CVE-2022-41672 Before version 2.4.1, deactivating a user wouldn't stop an already authenticated user from using the UI or API.
We've now added the ability to deactivate users via the Admin UI, Admin API, and CLI. Doing so will prevent users from being able to create or edit anything in their streams, regardless of whether they are currently logged in. Accessing a deactivated user's data via the API or UI will return a 401 Unauthorized response. There are a few cases where deactivating a user will have no effect, such as when the user's data is being imported into another system.
Admin UI
, Admin API, and CLI
The ability to deactivate users has been added to stream management via the Admin UI, Admin API, and CLI. With this new feature, you can now deactivate a user from the Admin UI, through an API call, or by using the CLI. Deactivating a user will prevent that user from being able to create or edit anything in their streams (regardless of whether they are currently logged in). Accessing that user's data via the API or UI will return a 401 Unauthorized response. There are a few cases where deactivating a user will have no effect; for instance, when the user's data is being imported into another system.
1-Click Deactivation: You can now instantly deactivate a user with one click simplifying your workflow!
Admin UI - deactivate user
The Admin UI now has a new option to deactivate users. This operation is entirely non-destructive and doesn't affect the user's data in any way. If you've had enough of someone and want to get rid of them, this is the perfect method to do so.
If you're an admin, see below for how to deactivate a user:
1) Navigate to "Users" on the left sidebar
2) Click on the 'Deactivate an User' button
3) Enter the username of your target in the "Username" field
4) Click on either "Active" or "Deactivated" depending on whether or not you want that person back when they log back in.
Admin UI:
The new UI makes it easier and faster to activate, deactivate, or delete users from your account. The new Admin UI is also now available via the CLI!
**Note:** Deactivating a user will prevent them from being able to create or edit anything in their streams, regardless of whether they are currently logged in. Accessing a deactivated user's data via the Admin UI or API will return a 401 Unauthorized response. There are several cases where deactivating a user will have no effect, such as when the user's data is being imported into another system.
Timeline
Published on: 10/07/2022 07:15:00 UTC
Last modified on: 10/07/2022 20:22:00 UTC