In liferay, Administrator of any Organization is able to delete, update or change user details of any other organization which is not secure to organizations. User Details of any other organization should not display to any other organization admin.
To avoid the above scenario, it is required to change permissions and role for organizations admin.
Administrator: Administrator can create organization, assign or add users to organization, update or remove user, organization. It means Poweruser has all the authority of liferay portal.
Organization Administrator: Organisaton Administrator is able to see organization pages, he can edit organization page, but he is not able to edit his private and public pages.
How can we change Role of organization admin
- Login as Admin (Administrator role).
- Go to Control Panel.
- Select User and Organization menu from portal panel of left side to window.
4. Select Organization in which you want to change the role of admin.
E.g. Selecting New York Organization
We can see there are 2 user in New York Organization, NYC (Admin) and NY1USER (organization User). Here NYC is Administrator for this organization.
5.Click Actions (NYC in this example) -> Edit
6. Select Roles tab from User Information under Admin menu [NYC Admin] which is a right side of window
7. We can see Current role of this user in Regular Roles. (Current is Administrator)
8. Remove Administrator from Regular Role and assign New Role from “+Select” option. When we click on Select Hyperlink, pop-up window appears. From this window, we can see 2 Roles- Administrator and Power User. [It is not that only above mentioned roles can be seen, there are chances of seeing other regular roles too]
9. Select Power User.
10. Now, from Organization Roles view. Click on “Select” Hyperlink and select organizations role from pop-up window.
11. Select Organization Administrator.
Now, we can see we have two roles for Organization Administrator, Power User and Organization Administrator
12. Click Save.
Now, when same organization admin logins into his/her account user can’t get access to any other organization details from control panel.
Before applying changes to organization administrator role.
After applying changes to organization administrator role.
He is not able to see any organization except his organization.
Finally we have secured Organization’s details from any other organization’s admin.