It seems users are not able to change their password as long as the page security option “user” is not given to them. Being logged in as a standard user and trying to invoke the change password form without activated user page security yields an access denied error (Xibo CMS 1.8.11). Is this behavior a bug or a feature?
If the user can’t access the user page then they won’t have the permissions necessary to access that as far as I know. I don’t think it’s a bug.
Thank you for the reply. In our setup each user should be able to change his password.
For this purpose I activated the page security flag users. This change allows users to change their passwords via the change user password form. In addition users assigend to the role “group admin” are now allowed to access the user management page, which allows them to manage all users in the system. In our multy tenancy environment this is not what I want.
It would be convenient to have a page security flag to allow users to access the change password form without allowing access to the user management page of the system.
That’s what the Group Admin role does. If you don’t want users to be able to manage other users in their groups, then don’t assign them the Group Admin role, and instead make them normal users.