Support For cPanel Subusers
Small cPanel account owners may want to delegate specific tasks to be performed by somewhat trusted individuals but without full access to the cPanel interface. Reasons for this can include the following hypothetical situations:
- Small Businesses having a secretary, giving the secretary access to just creating and removing email accounts but not to editing the company's website.
- Web Designers that guarantee their work not wanting their hosting customers to re-code their website themselves then accuse the Web Designer of poor coding.
- A Small Business Owner that wants to delegate full access to the cPanel interface to a contractor, but be reliably able to revoke that access in the event that contract is terminated.
The features available to these subusers should be filtered using a utility identical to or very similar to Feature Manager and Feature Lists.
Subusers (which would very likely be virtual users) would have a login of username@domain similar to FTP virtual users and Email virtual users. The ability for matching user capabilities such as SFTP access could eventually be accommodated by features already being worked on like version 11.34's Pluggable Authentication.
Original thread: http://forums.cpanel.net/f145/multiple-cpanel-logins-cpanel-subusers-case-44353-a-77145.html
We have great news!
The full release of the new Manage Team feature is available in cPanel & WHM version 112. This feature allows cPanel account owners to create team user accounts so that multiple people can access, administer, and work on a single cPanel account without the security risk of sharing credentials. Look for more details on our cPanel Community Forums soon!
If you have additional questions, feel free to reach out on one of our social channels.
We have great news!
The full release of the new Manage Team feature is available in cPanel & WHM version 112. This feature allows cPanel account owners to create team user accounts so that multiple people can access, administer, and work on a single cPanel account without the security risk of sharing credentials. Look for more details on our cPanel Community Forums soon!
If you have additional questions, feel free to reach out on one of our social channels.
This is a feature that our customers keep requesting, be it to manage FTP accounts, e-mail accounts or access PhpMyAdmin securly there are lots of cases when this is necessary.
This is a feature that our customers keep requesting, be it to manage FTP accounts, e-mail accounts or access PhpMyAdmin securly there are lots of cases when this is necessary.
Same thing here. It is a very important feature. My only reason to leave my current hosting, I can't outsource the jobs!
Same thing here. It is a very important feature. My only reason to leave my current hosting, I can't outsource the jobs!
Another common request is users asking for PHPMyAdmin access. Site owners want to give their developers access here but not the keys to the entire panel. I assume the "feature list" that was proposed should cover this but wanted to mention it anyways.
Another common request is users asking for PHPMyAdmin access. Site owners want to give their developers access here but not the keys to the entire panel. I assume the "feature list" that was proposed should cover this but wanted to mention it anyways.
I can't believe this isn't a feature yet. There must be another request somewhere that has more votes than just 1!
I can't believe this isn't a feature yet. There must be another request somewhere that has more votes than just 1!
We use CPanel in an academic environment and having this ability would be a HUGE benefit for departmental users with varying levels of web resource needs. Currently we use RVSkin to achieve this, but the management overhead it adds to CPanel is quite considerable. We would much prefer a CPanel native solution.
We use CPanel in an academic environment and having this ability would be a HUGE benefit for departmental users with varying levels of web resource needs. Currently we use RVSkin to achieve this, but the management overhead it adds to CPanel is quite considerable. We would much prefer a CPanel native solution.
Any update on when this is likely to be accepted ? The original thread in the forums had huge support over a period of six years so what more is needed to get this accepted ?
Any update on when this is likely to be accepted ? The original thread in the forums had huge support over a period of six years so what more is needed to get this accepted ?
This is absolutely necessary! I've been using cPanel for every project my company has ever done for 10 years but without this feature I will be switching to other solutions!
This is absolutely necessary! I've been using cPanel for every project my company has ever done for 10 years but without this feature I will be switching to other solutions!
I think this granular control over user privileges and sub-users of a cpanel user is needed and in the very increasing shared responsibility era this is becoming more common place where delegation of tasks occur but the philosophy of least permissions is still the norm.
I think this granular control over user privileges and sub-users of a cpanel user is needed and in the very increasing shared responsibility era this is becoming more common place where delegation of tasks occur but the philosophy of least permissions is still the norm.
So this is a feature that have being requested since 2008 and here we are 6 years later still waiting for it.
Are you guys ever going to do it or may you at least tell us NO we will not do it so that we can stop waiting for it?
So this is a feature that have being requested since 2008 and here we are 6 years later still waiting for it.
Are you guys ever going to do it or may you at least tell us NO we will not do it so that we can stop waiting for it?
I am VERY much in need of this for the auto-responder feature. It's odd that users can't create an auto-responder without logging on to cPanel. I would love to be able to have a user account they can use that doesn't give them access to everything.
I am VERY much in need of this for the auto-responder feature. It's odd that users can't create an auto-responder without logging on to cPanel. I would love to be able to have a user account they can use that doesn't give them access to everything.
Still waiting and wondering why this is not a key feature already ?
Still waiting and wondering why this is not a key feature already ?
Even WHMCS has added this feature to their software. It seems like cPanel could start to lag behind on todays trends regarding authentication options if we can't get this feature pushed through soon.
Even WHMCS has added this feature to their software. It seems like cPanel could start to lag behind on todays trends regarding authentication options if we can't get this feature pushed through soon.
It would be a great add-on to have this feature added. Thank you
It would be a great add-on to have this feature added. Thank you
Yes, that's a customer wise feature!
What do you think cPanel?
Yes, that's a customer wise feature!
What do you think cPanel?
Looking for this sort of feature so I can have multiple developers working on a site via the tools in cPanel.... looks like cPanel can't do this so ill have to go elsewhere....
Looking for this sort of feature so I can have multiple developers working on a site via the tools in cPanel.... looks like cPanel can't do this so ill have to go elsewhere....
Double post
Double post
This is one of the top feature requests that we get time and time again from our clients. Would love to see this become available soon (as in, this year).
This is one of the top feature requests that we get time and time again from our clients. Would love to see this become available soon (as in, this year).
If this feature is added, it's important to also add auditing capability, too. (That is, the ability for cpanel to record/log all activity that is done by the logged-in cpanel user.) Otherwise, we will see no end of customers complaining about sudden changes to their cpanel account, when in fact it was done by one of their own cpanel users...
:)
If this feature is added, it's important to also add auditing capability, too. (That is, the ability for cpanel to record/log all activity that is done by the logged-in cpanel user.) Otherwise, we will see no end of customers complaining about sudden changes to their cpanel account, when in fact it was done by one of their own cpanel users...
:)
+1 this is essential. Cpanel is one of the only high level management apps out there without users => permissions => action logs. It logs accounts all day long, it should be the same for users. Other than that, its fantastic software. Thanks
+1 this is essential. Cpanel is one of the only high level management apps out there without users => permissions => action logs. It logs accounts all day long, it should be the same for users. Other than that, its fantastic software. Thanks
Agree! desperately need this!
For example, I want to allow a secretary to be able to reset/add/remove email accounts and nothing elsebut then i would like to give cpanel to their webmaster with full access to all features.
Agree! desperately need this!
For example, I want to allow a secretary to be able to reset/add/remove email accounts and nothing elsebut then i would like to give cpanel to their webmaster with full access to all features.
It's a daily necessary feature...
If the first post is dated 1 year ago... when we can have this feature released?
Thank you
It's a daily necessary feature...
If the first post is dated 1 year ago... when we can have this feature released?
Thank you
I get requests for this from my client base regularly too. My client base doesn't generally need fine-grain controls, but they want to be able to share access. Having fine-grained controls would be icing on the cake.
Would be sweet if a developer could chime in on what the attitude/concerns/enthusiasm level in the developer pool is -- give us some idea if this is likely to get on the roadmap, etc.
Shout out to all the cPanel crew for the great product & all the hard work!
I get requests for this from my client base regularly too. My client base doesn't generally need fine-grain controls, but they want to be able to share access. Having fine-grained controls would be icing on the cake.
Would be sweet if a developer could chime in on what the attitude/concerns/enthusiasm level in the developer pool is -- give us some idea if this is likely to get on the roadmap, etc.
Shout out to all the cPanel crew for the great product & all the hard work!
We certainly think about this a lot. Ensuring the security of the system makes it a bit of a challenge...but we definitely understand that it's something people want.
We certainly think about this a lot. Ensuring the security of the system makes it a bit of a challenge...but we definitely understand that it's something people want.
Enable/Disable feature for ftp users would be very simple solution
Enable/Disable feature for ftp users would be very simple solution
I too would love to see this option. Perhaps anyone going to the cPanel Conference can ask when this might be coming?
I too would love to see this option. Perhaps anyone going to the cPanel Conference can ask when this might be coming?
As has been said MANY times before, in one way or another:
"I cant believe, and am still waiting and wondering why, this is not a key feature already?"
As has been said MANY times before, in one way or another:
"I cant believe, and am still waiting and wondering why, this is not a key feature already?"
+1
"I cant believe, and am still waiting and wondering why, this is not a key feature already?"
+1
"I cant believe, and am still waiting and wondering why, this is not a key feature already?"
i cant open this link http://forums.cpanel.net/f145/multiple-cpanel-logins-cpanel-subusers-case-44353-a-77145.html .
Can u help me ? Because i need it now. thanks
i cant open this link http://forums.cpanel.net/f145/multiple-cpanel-logins-cpanel-subusers-case-44353-a-77145.html .
Can u help me ? Because i need it now. thanks
Greetings confy, the old Feature Requests forum area has now been deprecated. That old thread is of no use any longer, it was located in the old Feature Requests forum. The most up to date details on this Feature, are right here.
Thanks!
Greetings confy, the old Feature Requests forum area has now been deprecated. That old thread is of no use any longer, it was located in the old Feature Requests forum. The most up to date details on this Feature, are right here.
Thanks!
This would be an incredibly useful feature of cPanel and shouldn't be too hard to implement really.
Please consider it as a priority in future releases.
This would be an incredibly useful feature of cPanel and shouldn't be too hard to implement really.
Please consider it as a priority in future releases.
Does anyone have any suggestions about how to achieve this ? I've actually been thinking about how this could be done myself and haven't come up with a viable solution yet.
Would they use system usernames with the main username as a prefix ? or would they store usernames and passwords in a MySQL database ? If they use a custom mysql interface all the existing securty measures would need to be converted etc.
PHPMyAdmin access is now quite easy to achieve from a custom interface using the API but what about all the other options… everything is currently based on if the user has access or not to do things.
I too have customers who rearly want this, but I have to admit that it's going to take quite alot of thinking to implement :)
Does anyone have any suggestions about how to achieve this ? I've actually been thinking about how this could be done myself and haven't come up with a viable solution yet.
Would they use system usernames with the main username as a prefix ? or would they store usernames and passwords in a MySQL database ? If they use a custom mysql interface all the existing securty measures would need to be converted etc.
PHPMyAdmin access is now quite easy to achieve from a custom interface using the API but what about all the other options… everything is currently based on if the user has access or not to do things.
I too have customers who rearly want this, but I have to admit that it's going to take quite alot of thinking to implement :)
If you decide to make this happen,
please make it in a smart and efficient way, allowing all subusers to have a subset of the account's allowed feature list, so the default cPanel user, can manage subusers and make a subfeature list, which will be able to include a subset of his own / allowed feature list...
thanks !
If you decide to make this happen,
please make it in a smart and efficient way, allowing all subusers to have a subset of the account's allowed feature list, so the default cPanel user, can manage subusers and make a subfeature list, which will be able to include a subset of his own / allowed feature list...
thanks !
This is exactly what the third-party tool RVSkin does to create sub-users.
It's an ok solution; we use it, but with all the engineering going on with the new Paper Lantern interface framework it is VERY disappointing there has been no discussion from CPanel whatsoever about sub-user architecture being baked in to it directly - for a more robust/secure solution.
This is exactly what the third-party tool RVSkin does to create sub-users.
It's an ok solution; we use it, but with all the engineering going on with the new Paper Lantern interface framework it is VERY disappointing there has been no discussion from CPanel whatsoever about sub-user architecture being baked in to it directly - for a more robust/secure solution.
7 years waiting for this feature - at this point, coupled with the fact that the most common response from cPanel that we get is to point us to this feature request, I can only believe this feature is never going to come to light. The need for this feature has passed the point of being a contemplated option. This "IS" a feature that is absolutely necessary to accommodate today's website development needs. I've used cPanel since Nick developed it and because this feature is still not available I actually have no choice but to move away from cPanel. I absolutely never thought this day would come. Because it has come to this, and knowing the huge task in front of us in order to convert to a new system, and as I let the proverbial cPanel door hit me in the back as I leave, I just feel it necessary to post my disappointment in cPanel for not taking this feature request seriously and making it available.
Businesses worldwide hire website developers to build their sites, through CMS's clients are able to completely manage their content without needing any html or programming knowledge at all. With CMS's we have the ability to provide separate logins and control what users can access. This prevents mistakes being made which can corrupt a website, curbs the temptation for curiosity clickers, and so on. Numerous scripts are available to us, which enables us to lock down and tighten the security of our CMS installs. At a click of a button, "all" CMS installs can be updated to their latest releases instantly without having to log into each website separately, or we have the option to make a global setting to immediately update all installs automatically without any user interaction.
The "only" missing tool that we are unable to give our clients is the ability to manage their email accounts - add/delete email addresses, forwarders, auto responders, spam settings, email passwords, etc. for their employees. In order to give them this ability we have to give them full access to the control panel for their hosting account:
- this in turn not only gives them full access to mysql databases which powers their websites, but to everything else they simply do not need access to
- it gives them access to change their control panel passwords, which then forces us to have to change that password every time we need to access their control panels for maintenance and then send the new password to the client, its either that or enable Root access level to cpanel access, both of which are not options due to security.
We tried giving this access to clients and it turned into a complete nightmare ranging from deleted databases, deleted cpanel files, deleted ssl certs, edited dns, just to name a few. Yes we have multiple account packages created, but we would literally have to create numerous packages in order to disable/remove as many features as we can, and to still accommodate all the clients that design/manage their own sites, resellers that have their own clients, etc. However, the bottom line is, we would still have to allow access to sensitive features that are needed for the account, such as, and most importantly, mysql databases, account passwords, thus making it pointless in creating all those unnecessary packages in the first place.
The last response from cPanel "We certainly think about this a lot. Ensuring the security of the system makes it a bit of a challenge...but we definitely understand that it's something people want." and as another cPanel user pointed out "No question security is important but others have figured it out, surely you can too." …because others have done it, not only in other control panel systems, but even in CMS's that we've been using for many years without any security issues at all, I can only believe at this point that it is out of laziness, and lack of willingness to prioritize this much needed, and long over due feature, as being why cPanel has not made it available.
So that's my 2 cents worth. And before some of you want to jump to crucify me in defense of the cPanel developers, please bear in mind that I have been a loyal user of cPanel since near its conception and it is only due to wanting to keep my client base rather than lose them to a competitor that offers what most will consider such a minute feature, that has brought me to the decision of moving on. Do I believe that other control panels are better?...other than having this one feature…I absolutely do not and actually dread sacrificing features that are only important to us in order to afford this one, but obviously very important feature to our clients.
7 years waiting for this feature - at this point, coupled with the fact that the most common response from cPanel that we get is to point us to this feature request, I can only believe this feature is never going to come to light. The need for this feature has passed the point of being a contemplated option. This "IS" a feature that is absolutely necessary to accommodate today's website development needs. I've used cPanel since Nick developed it and because this feature is still not available I actually have no choice but to move away from cPanel. I absolutely never thought this day would come. Because it has come to this, and knowing the huge task in front of us in order to convert to a new system, and as I let the proverbial cPanel door hit me in the back as I leave, I just feel it necessary to post my disappointment in cPanel for not taking this feature request seriously and making it available.
Businesses worldwide hire website developers to build their sites, through CMS's clients are able to completely manage their content without needing any html or programming knowledge at all. With CMS's we have the ability to provide separate logins and control what users can access. This prevents mistakes being made which can corrupt a website, curbs the temptation for curiosity clickers, and so on. Numerous scripts are available to us, which enables us to lock down and tighten the security of our CMS installs. At a click of a button, "all" CMS installs can be updated to their latest releases instantly without having to log into each website separately, or we have the option to make a global setting to immediately update all installs automatically without any user interaction.
The "only" missing tool that we are unable to give our clients is the ability to manage their email accounts - add/delete email addresses, forwarders, auto responders, spam settings, email passwords, etc. for their employees. In order to give them this ability we have to give them full access to the control panel for their hosting account:
- this in turn not only gives them full access to mysql databases which powers their websites, but to everything else they simply do not need access to
- it gives them access to change their control panel passwords, which then forces us to have to change that password every time we need to access their control panels for maintenance and then send the new password to the client, its either that or enable Root access level to cpanel access, both of which are not options due to security.
We tried giving this access to clients and it turned into a complete nightmare ranging from deleted databases, deleted cpanel files, deleted ssl certs, edited dns, just to name a few. Yes we have multiple account packages created, but we would literally have to create numerous packages in order to disable/remove as many features as we can, and to still accommodate all the clients that design/manage their own sites, resellers that have their own clients, etc. However, the bottom line is, we would still have to allow access to sensitive features that are needed for the account, such as, and most importantly, mysql databases, account passwords, thus making it pointless in creating all those unnecessary packages in the first place.
The last response from cPanel "We certainly think about this a lot. Ensuring the security of the system makes it a bit of a challenge...but we definitely understand that it's something people want." and as another cPanel user pointed out "No question security is important but others have figured it out, surely you can too." …because others have done it, not only in other control panel systems, but even in CMS's that we've been using for many years without any security issues at all, I can only believe at this point that it is out of laziness, and lack of willingness to prioritize this much needed, and long over due feature, as being why cPanel has not made it available.
So that's my 2 cents worth. And before some of you want to jump to crucify me in defense of the cPanel developers, please bear in mind that I have been a loyal user of cPanel since near its conception and it is only due to wanting to keep my client base rather than lose them to a competitor that offers what most will consider such a minute feature, that has brought me to the decision of moving on. Do I believe that other control panels are better?...other than having this one feature…I absolutely do not and actually dread sacrificing features that are only important to us in order to afford this one, but obviously very important feature to our clients.
Yes, with granular rights please.
Yes, with granular rights please.
The problem is that a lot of web developers I've found want access to cpanel but sometimes I feel a bit risky doing this - I had a web developer that started adding unwanted code into stuff once with access to cpanel they could do more damage.
The ability for not just user accounts but user accounts with different cpanel access alongside a main master account would fix this. It's something pretty simple.
If security is an issue you could add ways to authenticate people e.g. two step authentication.
The problem is that a lot of web developers I've found want access to cpanel but sometimes I feel a bit risky doing this - I had a web developer that started adding unwanted code into stuff once with access to cpanel they could do more damage.
The ability for not just user accounts but user accounts with different cpanel access alongside a main master account would fix this. It's something pretty simple.
If security is an issue you could add ways to authenticate people e.g. two step authentication.
In 2D, by scope of:
The regular RACI stuff!
Can make for complications, but it is not without precedent.
In 2D, by scope of:
The regular RACI stuff!
Can make for complications, but it is not without precedent.
Sadly I had this feature on another hosting company and it was great to use. I believe its a greater security risk to be forced into giving out our main user and pw to subs then it is to add the feature on.
Sadly I had this feature on another hosting company and it was great to use. I believe its a greater security risk to be forced into giving out our main user and pw to subs then it is to add the feature on.
I can't believe this isn't a feature yet.
Simple solution dissociate the cpanel login from the actual user Ex a user test on the server can be login by serveral users ex toto@test.com and restrict the acess to the interface only
the usergroup thing seems complicated could be better.
Could also create other problems / complications
I can't believe this isn't a feature yet.
Simple solution dissociate the cpanel login from the actual user Ex a user test on the server can be login by serveral users ex toto@test.com and restrict the acess to the interface only
the usergroup thing seems complicated could be better.
Could also create other problems / complications
This is definitely a feature I would love to see.
1. Users may want to delegate limited access to their account. For example allowing someone to only manage email accounts or security settings. Right now our customers are sharing their main account, and then the person they shared it with decided they weren't friends any more and breaks everything (thank god for backups).
2. Giving my support operators full access to WHM seems over the top (not that I don't trust them, but the chance that something breaks is pretty big), it would be great if users could create a support sub-account (or have one automatically generated) for my operators to use.
This is definitely a feature I would love to see.
1. Users may want to delegate limited access to their account. For example allowing someone to only manage email accounts or security settings. Right now our customers are sharing their main account, and then the person they shared it with decided they weren't friends any more and breaks everything (thank god for backups).
2. Giving my support operators full access to WHM seems over the top (not that I don't trust them, but the chance that something breaks is pretty big), it would be great if users could create a support sub-account (or have one automatically generated) for my operators to use.
Please add the feature that so many people keep asking for, It's a shame that this has not been done yet, Don't estimate the total by simply looking at the number of people that have voted. They are way more. And it is going to help every single cpanel administrator
Please add the feature that so many people keep asking for, It's a shame that this has not been done yet, Don't estimate the total by simply looking at the number of people that have voted. They are way more. And it is going to help every single cpanel administrator
As a CPanel sysadmin this is a glaring omission to an otherwise very well-rounded product. Being able to grant partial account access to users who only need to manage databases or email, for example, is increasingly going from a nice-to-have feature to an absolute must-have.
Hope to see this incorporated soon!
As a CPanel sysadmin this is a glaring omission to an otherwise very well-rounded product. Being able to grant partial account access to users who only need to manage databases or email, for example, is increasingly going from a nice-to-have feature to an absolute must-have.
Hope to see this incorporated soon!
Agreed. There's a lot of work arounds, like plugins for managing cPanel email accounts from a WordPress site, but what a house of cards.
If I tell my hosted clients that they can create new cPanel users & pick & choose what they have access to, that would make sense. Both WHM and Softaculo already have packages that can be assigned to cPanel users. If the primary cPanel could create users on the same domain and then pick & choose which icons are available, my world would be greatly simplified.
Agreed. There's a lot of work arounds, like plugins for managing cPanel email accounts from a WordPress site, but what a house of cards.
If I tell my hosted clients that they can create new cPanel users & pick & choose what they have access to, that would make sense. Both WHM and Softaculo already have packages that can be assigned to cPanel users. If the primary cPanel could create users on the same domain and then pick & choose which icons are available, my world would be greatly simplified.
I would agree more with options to split service between multiple accounts, for instance, having an account just for email services, another just for website etc.
This way we could even run email and websites on different serves, fulfilling both the need to delegate specific tasks and at the same time allowing is to increase redundancy and optimize servers.
It could also be a master login able to centralize everything from multiple machines, but that's more complex.
I would agree more with options to split service between multiple accounts, for instance, having an account just for email services, another just for website etc.
This way we could even run email and websites on different serves, fulfilling both the need to delegate specific tasks and at the same time allowing is to increase redundancy and optimize servers.
It could also be a master login able to centralize everything from multiple machines, but that's more complex.
I'm not cPanel user primarily because of lack of this feature. Many hosters use cPanel and I won't choose them in favor of small number of ones who provide multiple admin/manager accounts.
I'm not cPanel user primarily because of lack of this feature. Many hosters use cPanel and I won't choose them in favor of small number of ones who provide multiple admin/manager accounts.
"Any update on when this is likely to be accepted ? The original thread in the forums had huge support over a period of six years so what more is needed to get this accepted ?"
A quote that we left well over a year ago ! So, eight years and counting and in the last two years one small reply from a cPanel employee saying they are thinking about it.
CPanel ask for people to make suggestions and of course they cannot do all of them immediately but some feedback every now and again would be useful - the lack of feedback gives the appearance they dont care at all and stops people making suggestions
"Any update on when this is likely to be accepted ? The original thread in the forums had huge support over a period of six years so what more is needed to get this accepted ?"
A quote that we left well over a year ago ! So, eight years and counting and in the last two years one small reply from a cPanel employee saying they are thinking about it.
CPanel ask for people to make suggestions and of course they cannot do all of them immediately but some feedback every now and again would be useful - the lack of feedback gives the appearance they dont care at all and stops people making suggestions
"Any update on when this is likely to be accepted ? The original thread in the forums had huge support over a period of six years so what more is needed to get this accepted ?"
A quote that we left well over a year ago ! So, eight years and counting and in the last two years one small reply from a cPanel employee saying they are thinking about it.
CPanel ask for people to make suggestions and of course they cannot do all of them immediately but some feedback every now and again would be useful - the lack of feedback gives the appearance they dont care at all and stops people making suggestions
"Any update on when this is likely to be accepted ? The original thread in the forums had huge support over a period of six years so what more is needed to get this accepted ?"
A quote that we left well over a year ago ! So, eight years and counting and in the last two years one small reply from a cPanel employee saying they are thinking about it.
CPanel ask for people to make suggestions and of course they cannot do all of them immediately but some feedback every now and again would be useful - the lack of feedback gives the appearance they dont care at all and stops people making suggestions
This would be an amazing feature.
Sometimes I need to hire a freelance web developer to do certain things I can not do but I don't want to give them full access to my PHP framework.
I am able to limit their FTP access to the files, but they need to be able to access the database as well.
It would be great if I could add another user to the cPanel account, and then give them access to phpMyAdmin along with their FTP account.
This would be an amazing feature.
Sometimes I need to hire a freelance web developer to do certain things I can not do but I don't want to give them full access to my PHP framework.
I am able to limit their FTP access to the files, but they need to be able to access the database as well.
It would be great if I could add another user to the cPanel account, and then give them access to phpMyAdmin along with their FTP account.
Double post.
Don't think this site likes Safari. It didn't clear my comment box, and my post didn't display on the page.
Double post.
Don't think this site likes Safari. It didn't clear my comment box, and my post didn't display on the page.
Granular control over user access is an essential security requirement. It should be possible to select exactly which functions each user is able to control.
Granular control over user access is an essential security requirement. It should be possible to select exactly which functions each user is able to control.
This is absolutely essential. Along with this, we need detailed logs on which user performed operations.
This is absolutely essential. Along with this, we need detailed logs on which user performed operations.
Clearly no one from cpanel is listening. This thread has been running for years and there hasn't been a move to address the issue.
Clearly no one from cpanel is listening. This thread has been running for years and there hasn't been a move to address the issue.
Lol. I find this a bit odd too. Why would the premier management console neglect to acknowledge theeee most obvious missing feature of all time? Is there something they are not sharing about their struct that makes this too difficult to accomplish? Is there something about CSRF tokens (that already exist for 1 user) that wouldn't work for sub-users too?
Lol. I find this a bit odd too. Why would the premier management console neglect to acknowledge theeee most obvious missing feature of all time? Is there something they are not sharing about their struct that makes this too difficult to accomplish? Is there something about CSRF tokens (that already exist for 1 user) that wouldn't work for sub-users too?
+1 for this but... 2 years and still open for discussion? Hmmm... *lost hopes*
+1 for this but... 2 years and still open for discussion? Hmmm... *lost hopes*
I think it's actually been more like seven years with no action!!
I think it's actually been more like seven years with no action!!
I think it's actually been more like seven years with no action!!
I think it's actually been more like seven years with no action!!
Certainly as long as I've been using cPanel -- and that was about 2008 or 2009, I've been wishing for this feature; I don't really get it -- granular is a commonly supported thing, there are no computer science mysteries for how to get such a thing done, and while it may be architectually inconvenient, surely if you put it on the road map, at some point you will be able to evolve the product to the point where it's doable.
cPanel team, I don't ask for much, and I love so much about the product (I've had to support Plesk too; believe me, I'm generally very happy with the product, and commonly can be found singing the praises of the product!), but if you could give us some feedback on this one point, it would be lovely.
Thanks,
-Cedric
Certainly as long as I've been using cPanel -- and that was about 2008 or 2009, I've been wishing for this feature; I don't really get it -- granular is a commonly supported thing, there are no computer science mysteries for how to get such a thing done, and while it may be architectually inconvenient, surely if you put it on the road map, at some point you will be able to evolve the product to the point where it's doable.
cPanel team, I don't ask for much, and I love so much about the product (I've had to support Plesk too; believe me, I'm generally very happy with the product, and commonly can be found singing the praises of the product!), but if you could give us some feedback on this one point, it would be lovely.
Thanks,
-Cedric
As of late, I really would like to give out granular access to sub accounts, so they do not control my entire cpanel account and all of my domains.
We would love this feature to be at least commented on so we know we are being heard :) Its gotten over 200 votes! Come on cpanel...
As of late, I really would like to give out granular access to sub accounts, so they do not control my entire cpanel account and all of my domains.
We would love this feature to be at least commented on so we know we are being heard :) Its gotten over 200 votes! Come on cpanel...
Hear that? It's the sound of crickets? That's all we're going to hear. C-Panel is clearly not interested in its customers concerns.
Hear that? It's the sound of crickets? That's all we're going to hear. C-Panel is clearly not interested in its customers concerns.
I'm sorry to leave my own "spam" reply, but good grief, I'm now getting spammed by replies to this topic.
cPanel obviously doesn't listen. We still use them because they're the only reasonable solution. So congrats on that, cPanel.
Meanwhile, thanks to the rest of you for spamming this topic with all this jabber. And yes, I realize the hypocritical nature of my own reply here. But I'm hoping that it'll quell future replies. I won't know because I'm unsubscribing from this feature request.
The other reason for this reply is just to express my irritation at cPanel for being so terrible at communication. That's 20th century thinking, at best. Features - at least things we customers see - come so slowly. The new theme is great - but why does it still take multiple page loads to get anything done? I should be able to add/remove things like mailboxes and forwarders on a single page without a stupid page load for "Are you sure?" and "Okay, I did it" and then clicking back to go to the list of things.
cPanel is amazing in many ways. And amazingly clunky in so many other ways.
Anyway, sorry again to spam up this thing with another reply like I'm complaining about, but I accept my hypocritical role - and apologize for it. Peace out. :)
I'm sorry to leave my own "spam" reply, but good grief, I'm now getting spammed by replies to this topic.
cPanel obviously doesn't listen. We still use them because they're the only reasonable solution. So congrats on that, cPanel.
Meanwhile, thanks to the rest of you for spamming this topic with all this jabber. And yes, I realize the hypocritical nature of my own reply here. But I'm hoping that it'll quell future replies. I won't know because I'm unsubscribing from this feature request.
The other reason for this reply is just to express my irritation at cPanel for being so terrible at communication. That's 20th century thinking, at best. Features - at least things we customers see - come so slowly. The new theme is great - but why does it still take multiple page loads to get anything done? I should be able to add/remove things like mailboxes and forwarders on a single page without a stupid page load for "Are you sure?" and "Okay, I did it" and then clicking back to go to the list of things.
cPanel is amazing in many ways. And amazingly clunky in so many other ways.
Anyway, sorry again to spam up this thing with another reply like I'm complaining about, but I accept my hypocritical role - and apologize for it. Peace out. :)
There's no update on a feature like this?
I'm actually surprised this wasn't built out long ago. It'd be such an essential feature for designers and developers working in teams. :)
Please implement this feature cPanel! Love what you guys are doing here.
There's no update on a feature like this?
I'm actually surprised this wasn't built out long ago. It'd be such an essential feature for designers and developers working in teams. :)
Please implement this feature cPanel! Love what you guys are doing here.
I think this would be fantastic.
Please implement it! :D
I think this would be fantastic.
Please implement it! :D
I think this would be fantastic.
Please implement it! :D
I think this would be fantastic.
Please implement it! :D
I think this would be fantastic.
Please implement it! :D
I think this would be fantastic.
Please implement it! :D
Please implement.
Please implement.
Please implement.
Please implement.
This idea was shared more than two years ago.
Can we really expect this to be implemented?
I would love to have this feutured...
This idea was shared more than two years ago.
Can we really expect this to be implemented?
I would love to have this feutured...
This idea is great, especially for those who use XMLAPI
We can use a new user without losing the security we need
This idea is great, especially for those who use XMLAPI
We can use a new user without losing the security we need
As much as this would be useful, I have to play devils advocate for a moment. We need to remember that cPanel is only a management tool for linux servers; it works within the confines of how linux itself works. When you create a cPanel account, you are creating a linux user, who generally owns all of the files and data associated with said account.
There are not only logistical issues raised by that fact, but security ones as well. The actual files on the system which contain your email (for example) are owned by the same system user ID that owns your website files. If you give someone the ability to make only FTP accounts, or to access the document root to edit the website, they could pretty easily access your email among other things. Granting even limited permissions to a user could very easily result in them just working around that into areas you do not intend them to have access, simply because their actions could create, access, or modify files owned by the primary cPanel/linux system user.
Even if this were done by making multiple API users or something of that effect for a cPanel account, it doesn't take much access to API calls over an account to gain yourself access to the rest of the account. I cannot speak on cPanel's behalf, but this is what goes through my mind every time someone comments on this request. I can see the value in this idea, however, I cannot really think of any easy way to implement it functionally or securely without a serious overhaul of how cPanel handles permissions and ownership of files and directories on the operating system itself.
As much as this would be useful, I have to play devils advocate for a moment. We need to remember that cPanel is only a management tool for linux servers; it works within the confines of how linux itself works. When you create a cPanel account, you are creating a linux user, who generally owns all of the files and data associated with said account.
There are not only logistical issues raised by that fact, but security ones as well. The actual files on the system which contain your email (for example) are owned by the same system user ID that owns your website files. If you give someone the ability to make only FTP accounts, or to access the document root to edit the website, they could pretty easily access your email among other things. Granting even limited permissions to a user could very easily result in them just working around that into areas you do not intend them to have access, simply because their actions could create, access, or modify files owned by the primary cPanel/linux system user.
Even if this were done by making multiple API users or something of that effect for a cPanel account, it doesn't take much access to API calls over an account to gain yourself access to the rest of the account. I cannot speak on cPanel's behalf, but this is what goes through my mind every time someone comments on this request. I can see the value in this idea, however, I cannot really think of any easy way to implement it functionally or securely without a serious overhaul of how cPanel handles permissions and ownership of files and directories on the operating system itself.
Quizknows, if that's the problem, why doesn't cPanel just say so? Then we can all find another system to use. Why the silence?
Quizknows, if that's the problem, why doesn't cPanel just say so? Then we can all find another system to use. Why the silence?
Plesk gives us this functionality on linux
Plesk gives us this functionality on linux
We are looking into solving this by having a seperate server for e-mails. This way our customers can give access to the website management without allowing their webmaster access to their e-mails, or a webmaster can give access to his customers to manage their e-mail addresses without them being able to access the hosting.
If I were cPanel I think I would solve this by creating two cPanel users, if they were to allow the creation of a website only account and an e-mail only account on the same serveur it would solve the problem.
Admin user has a WHM accoun that can access both e-mail and website account. We will soon have this working by using seperate servers, the only issue that will remain is allowing an admin user access to both accounts as they will be on different serveurs. We plan to leverage cPanel's API to achieve this.
We are looking into solving this by having a seperate server for e-mails. This way our customers can give access to the website management without allowing their webmaster access to their e-mails, or a webmaster can give access to his customers to manage their e-mail addresses without them being able to access the hosting.
If I were cPanel I think I would solve this by creating two cPanel users, if they were to allow the creation of a website only account and an e-mail only account on the same serveur it would solve the problem.
Admin user has a WHM accoun that can access both e-mail and website account. We will soon have this working by using seperate servers, the only issue that will remain is allowing an admin user access to both accounts as they will be on different serveurs. We plan to leverage cPanel's API to achieve this.
As a general observation, I don't think anyone here is saying they consider this to be an overly simple or straightforward item to implement. It is simply that not having it somewhere on the roadmap is frustrating. For instance I just don't see how you can have serious conversations about OpenID logins, pluggable auth, two factor authentication, per-user customized PHP configurations while at the same time we have no supported method for deploying access control lists for what multiple users can do within an account space. Cpanel; We're seriously glad you are adding in-dash turn assist to this car, but... we desperately could use door locks. After all, OS user-permission abstraction isn't completely impossible - or resellers wouldn't exist.
Btw, @Monarobase, thats an inventive solution! And excellent points about the security ramifications as well. :D
As a general observation, I don't think anyone here is saying they consider this to be an overly simple or straightforward item to implement. It is simply that not having it somewhere on the roadmap is frustrating. For instance I just don't see how you can have serious conversations about OpenID logins, pluggable auth, two factor authentication, per-user customized PHP configurations while at the same time we have no supported method for deploying access control lists for what multiple users can do within an account space. Cpanel; We're seriously glad you are adding in-dash turn assist to this car, but... we desperately could use door locks. After all, OS user-permission abstraction isn't completely impossible - or resellers wouldn't exist.
Btw, @Monarobase, thats an inventive solution! And excellent points about the security ramifications as well. :D
Glad to see this is In Progress now!
Glad to see this is In Progress now!
Will multiple logins be one of the features you'll be testing?
Will multiple logins be one of the features you'll be testing?
Some fantastic information today at the CPanel blog - anyone who is interested in this feature request should probably take a look:
User Manager and Unified Logins
http://blog.cpanel.com/user-manager-v54/
Some fantastic information today at the CPanel blog - anyone who is interested in this feature request should probably take a look:
User Manager and Unified Logins
http://blog.cpanel.com/user-manager-v54/
Check out this blog post https://blog.cpanel.com/its-time-to-say-goodbye-to-x3/
New features will be paperlantern only starting with cPanel 54.
Because of issues with tranlations being different (making it diffiuclt to support customers not knowing what theme they had) and because of new features not being planned in x3 as well as x3 being removed in cPanel 58, we made the move last week to enforce paperlantern. We first switched all x3 users to paperlantern then disabled theme switching.
We havn't had any complaints so far and have had a few customers who hadn't noticed it say how nice it looks. We will be making a custom theme when paperlantern gets to the stage where it doesn't evolve so much.
Check out this blog post https://blog.cpanel.com/its-time-to-say-goodbye-to-x3/
New features will be paperlantern only starting with cPanel 54.
Because of issues with tranlations being different (making it diffiuclt to support customers not knowing what theme they had) and because of new features not being planned in x3 as well as x3 being removed in cPanel 58, we made the move last week to enforce paperlantern. We first switched all x3 users to paperlantern then disabled theme switching.
We havn't had any complaints so far and have had a few customers who hadn't noticed it say how nice it looks. We will be making a custom theme when paperlantern gets to the stage where it doesn't evolve so much.
This feature is mainly required for giving the control panel to web developers. They need only access to ftp, filemanager, database and phpmyadmin. The owner dont want to give full access to developers. Currently sub account for ftp is available. This login should be extended to cpanel with access to atleast filemanager, database and phpmyadmin.
This feature is mainly required for giving the control panel to web developers. They need only access to ftp, filemanager, database and phpmyadmin. The owner dont want to give full access to developers. Currently sub account for ftp is available. This login should be extended to cpanel with access to atleast filemanager, database and phpmyadmin.
I agree, I don't know why access to databases was not one of the options. We can manyally give a developper access to an ftp account, but not access to PHPMyAdmin without giving them access to the e-mail accounts.
I agree, I don't know why access to databases was not one of the options. We can manyally give a developper access to an ftp account, but not access to PHPMyAdmin without giving them access to the e-mail accounts.
Multiple Cpanel Logins is needed to manage multiple development teams who need access to the Cpanel.
Multiple Cpanel Logins is needed to manage multiple development teams who need access to the Cpanel.
I don't understand why an account admin can't be allowed to grant others access to cPanel with separate credentials and modified roles. It seems like this should be easy to implement. In the main cPanel account, have a user roles page. Create users with passwords of their own then grant them access much like the database priviledges. Be able to turn FTP, SQL, Email, Spam, Files, etc. on and off with a yes/no toggle button. This would allow business owners to have employees manage certain areas of their domain without creating security risks. When this topic first came out, I assumed this was what they were going to develop. What is in place now does not do anything beneficial for my clients.
I don't understand why an account admin can't be allowed to grant others access to cPanel with separate credentials and modified roles. It seems like this should be easy to implement. In the main cPanel account, have a user roles page. Create users with passwords of their own then grant them access much like the database priviledges. Be able to turn FTP, SQL, Email, Spam, Files, etc. on and off with a yes/no toggle button. This would allow business owners to have employees manage certain areas of their domain without creating security risks. When this topic first came out, I assumed this was what they were going to develop. What is in place now does not do anything beneficial for my clients.
I can see a new .subbaccounts folder in the root directory of each cpanel user. Do this has something to do with this feature ?
I can see a new .subbaccounts folder in the root directory of each cpanel user. Do this has something to do with this feature ?
I develop and host websites. Recently one client asked to have access to cPanel. Then he decided to "taste" things and deleted an FTP account but also checking 'delete home folder' option. The whole site was destroyed in a click...
Really good to know I will be able to let my clients admin their e-mail accounts but not have access to more technical features.
I develop and host websites. Recently one client asked to have access to cPanel. Then he decided to "taste" things and deleted an FTP account but also checking 'delete home folder' option. The whole site was destroyed in a click...
Really good to know I will be able to let my clients admin their e-mail accounts but not have access to more technical features.
I know there are many use cases, but the one in my face right now is that I wish to be able to offer site owners access via cPanel to backup functionality (create and download), and nothing else. The reason for this is that there have been a few recent examples where web/hosting companies have shut down, leaving their clients without ftp access to their sites, or backups. So even if clients don't have ftp access, it would be reassuring for them to know that they can, at a minimum, create and access a full on-demand backup of their site.
I know there are many use cases, but the one in my face right now is that I wish to be able to offer site owners access via cPanel to backup functionality (create and download), and nothing else. The reason for this is that there have been a few recent examples where web/hosting companies have shut down, leaving their clients without ftp access to their sites, or backups. So even if clients don't have ftp access, it would be reassuring for them to know that they can, at a minimum, create and access a full on-demand backup of their site.
What is the ETA of this, its needed, a permissioning system is essential. This is especially true for client access, we have managed WordPress installs and ideally we want to give only specific access to clients for what they only need access to, but not root access like what the top level account creator would have. Please add this A.S.A.P it is a much needed feature.
What is the ETA of this, its needed, a permissioning system is essential. This is especially true for client access, we have managed WordPress installs and ideally we want to give only specific access to clients for what they only need access to, but not root access like what the top level account creator would have. Please add this A.S.A.P it is a much needed feature.
Hello cPanel-ers! As I understood it, this was possibly in the pipes for the v. 58 release - since dev is now winding down, did this feature make the cut? :D
Hello cPanel-ers! As I understood it, this was possibly in the pipes for the v. 58 release - since dev is now winding down, did this feature make the cut? :D
Hello, am I correct in understanding that existing functionality in cPanel 56 doesn't allow any of the initial request ?
I presumed before I tested it that I would create a user allowed to manage e-mail accounts. I created a new user for a customer to do this and all it seems to have done is create an e-mail account and hasn't created a subuser that can manage e-mail accounts.
I presume if I give this user FTP access it will just create a FTP user with the same login and the same with Web Disk.
Can you please confirm that cPanel has understood that the request here is to create users than can create and manage e-mail accounts, ftp accounts, mysql databases etc ? And isn't just a way of having the same password accross a single e-mail, ftp and webdisk account ?
I understand the initial version isn't complete, but I did think that the e-mail part of the request had been completed and it sadly doesn't seem to be the case yet.
Hello, am I correct in understanding that existing functionality in cPanel 56 doesn't allow any of the initial request ?
I presumed before I tested it that I would create a user allowed to manage e-mail accounts. I created a new user for a customer to do this and all it seems to have done is create an e-mail account and hasn't created a subuser that can manage e-mail accounts.
I presume if I give this user FTP access it will just create a FTP user with the same login and the same with Web Disk.
Can you please confirm that cPanel has understood that the request here is to create users than can create and manage e-mail accounts, ftp accounts, mysql databases etc ? And isn't just a way of having the same password accross a single e-mail, ftp and webdisk account ?
I understand the initial version isn't complete, but I did think that the e-mail part of the request had been completed and it sadly doesn't seem to be the case yet.
Hey everyone! Breaking radio silence here for a moment to let you know that this has been pushed off to version 64. The team that was working on this with cPanelChipW has been working on internal improvements and hasn't been able to get back to this yet. They are just as excited to be done with the internal work and get back to this as you are, and as soon as they can I'll make sure everyone know!
Hey everyone! Breaking radio silence here for a moment to let you know that this has been pushed off to version 64. The team that was working on this with cPanelChipW has been working on internal improvements and hasn't been able to get back to this yet. They are just as excited to be done with the internal work and get back to this as you are, and as soon as they can I'll make sure everyone know!
The team that was working on this was not able to get to it in version 64, and won't be able to work on this for version 66 either. It seems like the earliest we will see this feature released is in version 68, which would be released around the end of September or beginning of October. It's still on the list of things we want to be able to do this year! I'll be back if anything changes, or if we're able to get to it any sooner!
The team that was working on this was not able to get to it in version 64, and won't be able to work on this for version 66 either. It seems like the earliest we will see this feature released is in version 68, which would be released around the end of September or beginning of October. It's still on the list of things we want to be able to do this year! I'll be back if anything changes, or if we're able to get to it any sooner!
Hey all. I regret to have to bring bad news! We have had to shelve this request for now. It's still something we very much want to do, but other things have taken a priority over this. If you have questions or would like to provide further insight, feel free to send me an email!
Hey all. I regret to have to bring bad news! We have had to shelve this request for now. It's still something we very much want to do, but other things have taken a priority over this. If you have questions or would like to provide further insight, feel free to send me an email!
Hey all! I have a flurry of questions about this feature request so I wanted to let you know: It's still on our list of 'features we want to get to', but it's not yet assigned a version. As soon as we have anything solid, I'll be back to let you know!
Hey all! I have a flurry of questions about this feature request so I wanted to let you know: It's still on our list of 'features we want to get to', but it's not yet assigned a version. As soon as we have anything solid, I'll be back to let you know!
I don't know if this has already been said but it seems to me that a temporary quick fix to this issue (which is fairly fundamental and I can't believe it's not already happened) would be to simply limit the front end display, hiding and showing icons based on user privileges. I know this might not be ideal and more technically minded users might bypass that but most people won't. It would be enough as a starting point in my opinion anyway.
I don't know if this has already been said but it seems to me that a temporary quick fix to this issue (which is fairly fundamental and I can't believe it's not already happened) would be to simply limit the front end display, hiding and showing icons based on user privileges. I know this might not be ideal and more technically minded users might bypass that but most people won't. It would be enough as a starting point in my opinion anyway.
I see two different needs for access: web developer giving access to users so they can configure email and check statistics without breaking anything; and accounts with additional domains that want to give admin access to those users. It could get complicated!
I think it's essential to decide who gets a "check email" button and who doesn't. In my view, not even the account owner should get this button, which essentially says "let's spy on my users email!". I know cPanel doesn't want to give a false sense of security, and there are means to access emails, but this is almost enticing people to (potentially) break the law.
I see two different needs for access: web developer giving access to users so they can configure email and check statistics without breaking anything; and accounts with additional domains that want to give admin access to those users. It could get complicated!
I think it's essential to decide who gets a "check email" button and who doesn't. In my view, not even the account owner should get this button, which essentially says "let's spy on my users email!". I know cPanel doesn't want to give a false sense of security, and there are means to access emails, but this is almost enticing people to (potentially) break the law.
I would like this feature so much for my clients.
Some of them need (restricted) access, let's say to manage mail accounts but restrict them to make new ftp users or to mess with settings that can screw up their website.
I would like this feature so much for my clients.
Some of them need (restricted) access, let's say to manage mail accounts but restrict them to make new ftp users or to mess with settings that can screw up their website.
The code is already dealing with feature access through the WHM Feature List.
All we need is for account owners to create users and assign the available features in the accounts to sub users.
The code is already dealing with feature access through the WHM Feature List.
All we need is for account owners to create users and assign the available features in the accounts to sub users.
If a reseller has a customer with multiple cPanel accounts, the customer must logoff and login to a new cPanel account to change the management of other domain.
Will be a very interesting option (like Plesk suscriptions) to allow a single cPanel user to change from a account to other without to logout. Very interested if the user, can see a full list of their cPanel accounts, and change the management interfaxe with only one click.
If a reseller has a customer with multiple cPanel accounts, the customer must logoff and login to a new cPanel account to change the management of other domain.
Will be a very interesting option (like Plesk suscriptions) to allow a single cPanel user to change from a account to other without to logout. Very interested if the user, can see a full list of their cPanel accounts, and change the management interfaxe with only one click.
Bumping this - 6 years ago this was a problem - and it still is in 2019 - how do we control access to cPanel for a developer without giving away full access to every part of the cPanel?
Bumping this - 6 years ago this was a problem - and it still is in 2019 - how do we control access to cPanel for a developer without giving away full access to every part of the cPanel?
Hopefully this functionality will be available for the next LTS.
Hopefully this functionality will be available for the next LTS.
I have upvoted this idea already, but for what it's worth, I have to comment again about this being a SERIOUS shortcoming in cPanel. I bump up against this on a weekly basis. Having only ONE PERSON able to administer the account is utterly insane. (One person when 2fa is being used, as it always should be). As it is, I have to remove 2FA if I'm on holiday so someone else can administer if they need, Again, insane. I'm aware that this is a fundamental issue in cPanel, in that it's tied to user accounts. But this CANNOT be that hard to solve. To be able to create admin user accounts that don't have all the cruft of web servers etc attached. Because who wants that attack surface. Even if you just started with being able to create a user account that can be given FULL access (maybe without being able to take over the account entirely) then work backwards from there. Adding in the reduced permissions.
I have upvoted this idea already, but for what it's worth, I have to comment again about this being a SERIOUS shortcoming in cPanel. I bump up against this on a weekly basis. Having only ONE PERSON able to administer the account is utterly insane. (One person when 2fa is being used, as it always should be). As it is, I have to remove 2FA if I'm on holiday so someone else can administer if they need, Again, insane. I'm aware that this is a fundamental issue in cPanel, in that it's tied to user accounts. But this CANNOT be that hard to solve. To be able to create admin user accounts that don't have all the cruft of web servers etc attached. Because who wants that attack surface. Even if you just started with being able to create a user account that can be given FULL access (maybe without being able to take over the account entirely) then work backwards from there. Adding in the reduced permissions.
I just created an account to add an additional voice on this feature request. It would be great to have sub-users as an available option on cPanel accounts. I would appreciate the ability to issue login credentials for my cPanel clients own contractors and to be able to revoke access if their contractors move on or are replaced. Another benefit of this is it allows the sub-user to set their own preferred password rather than group-sharing [passwords] or transmitting a password over a potentially insecure method, such as email.
Thanks for considering this.
I just created an account to add an additional voice on this feature request. It would be great to have sub-users as an available option on cPanel accounts. I would appreciate the ability to issue login credentials for my cPanel clients own contractors and to be able to revoke access if their contractors move on or are replaced. Another benefit of this is it allows the sub-user to set their own preferred password rather than group-sharing [passwords] or transmitting a password over a potentially insecure method, such as email.
Thanks for considering this.
I wanted to show my discomfort about the non-inclusion of multi-users with different access type permissions (DNS, email, MySQL, etc.) in cPanel. I think it is basic that a provider, for example a (webmaster) with access to manage FTP, MySQL, etc. has default permission to read the emails of a company manager. It does not make sense.
It is necessary and urgent that cPanel implements this feature.
I wanted to show my discomfort about the non-inclusion of multi-users with different access type permissions (DNS, email, MySQL, etc.) in cPanel. I think it is basic that a provider, for example a (webmaster) with access to manage FTP, MySQL, etc. has default permission to read the emails of a company manager. It does not make sense.
It is necessary and urgent that cPanel implements this feature.
Wow, I can't believe this is still being debated. This situation scares the hell out of me. For the first time I have a web dev asking me for a CPanel user/pass. Are you kidding??? We have out entire set of databases and websites on this server and I don't want to hand that to anyone!
Wow, I can't believe this is still being debated. This situation scares the hell out of me. For the first time I have a web dev asking me for a CPanel user/pass. Are you kidding??? We have out entire set of databases and websites on this server and I don't want to hand that to anyone!
How is it even possible that cPanel allows access to emails including reading and sending them by anyone that has access to cPanel admin. WTF... seriously naffed off, and have 5 accounts we are having to move now. cPanel there is NO credible reason to withhold separating email access and admin access to cPanel, there are too many companies big and small that do not use inhouse webdevelopers that have to give them access to cPanel, and consequently give the developer full access to emails. Im not even going to explain how sensitive emails can be corporate wise - you should know. Not Impressed at all.
How is it even possible that cPanel allows access to emails including reading and sending them by anyone that has access to cPanel admin. WTF... seriously naffed off, and have 5 accounts we are having to move now. cPanel there is NO credible reason to withhold separating email access and admin access to cPanel, there are too many companies big and small that do not use inhouse webdevelopers that have to give them access to cPanel, and consequently give the developer full access to emails. Im not even going to explain how sensitive emails can be corporate wise - you should know. Not Impressed at all.
Another reason this is necessary is because two-factor authentication can only be setup for 1 device. So 2FA is unusable if multiple people need access to the cpanel account for any reason.
Another reason this is necessary is because two-factor authentication can only be setup for 1 device. So 2FA is unusable if multiple people need access to the cpanel account for any reason.
Is this still a consideration for a future release (or has it been implemented yet)? This would be a great feature to have since I have some capable people that can help with some of the backend tasks on a cPanel site, but i don't want to give anyone MY cPanel login for security and access control reasons.
Please keep this in mind, we could really use this!!!
Is this still a consideration for a future release (or has it been implemented yet)? This would be a great feature to have since I have some capable people that can help with some of the backend tasks on a cPanel site, but i don't want to give anyone MY cPanel login for security and access control reasons.
Please keep this in mind, we could really use this!!!
Absolutely need the ability to add users with specific access to an account. I have many developers working for our company and I am now stuck giving them total control if they need basic tools to develop. Please add the multi-user feature ASAP. Thanks
Absolutely need the ability to add users with specific access to an account. I have many developers working for our company and I am now stuck giving them total control if they need basic tools to develop. Please add the multi-user feature ASAP. Thanks
ssh allows for this facility. I think it's essential that WHM also allows for this.
ssh allows for this facility. I think it's essential that WHM also allows for this.
Sadly we had to turn webmail off for one client, They do not want the secretary being able to access the CEO's emails. Also it was a privacy thing with HR as well.
This company now wants me to investigate other control panels so they can re-enable web mail.
Sadly we had to turn webmail off for one client, They do not want the secretary being able to access the CEO's emails. Also it was a privacy thing with HR as well.
This company now wants me to investigate other control panels so they can re-enable web mail.
Yes but if the secretary has cpanel access to manage something simple like reports, and mail is active in features, then the secretary can see all mail and discover that the CEO knows he/she is stealing in the petty cash.
Yes but if the secretary has cpanel access to manage something simple like reports, and mail is active in features, then the secretary can see all mail and discover that the CEO knows he/she is stealing in the petty cash.
7 years since the original request
And still no development in this direction.
7 years since the original request
And still no development in this direction.
At least with turning Webmail off it gives the appearance of security. They do not have onsite IT, and they want access to their CPanel as the secretary is the one who creates and deletes email address's.
At least with turning Webmail off it gives the appearance of security. They do not have onsite IT, and they want access to their CPanel as the secretary is the one who creates and deletes email address's.
It is possible to get this done no later of the release of stable version of whmcs 8, where there is multi user + 2FA ? In this way we can finally announce there is multiuser/2FA for whmcs and cPanel, the whole ecosystem.
It is possible to get this done no later of the release of stable version of whmcs 8, where there is multi user + 2FA ? In this way we can finally announce there is multiuser/2FA for whmcs and cPanel, the whole ecosystem.
Hi
The function that a cPanel administrator can create other users with different permissions according to their activity is very good, and it would only reflect the need to take care and not share such an important credential between several teams that work with cPanel, we look forward to telling us in which version It will be available to be able to test it and order the way of working of the different collaborators without so much risk of giving access to everything, and that it is registered who does and what, we hope this great functionality.
Have a nice week, take care.
Ruben arno
ESPAÑOL
**********
Hola
La función de que un administrador de cPanel pueda crear otros usuarios con diferentes permisos según su actividad es muy buena, y solo reflejaría la necesidad de cuidar y no compartir tan importante credencial entre varios equipos que trabajan con cPanel, esperamos ansiosos nos cuenten en que versión estará disponible para poder probarla y ordenar la forma de trabajo de los distintos colaboradores sin tanto riesgo de dar el acceso a todo, y que quede registrado quien hace y que cosa, esperamos esta gran funcionalidad.
Que tengan linda semana, cuídense.
Ruben Arno
Hi
The function that a cPanel administrator can create other users with different permissions according to their activity is very good, and it would only reflect the need to take care and not share such an important credential between several teams that work with cPanel, we look forward to telling us in which version It will be available to be able to test it and order the way of working of the different collaborators without so much risk of giving access to everything, and that it is registered who does and what, we hope this great functionality.
Have a nice week, take care.
Ruben arno
ESPAÑOL
**********
Hola
La función de que un administrador de cPanel pueda crear otros usuarios con diferentes permisos según su actividad es muy buena, y solo reflejaría la necesidad de cuidar y no compartir tan importante credencial entre varios equipos que trabajan con cPanel, esperamos ansiosos nos cuenten en que versión estará disponible para poder probarla y ordenar la forma de trabajo de los distintos colaboradores sin tanto riesgo de dar el acceso a todo, y que quede registrado quien hace y que cosa, esperamos esta gran funcionalidad.
Que tengan linda semana, cuídense.
Ruben Arno
Unfortunately cPanel doesn't seem to understand how serious it's in terms of security to have several people having to share the same password and the problem that when one of those people stops working on the project, all the others have to know the new and unique password.
Unfortunately cPanel doesn't seem to understand how serious it's in terms of security to have several people having to share the same password and the problem that when one of those people stops working on the project, all the others have to know the new and unique password.
Adding my voices to this. I have recently returned to web development and I am simply disappointed that I can not create accounts with limited cpanel capacity. This is should be a high priority item. It is huge gap and to see that 7 years after the first request was made this still hasn't been implemented is just difficult to understand.
Adding my voices to this. I have recently returned to web development and I am simply disappointed that I can not create accounts with limited cpanel capacity. This is should be a high priority item. It is huge gap and to see that 7 years after the first request was made this still hasn't been implemented is just difficult to understand.
When I click "I like this idea" for this feature, the counter does not +1. How the heck is this not implemented yet? It's 2021 and this feature has been requested for well over a decade now. It seems so trivial to implement too. What is the purpose of all these in the URL if it's not to allow multiple cPanel sessions at the same time? /cpsess5614889940/
I don't understand how to manage a bunch of hosting accounts when I have to spend 90% of my time logging back in accounts. This literally takes the most of my time when on the phone with clients.
When I click "I like this idea" for this feature, the counter does not +1. How the heck is this not implemented yet? It's 2021 and this feature has been requested for well over a decade now. It seems so trivial to implement too. What is the purpose of all these in the URL if it's not to allow multiple cPanel sessions at the same time? /cpsess5614889940/
I don't understand how to manage a bunch of hosting accounts when I have to spend 90% of my time logging back in accounts. This literally takes the most of my time when on the phone with clients.
We have great news!
The full release of the new Manage Team feature is available in cPanel & WHM version 112. This feature allows cPanel account owners to create team user accounts so that multiple people can access, administer, and work on a single cPanel account without the security risk of sharing credentials. Look for more details on our cPanel Community Forums soon!
If you have additional questions, feel free to reach out on one of our social channels.
We have great news!
The full release of the new Manage Team feature is available in cPanel & WHM version 112. This feature allows cPanel account owners to create team user accounts so that multiple people can access, administer, and work on a single cPanel account without the security risk of sharing credentials. Look for more details on our cPanel Community Forums soon!
If you have additional questions, feel free to reach out on one of our social channels.
This feature does not seem to be complete.
You currently cannot create a database access without allowing to download and restore a full file backup.
You also cannot create a user that has access to everything required for managing a website except e-mail. You allow web users to download and restore any file they want but they don't have access to the file manager.
This feature does not seem to be complete.
You currently cannot create a database access without allowing to download and restore a full file backup.
You also cannot create a user that has access to everything required for managing a website except e-mail. You allow web users to download and restore any file they want but they don't have access to the file manager.
Replies have been locked on this page!