[consulting] Restrict Group Access to one User Login Account

Sam Cohen sam at samcohen.com
Thu Oct 8 16:06:31 UTC 2009


In my case the organization had very limited resources.  They didn't have
the time or resources to create an account for everyone or to have everyone
create their own account and then for them to approve it.  They just wanted
to send out a username and password that a number of people can use.

While it's not ideal, I don't really see any big risk here.  Especially if
the account only has viewing permission and they can't edit anything.

Though given the specific situation mentioned here, I wouldn't go about i
that way.  I'd probbaly suggest a simple custom page that doesn't require
any access permissions and using Drupals user accounts.  Just something
simple that asks for a single password to view that one page.


Sam



On Thu, Oct 8, 2009 at 11:52 AM, Greg Knaddison <
Greg at growingventuresolutions.com> wrote:

> On Thu, Oct 8, 2009 at 9:45 AM, Sam Cohen <sam at samcohen.com> wrote:
> > I actually had a client with the very same issue.  They needed to have
> > multiple people use the same login and didn't want any of them changing
> > their password .
>
> This seems backward to me and I think this is the root of the concern
> that Shai and some others have expressed.  Rather than sharing an
> account among 100 people why not have 100 accounts for them and let
> them share a single "Nursing" role?
>
> Regards,
> Greg
>
> --
> Greg Knaddison | 303-800-5623 | http://growingventuresolutions.com
> Cracking Drupal - Learn to protect your Drupal site from hackers
> Now available from Wiley http://crackingdrupal.com
> _______________________________________________
> consulting mailing list
> consulting at drupal.org
> http://lists.drupal.org/mailman/listinfo/consulting
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/consulting/attachments/20091008/9f05ce7b/attachment.html 


More information about the consulting mailing list