Apart from normal users, there are two more users Administrator and Guest. Administrator user is for development purpose. Guest user for accessing any web page from outside the system and they do not need to login. You do not need to disable those users, as they are not counted as paid users.
Side note on Admin role : this role needs to be locked out from accessing business data using a two-factor authentication, such as a one-time or time-window based approval form from the System Manager. This way, System Managers are secured to know that they need to approve Admins when they need to access business data for debugging purposes.
At the moment, there is a level of trust given to admins (e.g. Webnotes on the hosted plan) by users. But as ERPnext evolves, there should be more controls and audits that allow business users to know when the admin accesses their data.
On Friday, September 20, 2013 12:21:40 PM UTC+8, Nabin Hait wrote:
Apart from normal users, there are two more users Administrator and Guest. Administrator user is for development purpose. Guest user for accessing any web page from outside the system and they do not need to login. You do not need to disable those users, as they are not counted as paid users.
This is on our immediate list - we will send an automatic email notification to the System Manager if the system has been accessed by an Administrator.
On 20-Sep-2013, at 1:00 PM, lxnow <la...@union.ph> wrote:
Side note on Admin role : this role needs to be locked out from accessing business data using a two-factor authentication, such as a one-time or time-window based approval form from the System Manager. This way, System Managers are secured to know that they need to approve Admins when they need to access business data for debugging purposes.
At the moment, there is a level of trust given to admins (e.g. Webnotes on the hosted plan) by users. But as ERPnext evolves, there should be more controls and audits that allow business users to know when the admin accesses their data.
On Friday, September 20, 2013 12:21:40 PM UTC+8, Nabin Hait wrote:
Apart from normal users, there are two more users Administrator and Guest. Administrator user is for development purpose. Guest user for accessing any web page from outside the system and they do not need to login. You do not need to disable those users, as they are not counted as paid users.