Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64718

Admin user can GDPR delete themselves even when they are the only site admin

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.6.2
    • Fix Version/s: None
    • Component/s: Privacy
    • Affected Branches:
      MOODLE_36_STABLE

      Description

      On a fresh site, as the admin:

      1. Navigate to "Site administration" > "Users" > "Privacy and policies" > "Privacy settings" and enable the setting "tool_dataprivacy | contactdataprotectionofficer"
      2. As the site admin go to your profile and under the "Privacy and policies" section click "Delete my account" and go through the form to create the deletion request
      3. Run cron and do all that jazz so that you can approve the request
      4. After approving the request, run cron again and behold, no more site admin

      We would have expected something to stop the request being made or at the very least something to stop it being processed.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              cameron1729 cameron1729
              Participants:
              Component watchers:
              Andrew Nicols, Mathew May, Michael Hawkins, Shamim Rezaie, Simey Lameze
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: