Security and custom user management

Hello, I’m trying to setup custom user management. I duplicated the idea behind the administration module with a generalization of the System.User entity, calling it an ‘Account’, and am trying to allow an anonymous user to, well, create a new Account. I want to use the same logic as the admin module, that is to create a new Account and then let the user fill it with its specificities, including the underlying System.User. But System.User can not be modified or created by some anonymous user…. at least I think. So basically my form user can’t select its username. I don’t think changing the security of the System module is the intended practice, so I guess I missed something fundamental. How can I create a new user? Thanks!
2 answers

Create a mirror (NP) entity of the User/Account entities.
Something like this:

You can allow an anonymous user to write to this entity.

When the user submits the signup, you can create an account in the microflow according to the entered values.
This works, since by default a microflow doesn’t apply entity access and thus the creation of and writing on the account/user attributes is possible.


NOTE: Be aware that this is the most minimalistic way of creating accounts by anonymous users.

I would recommend to use the forgot password module 
This requires an anonymous to confirm their account and gives more control over account creation then just creating an account as long you specify a valid username and password.


Goodmorning Antoine,


As an admin, you can create the account, and sent logins to the user.

System.user is indeed designed so it can’t be modified or altered. Using an ‘Account’-entity is a good idea, I guess you good make a link on the log-in page, with a text, something like: ‘create new account’, and refers to a new page where a user can create his/her own account.


Kind regards,