Default Admin user should not be allowed to change its ROLE type

[kiranchavala]

The required feature described as a wish

1. Currently, the default admin user is allowed to change their own Role type

2. If the default admin user changes the role type to user role by mistake, the default admin is locked out completely

3. Currently, there is no option to delete the default admin account and user( which is good) , the same functionality should be extended to role type

Expected behaviour

The role type of default admin should be set to Root admin and not allowed to change by admin

[fmaximus]

Server side already seems to block any changes to the system account.

cloudstack/server/src/main/java/com/cloud/user/AccountManagerImpl.java

Line 2266 in 16c60c7

if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {

So this would be UI improvements only to hide edit button:

cloudstack/ui/src/config/section/account.js

Line 125 in 16c60c7

api: 'updateAccount',

By the way, shouldn't

cloudstack/ui/src/config/section/account.js

Line 187 in 16c60c7

api: 'disableAccount',

be calling lockAccount api instead of disableAccount.

[DaanHoogland]

hey @fmaximus , welcome back ;) I think you are right about the api call. I also see that both blocks pass the ‘lock’ parameter. Not sure if that is a c&p feature as well, but it looks strange at least.