulent use of permissions.
  • ChurchTools also compares the permissions of both users when changing password: If the person who is to be simulated has at least one other global permission than you yourself, the process is blocked.

In these cases you will get the message “The user has more permissions than you. Simulating this user is not allowed.” and in the corresponding log entry the first 5 permissions are listed that you are missing as a simulating user:

What are your Feelings?
Updated on 5. November 2024