COmanage Users List

[Benn Oshrin <>]

On 5/9/14 4:52 PM, 

 wrote:
> People with admin privs can manually change an identifier via CO->People->My
> Population and selecting a person, then editing their identifiers. Seems
> dangerous. I am wondering if I missed a setting to protect this.

CO Admins need to be able to fix bad data, including identifiers. CO 
Admins are by definition trusted users who can take actions that can 
break things. eg: They can define LDAP servers to provision to, and 
change the attributes that are written there.

There's possibly an argument to constrain COU Admins, but COU Admins are 
really trusted delegates of the CO Admin over a subset of the 
population, and so also need to be able to fix bad data.

-Benn-