Hi Everyone,
I want to disable users from editing their account password. They set weak passwords when changing it, so we want to just disable them from changing it. I’m using DHIS2 version 2.40.3.1.
The password change from the user profile happens at the /api/40/me/changePassword endpoint, so although there’s no out of the box solution to stop users from changing their passwords, it’s possible to block access to this end point at the server level.
If you have access to the server configuration or you can ask your server administrator to add a <security-constraint> .
Please note that this will not work on users who have access and authority to change passwords from the Users app.
I hope this helps. Thanks!