Creating "master" accounts that cannot be changed by clients
Permalink
Is it possible to have a "master" account in Concrete so that we can log in to our clients sites and service them when necessary?
I know we can have an account within their installation - but this is at the mercy of the client - they can delete our account, change the login name or change the password and we can't gain access to service their site.
This can be a real nuisance, especially when trying to service lots of clients.
It's not enough to tell clients not to delete or change our account - from past experience they easily forget and we don't want the trouble of having to guiding the client to create an account for us when they have an urgent issue that needs attending.
I would like to have a "master" password with full access in each installation, one that the client cannot delete or modify.
Now - I know there are some security risk with this - the master password will be different for each installation to avoid security breeches affecting other clients.
Can this be achieved, or is there a better way to do this - am I missing something?
OK - I know that the first account created is a "super user" account and cannot be deleted - should this be our "master" password account I am referring to? My issue with this is the client can still change our login details which defeats the purpose.
I'm kind of confused with all this - any help would be appreciated.
I know we can have an account within their installation - but this is at the mercy of the client - they can delete our account, change the login name or change the password and we can't gain access to service their site.
This can be a real nuisance, especially when trying to service lots of clients.
It's not enough to tell clients not to delete or change our account - from past experience they easily forget and we don't want the trouble of having to guiding the client to create an account for us when they have an urgent issue that needs attending.
I would like to have a "master" password with full access in each installation, one that the client cannot delete or modify.
Now - I know there are some security risk with this - the master password will be different for each installation to avoid security breeches affecting other clients.
Can this be achieved, or is there a better way to do this - am I missing something?
OK - I know that the first account created is a "super user" account and cannot be deleted - should this be our "master" password account I am referring to? My issue with this is the client can still change our login details which defeats the purpose.
I'm kind of confused with all this - any help would be appreciated.
we've been pondering this same issue for our hosting clients.. its a real challenge.. obviously it a tremendous security risk - but being able to login as admin to all the accounts on our server without asking our clients for their passwords would be nice...
This would be a great feature to have and I think that there should be some kind of solution. Until then I'm going to do what bcarone suggests.
hi Franz,
Not sure if this idea is possible or even "secure" ...
Could you create a back-end script on the server that will temporarily create an "Administrator" account on the client site you want to gain access to ... do your thing ... and then run a clean up script when you're done that will remove the temporary account.
So - this way - if ever you need to gain access, you can run this back end script which will create an account for you on the clients site and remove it when you're done.
But of course this back end script will need to be secure so it's not accessible by the outside world.
I'm not sure if this is even possible or if it is a good idea or not - just thought I'd throw it out there.
Not sure if this idea is possible or even "secure" ...
Could you create a back-end script on the server that will temporarily create an "Administrator" account on the client site you want to gain access to ... do your thing ... and then run a clean up script when you're done that will remove the temporary account.
So - this way - if ever you need to gain access, you can run this back end script which will create an account for you on the clients site and remove it when you're done.
But of course this back end script will need to be secure so it's not accessible by the outside world.
I'm not sure if this is even possible or if it is a good idea or not - just thought I'd throw it out there.
I have put it a master account on all my clients ecommerce sites and it has worked like a charm. It is completely hidden so the owner of the account cannot see it. I tell them about the account out of courtesy and they are all happy about it, then a few months later they think they do not have complete access to everything. But I never give out that account information.
Hi Devhead ...
I'm a little confused ... are you offering your clients access to "Users and Groups"?
I'd like to give the client access to this area to manage their own users, but they can change the master account on us and we can't get in.
Am I missing something?
This is what we do:
-We have the default "Administrator' account which is created for us during installation.
-We then create a new group, lets call it "Management".
-We assign the new "Management" group to the pages (including most in dashboard) we want to allow them access to.
- We create a new user, lets call him "Joe" and assign him to the "Management" group.
When "Joe" logs in - he can go to the "Users and Groups" section and change the master account - he can't delete it, but he can change the login name, the password and the email address. Then, we, as the administrators, loose access to the site.
Am I doing something wrong?
Basically - we don't want the client to be able to change the account on us.
You mention that your clients don't even know the master account is there - are you restricting access to the "Users and Groups" section? I'm not sure whether we want to restrict this or not.
I'm a little confused ... are you offering your clients access to "Users and Groups"?
I'd like to give the client access to this area to manage their own users, but they can change the master account on us and we can't get in.
Am I missing something?
This is what we do:
-We have the default "Administrator' account which is created for us during installation.
-We then create a new group, lets call it "Management".
-We assign the new "Management" group to the pages (including most in dashboard) we want to allow them access to.
- We create a new user, lets call him "Joe" and assign him to the "Management" group.
When "Joe" logs in - he can go to the "Users and Groups" section and change the master account - he can't delete it, but he can change the login name, the password and the email address. Then, we, as the administrators, loose access to the site.
Am I doing something wrong?
Basically - we don't want the client to be able to change the account on us.
You mention that your clients don't even know the master account is there - are you restricting access to the "Users and Groups" section? I'm not sure whether we want to restrict this or not.
Use the Administrator group to handle "client admins". This way, they can do what they need too and you do not need to worry about loosing the MASTER account.
Create other GROUPS to handle more junior contributors and/or admins.