starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-10 03:12:20 +03:00
Code Issues 784 Packages Projects Releases 10 Wiki Activity

Add ability to disable user account #2899

New Issue
Open
opened 2026-02-05 05:40:04 +03:00 by OVERLORD · 9 comments
OVERLORD commented 2026-02-05 05:40:04 +03:00
Owner
Copy Link

Originally created by @mlipok on GitHub (Jul 11, 2022).

Describe the feature you'd like

I have one employee which leave my company.
I need to set him as disabled.
I do not want to delete this account. As I still want to see all refereneced changes, and have possibility to restore him if he back to me.

Something like acccount deactivation should be possible.

The same to set Vacation mode to disable access for specific time period also should be possible.

Describe the benefits this would bring to existing BookStack users

It will be in line with the general direction of development of CRM / HelpDesk applications.

Can the goal of this request already be achieved via other means?

I do not think so.

Have you searched for an existing open/closed issue?

  • I have searched for existing issues and none cover my fundemental request

How long have you been using BookStack?

1 to 5 years

Additional context

none

Originally created by @mlipok on GitHub (Jul 11, 2022). ### Describe the feature you'd like I have one employee which leave my company. I need to set him as `disabled`. I do not want to delete this account. As I still want to see all refereneced changes, and have possibility to restore him if he back to me. Something like acccount deactivation should be possible. The same to set Vacation mode to disable access for specific time period also should be possible. ### Describe the benefits this would bring to existing BookStack users It will be in line with the general direction of development of CRM / HelpDesk applications. ### Can the goal of this request already be achieved via other means? I do not think so. ### Have you searched for an existing open/closed issue? - [X] I have searched for existing issues and none cover my fundemental request ### How long have you been using BookStack? 1 to 5 years ### Additional context none
OVERLORD added the 🔨 Feature Request label 2026-02-05 05:40:04 +03:00
OVERLORD commented 2026-02-05 05:40:09 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Jul 11, 2022):

Thanks for the request @mlipok.
I'd consider the "vacation mode" part somewhat as an extension of the core request to disable users, so I have updated the issue title to instead focus on the disabling part.

Describe the benefits this would bring to existing BookStack users
It will be in line with the general direction of development of CRM / HelpDesk applications.

This is not a benefit I'd generally accept as a driver for a feature, since this reasoning could be used to request many features that may be unsuitable, and I don't want to follow other systems for the sake of it. That said, I tihnk you've explained the benefits in the section above, which I'd summarise as: "Access could be easily disabled without loss of account references and metadata within the system".

Can the goal of this request already be achieved via other means?
I do not think so.

Depending on authentication method used, you could alter the email/name/auth-id/password of the user account to effectively prevent their login while retaining the account. Some careful considerations may be needed to ensure they can't use a recovery mechanism or an alternate auth method to regain access.

@ssddanbrown commented on GitHub (Jul 11, 2022): Thanks for the request @mlipok. I'd consider the "vacation mode" part somewhat as an extension of the core request to disable users, so I have updated the issue title to instead focus on the disabling part. > Describe the benefits this would bring to existing BookStack users > It will be in line with the general direction of development of CRM / HelpDesk applications. This is not a benefit I'd generally accept as a driver for a feature, since this reasoning could be used to request many features that may be unsuitable, and I don't want to follow other systems for the sake of it. That said, I tihnk you've explained the benefits in the section above, which I'd summarise as: "Access could be easily disabled without loss of account references and metadata within the system". > Can the goal of this request already be achieved via other means? > I do not think so. Depending on authentication method used, you could alter the email/name/auth-id/password of the user account to effectively prevent their login while retaining the account. Some careful considerations may be needed to ensure they can't use a recovery mechanism or an alternate auth method to regain access.
OVERLORD commented 2026-02-05 05:40:21 +03:00
Author
Owner
Copy Link

@mlipok commented on GitHub (Jul 12, 2022):

I'd consider the "vacation mode" part somewhat as an extension of the core request to disable users, so I have updated the issue title to instead focus on the disabling part.

Yes. But in fact my intention was to have one or both feature.
Maybe I should make separate Request for "Vacation mode" ?

@mlipok commented on GitHub (Jul 12, 2022): > I'd consider the "vacation mode" part somewhat as an extension of the core request to disable users, so I have updated the issue title to instead focus on the disabling part. Yes. But in fact my intention was to have one or both feature. Maybe I should make separate Request for "Vacation mode" ?
OVERLORD commented 2026-02-05 05:40:25 +03:00
Author
Owner
Copy Link

@mlipok commented on GitHub (Jul 12, 2022):

That said, I tihnk you've explained the benefits in the section above, which I'd summarise as: "Access could be easily disabled without loss of account references and metadata within the system".

This is in fact better descriptions. Thanks.

Depending on authentication method used, you could alter the email/name/auth-id/password of the user account to effectively prevent their login while retaining the account. Some careful considerations may be needed to ensure they can't use a recovery mechanism or an alternate auth method to regain access.

Ah. Thanks. I will try this.
However, this is a trick workaround ;)

@mlipok commented on GitHub (Jul 12, 2022): > That said, I tihnk you've explained the benefits in the section above, which I'd summarise as: "Access could be easily disabled without loss of account references and metadata within the system". This is in fact better descriptions. Thanks. > Depending on authentication method used, you could alter the email/name/auth-id/password of the user account to effectively prevent their login while retaining the account. Some careful considerations may be needed to ensure they can't use a recovery mechanism or an alternate auth method to regain access. Ah. Thanks. I will try this. However, this is a trick workaround ;)
OVERLORD commented 2026-02-05 05:40:34 +03:00
Author
Owner
Copy Link

@Atmis commented on GitHub (Jan 31, 2023):

I second that request. We have someone who left the company, and we want to keep the references. So far, I have changed the user password with a random long and complex one, but it would be easier to just disable the user. We should then be able to filter the user list to only show active users.
Thank you for your fantastic work!

@Atmis commented on GitHub (Jan 31, 2023): I second that request. We have someone who left the company, and we want to keep the references. So far, I have changed the user password with a random long and complex one, but it would be easier to just disable the user. We should then be able to filter the user list to only show active users. Thank you for your fantastic work!
OVERLORD commented 2026-02-05 05:40:39 +03:00
Author
Owner
Copy Link

@kassemz commented on GitHub (Apr 11, 2023):

Having this feature would be good.

Maybe add it as a able to login permission or something similar that can be added/removed from roles?

@kassemz commented on GitHub (Apr 11, 2023): Having this feature would be good. Maybe add it as a `able to login` permission or something similar that can be added/removed from roles?
OVERLORD commented 2026-02-05 05:40:45 +03:00
Author
Owner
Copy Link

@Man-in-Black commented on GitHub (May 16, 2024):

I'm also stumbling across this feature, because some poeple left the company and I want to maintain their metadata. This would be very easy from the frontend if there is a checkbox "login enabled" or something like this.

@Man-in-Black commented on GitHub (May 16, 2024): I'm also stumbling across this feature, because some poeple left the company and I want to maintain their metadata. This would be very easy from the frontend if there is a checkbox "login enabled" or something like this.
OVERLORD commented 2026-02-05 05:40:52 +03:00
Author
Owner
Copy Link

@AutoJunkie79 commented on GitHub (Oct 24, 2024):

Another vote here for this feature - we just got done with an internal audit on user access. The auditors were not super happy that there isn't a clear mechanism to demarc users that are active/disabled. We use SSO, so I've resorted to removing their external authentication ID (effectively preventing auth) and clearing out their user role mappings (showing in UI they are "disabled"). Our security policy requires us to disable users who have not logged in X days, but be able to quickly reactivate them should they need access again. Restoring their access is currently time-consuming and error-prone. Thank you!

@AutoJunkie79 commented on GitHub (Oct 24, 2024): Another vote here for this feature - we just got done with an internal audit on user access. The auditors were not super happy that there isn't a clear mechanism to demarc users that are active/disabled. We use SSO, so I've resorted to removing their external authentication ID (effectively preventing auth) and clearing out their user role mappings (showing in UI they are "disabled"). Our security policy requires us to disable users who have not logged in X days, but be able to quickly reactivate them should they need access again. Restoring their access is currently time-consuming and error-prone. Thank you!
OVERLORD commented 2026-02-05 05:40:57 +03:00
Author
Owner
Copy Link

@mschoon85 commented on GitHub (Nov 13, 2024):

@ssddanbrown As mentioned in the support ticket, I’d like to add my vote for this feature as well. Thank you!

@mschoon85 commented on GitHub (Nov 13, 2024): @ssddanbrown As mentioned in the support ticket, I’d like to add my vote for this feature as well. Thank you!
OVERLORD commented 2026-02-05 05:40:59 +03:00
Author
Owner
Copy Link

@SquareWaffles commented on GitHub (Apr 10, 2025):

@ssddanbrown is the ability to disable logins on the roadmap anytime soon? We are needing this functionality for compliance reasons.

@SquareWaffles commented on GitHub (Apr 10, 2025): @ssddanbrown is the ability to disable logins on the roadmap anytime soon? We are needing this functionality for compliance reasons.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
Question
🚀 Priority
🛡️ Blocked
🚚 Export System
A11y
🔧 Maintenance
> Markdown Editor
pull-request
Mirrored from GitHub Pull Request
No Label 🔨 Feature Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#2899
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?