I agree with Sina to some extent as he mentioned in the PR, we should not allow deleting the own user account from UI alteast. I tried deleting the user where I logged in, it immediately kicked me out of the logged in session.
Daan, we are already not allowing a normal user to delete their own account. This case is for the root/resource/domain admin accounts. Regards, Harikrishna On 16/02/23, 8:53 PM, "Sina Kashipazha" <s.kashipa...@protonmail.com.INVALID> wrote: Daan, I created the following PR, it don't allow users to delete themselves. https://github.com/apache/cloudstack/pull/7242 -- ----- Original Message ------- On Wednesday, February 15th, 2023 at 14:34, Sina Kashipazha <s.kashipa...@protonmail.com.inva<mailto:s.kashipa...@protonmail.com.inva>LID> wrote: > > > > > Yes, they shouldn't be allowed to delete themselves. I'm totally agree with > that. > > We can add this extra step as well, before users remove something valuable > like volume or network, etc. > > > ------- Original Message ------- > On Wednesday, February 15th, 2023 at 14:09, Daan Hoogland > daan.hoogl...@gmail.com<mailto:daan.hoogl...@gmail.com> wrote: > > > > > again Sina, I think the users should never be allowed to delete themselves. > > What is the use of such an action? > > > On Wed, Feb 15, 2023 at 12:28 PM Sina Kashipazha > > s.kashipa...@protonmail.com.inva<mailto:s.kashipa...@protonmail.com.inva>lid > > wrote: > > > > I agree that it is not as pressing as it looks, but the consequences are > > > high if users remove their account. In some setup, their VM will be > > > deleted > > > immediately for ever. > > > > Cause the network, VPS, account and many more deletion actions are look > > > the same user will not read the confirmation pop up :-) > > > > The proposed extra step that asks users to input the account name will > > > prevent accident. > > > > ------- Original Message ------- > > > On Wednesday, February 15th, 2023 at 10:17 AM, Wei ZHOU < > > > ustcweiz...@gmail.com<mailto:ustcweiz...@gmail.com>> wrote: > > > > > Agree with Daan > > > > > -Wei > > > > > On Wednesday, 15 February 2023, Daan Hoogland > > > > daan.hoogl...@gmail.com<mailto:daan.hoogl...@gmail.com> > > > > > wrote: > > > > > > seems ok, but I do not see the use case as pressing. I´d rather say > > > > > that a > > > > > user should not be able to destroy their own account. > > > > > > On Tue, Feb 14, 2023 at 3:32 PM Sina Kashipazha > > > > > s.kashipa...@protonmail.com.inva<mailto:s.kashipa...@protonmail.com.inva>lid > > > > > wrote: > > > > > > > Hey guys, > > > > > > > Cloudstack users can delete their account accidentally and lock > > > > > > themselves > > > > > > from accessing the CloudStack panel. A link to an account placed > > > > > > next to > > > > > > ISO, template, VM and other entities in CloudStack's UI. If > > > > > > customers > > > > > > doesn't paying attention, they would click on the account link > > > > > > instead of > > > > > > the link to the entity they want (vm, template, ISO etc.) Then, if > > > > > > they > > > > > > had > > > > > > wanted to delete that entity, they would press delete button without > > > > > > realising they were on the account page, and press Confirm. > > > > > > > I'm suggesting to add an extra step before deletion. In that step > > > > > > users > > > > > > must write the account name, unless otherwise they can't confirm > > > > > > deletion. > > > > > > Github, like many other applications asks you to write down the > > > > > > entity's > > > > > > name before DESTRUCTIVE and UNRECOVERABLE actions. > > > > > > > I've also created the following issue in Github: > > > > > > https://github.com/apache/cloudstack/issues/7219 > > > > > > > Please let me know your thoughts about the proposal. > > > > > > > Kind regards, > > > > > > Sina > > > > > > -- > > > > > Daan > > > -- > > Daan