A funny person in my company, just found a breach in the sistem and is enjoy testing it.
Here is the situation, I grant the possibilitie for all end user to change their data, name, e-mail and so on....
The problem is it can be change with another users or agent data!
Someone I making request with another persons name.
How can i manage this?
There is the possibilitie to return an error when someone try to change is personal data for someone already in the system?
Can you please attach some printscreens and explanations on how your end users can do that?
In the end user portal there is a "change your settings" link, which changes your own settings. How can you change someone else's user information?
P.S: If you want to, you can deny your end users this option. To do that please uncheck "Enable End User to change settings" under Preferences > End User Portal.