lucas-a-martins commented on PR #8743: URL: https://github.com/apache/cloudstack/pull/8743#issuecomment-1994997510
> I think, on many platforms, users can delete their accounts, right? of course there are some extra confirmation. Hey @weizhouapache, It's true that a user can delete their accounts on many plataforms, but on these plataforms the user is responsible for creating their account, which usually isn't the case here. In order to create an account, it is necessary to access another account with permission to perform the operation. This should be the same when trying to delete. If the user has the access, they don't need the API to allow deletion of the caller. Additionally, a single account can be used by multiple users, so I don't think it's right to give every user the power to delete a whole account and, as a consequence, every user within that account. Futhermore, not applying this change could provide a way for the user to circumvent the changes made in the `deleteUser` API that prevent deletion of the caller (PR [#8691](https://github.com/apache/cloudstack/pull/8691)), but with the possibility of deleting multiple users at the same time. I agree that this kind of flexibility is interesting in scenarios where accounts are independent, being created, used and managed by a single user, however, usually this is not the case in ACS. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
