What to do with default users in production envs?

mahyard · January 5, 2020, 9:26am

Hi and happy new year,
What is the best practices about dealing with default system users in a production environment. Specially staff@example.com which has staff permissions. I use them some times so I prefer to not remove them. Is this enough to uncheck their is_active field? or maybe it’s better to rename them to something else? any other idea?
Thank you

Melsu · January 5, 2020, 6:23pm

May be reset the password inside the code base.

MHaton · January 6, 2020, 11:30am

Changing their active status isn’t enough, as it’s possible for a user to reactivate their own account.

I’d go for changing its email address to something else and resetting its password, that way the account can’t log in or request password resets (or anything else that could be potentially abused).

Topic		Replies	Views
How to inactivate user to not allow them login on platform Site Operators how-to	4	742	October 27, 2020
I deleted some default users and now can't use my Open EDS instance properly Site Operations Help	2	321	November 7, 2022
Staff status enabled check-box became disabled after user opened Pages and Resources page in studio Educators quince	8	239	March 18, 2024
Learner forgets the account password Educators	2	601	November 20, 2019
Issues with account self-deletion feature Site Operators gdpr	5	1739	October 15, 2020

What to do with default users in production envs?

Related topics