Temporary Admin Access

[jfrontain]

Created issue at 2019 Imagine Contribution Day. This will move to Merchdocs when that repo is ready.

New feature request

At Imagine 2019 Contribution Day, there is a Security issue for creating options and code for configuring temp admin access. Merchants sometimes create accounts for extension developers/partners/etc to access and test issues. They may forget to delete the account, leaving it as a potential access point if the credentials are simple.

Description

Content in Admin:

Create User.
Admin can set expiration date on user acct.
CRON job runs every hour looking for active expired accounts.
If one is found, removes the date and sets as inactive.
If you edit the user account in the Admin, the status is inactive without an expiration date.
To reuse, the account can be set "active" with a new expiration date.

Issue magento/magento2#22833
PR magento/magento2#22837

Expected result

Benefits

Possible solutions

Additional information

[lorikrell]

Removed the Contribution Day label at this time. The repo required for this content is not live yet for open source contribution.

[lorikrell]

Closing issue and moving to the new MerchDocs repo. The repository and contribution submissions for the Magento Merchant content (User Guide) will be available at a later date. Thank you!

[lfolco]

What is the issue number in the new repo? I couldn't find any issues in there.

[jeff-matthews]

@lfolco, the new repo is still private at the moment.

Cc: @leslietilling to comment on how to track this going forward.