Question

Photo of Dan Abbuhl

0

family members allowed updating

I am in the process of getting our Rock server going by 1/1/18.  After putting in a few families, I wanted to see what it looked like on the outside to someone who has never had access to their profile.  I put in my full family and asked one of my children to go the the external website and try to log in.  They were able to register their account, and was directed to confirm with the email address.  When they were in the profile section, they were able to see the other members of the family.  In the list, beside each person, there is an UPDATE button.  My son, was able to go to the update and change any personal information that he wanted on anyone in the family that he could see.  He changed my wife's name and phone number as well as gave his sister a funny nickname. 

So, if this is possible, I could see that someone in the family could fool around and change anything without the other person knowing which could mess up sending email or sms messages and no one would know what he did unless someone happened to look at it. 

If we only had a few members, this may be detected quickly.  With hundreds of users, I would find it hard to see if anyone did this as a joke and never went back to change it. 

Is there a way to restrict users from this update except for themselves?  so that the only person they would see the UPDATE button for would be themselves?  Or am I thinking too much on this?  I would want parents to be able to change their children's info.  I just don't want siblings pulling things on each other.


I would like thoughts on this matter.

  • Photo of Michael Garrison

    0

    Possibly you'll want to look into triggering a workflow when a person is updated - and if the person making an update is a child in their family and they are editing someone besides themselves, you ask for someone to verify the change. This could be a staff person OR could even be the parents (I think), if you set it up correctly.

    If you just want to make it "hard" to do so, you could also add some JavaScript to the page that simply hides the button (or removes it from the document entirely) if the person logged in is a minor.

    Let me know if you're interested in either of these approaches.