This would make simpler the life of the manager of a site as he would just have to deal with emails and wouldn't have to be bothered with the "real" id.
Well, I disagree. The user ID is static and whats stored, the login name can change over time (i.e. new email address). I tend to use UUIDs as user ID anyway, such fullname and e-mail may change w/o any implications.
But since its a setting it doable to add a new checkbox in the settings and change Plone to use the email as user ID, if there is the need. Pull requests appreciated!
Well, I disagree. The user ID is static and whats stored, the login name can change over time (i.e. new email address). I tend to use UUIDs as user ID anyway, such fullname and e-mail may change w/o any implications.
Ah... I thought the logins were impossible to change and hence enabling email login made impossible to change the email login address (but still allow to change the email used e.g. for the password reminder, modifiable at .../@@personal-information).
The problem is, with email login enabled, it is a track game to figure out what is the id of a user, sometimes needed, e.g. for getting all details of a user through Plone RESTful API.
But since its a setting it doable to add a new checkbox in the settings and change Plone to use the email as user ID, if there is the need. Pull requests appreciated!
Yes recycling of emails (using email as login) may result in security problems (but this is valid for other sectors of the organization too).
Also a manual selected userid (or derived from the name) may result in issues. If a user is removed from the system, the owner and local roles information may still contain this name, which is fine. If a new user joins then and has the same userid, she will have all those roles and is owner of content.
So, using UUID as userid saves a lot of possible security related issues.
In high secure system we also never delete users, just deactivate them. This way we also have always the users Metadata available and we can show the name of a deleted user. A new user is then really new to the system.
Hint: With LDAP (pas.plugins.ldap) we support industry standard expiration settings of users in LDAP. After expiration date the user can not login anymore.
Do you mean enabling emails as logins is a bad idea?
I see.
At ...//@@security-controlpanel, "Use UUID user ids" comment says:
Use automatically generated UUIDs as user id for new users. When not turned on, the default is to use the same as the login name, or when using the email address as login name we generate a user id based on the fullname.
So, for a Plone site that didn't enable the "Use UUID user ids" option at the beginning, and plan to enable this option for new users, there is no way to go back for already subscribed members?
As mentioned by @espenmn, I wonder if this is GDPR compatible.
Login name as email is fine, but userid not - it is the thing that is stored in the DB on every content item as owner or in Sharing ACLs.
It would be doable with a custom migration script - which goes complex, but out of the box there is nothing I know of.
Good point. Probably not. But you still can delete the user and if the userid was a UUID the name wont appear (in contrast to fullname-derived or email-derived userids)