User Management: Additional Topics

You’ve learned the basics on adding and editing Users, but there are additional important topics that go beyond the most basic tasks an administrator must perform. Read on to learn about these.

Password Resets

The Add User functionality includes a Require Password Reset checkbox at the bottom of the Password form. The default password policy does not even allow administrators to deselect this option. As the administrator, however, you can modify the default password policy so that this box becomes usable.

  1. Navigate to Password Policies in Control Panel → Users.

  2. Click on the Default Password Policy.

  3. Deselect the Change Required switcher in the Password Changes section. Now you can decide whether users you add must reset their passwords.

See Password Policies for more information on editing the default policy or creating your own.

Adding an Administrative User

If you’re setting things up for the first time, you’re likely to be using the default administrator account, the account of one of those famous Liferay Administrators, Test Test or her cousin, Joe Bloggs. Because these are default accounts, hackers know about them, so it’s better to set up your own administrator account. Add a user with your information, then give your user account the same administrative rights as the default administrator’s account:

  1. Click the Roles link in the left navigation pane (in the Edit User page’s General tab). This page of the form shows the Roles to which your account is currently assigned. No Roles appear by default (the User role does not appear since it can’t be removed).

  2. Click Select under Regular Roles and assign the Administrator Role to your user account. A dialog box pops up with a list of all the regular (portal-scoped) Roles in the portal. Select the Administrator Role from the list (click Choose). The dialog box disappears and the Role is added to the list of Roles associated with your account. You are now a portal administrator. Log out and then log back in with your own user account.

In production, you should always delete or disable the default administrator account to secure your portal.


To collect data on users’ genders, enable the binary gender field in the Add User form or create a custom field that meets your needs.

Enable the binary field by including the following in


User Profile Pictures

Users have profile pictures. Administrative Users can upload images in the Edit User form, and any User can update her own account information, including image, from her personal site (My accountAccount Settings).

Figure 1: Upload images for user avatars in the Edit User form.

Figure 1: Upload images for user avatars in the Edit User form.

If no image is explicitly uploaded for a User’s profile picture, a default User icon is assigned as the User avatar. By default the User’s initials are displayed (First Name then Last Name) over a random color.

Figure 2: The default user profile picture is an icon with the user initials over a randomly colored bubble.

Figure 2: The default user profile picture is an icon with the user initials over a randomly colored bubble.

If the initials-based approach for generating User profile pictures isn’t suitable for your portal, disable the inclusion of Users’ initials in the default icons:

  1. Navigate to Control PanelConfigurationSystem Settings.

  2. In the Platform section, click UsersUser Images.

  3. Deselect Use Initials for Default User Portrait.

Now, instead of the default icon, which is a colorful circle containing the user’s initials, the icon is a gray circle containing the approximate shape of a human being.

Figure 3: If you disable the default initials-based profile picture, this icon is used instead.

Figure 3: If you disable the default initials-based profile picture, this icon is used instead.

This is just the default. To override it with your own default image:

  1. Create at least one image that is a 100x100 px square. Place it somewhere on the application server’s classpath. For example, in Tomcat you could place it in the tomcat/webapps/ROOT/WEB-INF/classes folder.

  2. Set the following property in a file:


    This overrides the value of this portal property:

  3. Restart the application server.

Numeric Screen Names

In prior versions, numeric user screen names were disabled out of the box via the default portal property

Other user management systems (LDAP, for example) did not have the same restriction, which made importing users more difficult. Administrators first had to set the above property to true before importing and hope that no screen names conflicted with site IDs. In Liferay DXP 7.2, this property defaults to true and there’s no danger of numeric screen names conflicting with site IDs:

This means you’re free to set a user screen name to 24601, or whatever other number you can think of, and imports from systems that allow numeric screen names go more smoothly. That’s everything you need to know to take advantage of this feature. Keep reading to understand what enabled the change.

Because users have personal sites, the URL to user 24601’s personal site is


Meanwhile, a default site URL to cleverly named Test Site is


There’s no conflict here, but two conditions could easily lead to one:

  1. Test Site’s group ID matches the number chosen for the user’s screen name. Each site has a unique numeric identifier in the database, called group ID. There’s nothing stopping it from matching the user’s numeric screen name, so it could easily be 24601 just like the hypothetical user above.

  2. A site administrator comes along and changes the site’s friendly URL to match its groupId. Hello, URL conflict! Now the site’s URL matches the user’s URL:


This conflict is no longer possible. In Liferay DXP 7.2, a site’s friendly URL is not allowed to be numeric. See for yourself:

  1. Navigate to the site’s ConfigurationSite SettingsSite URL section.

  2. In the Friendly URL section, enter 24601 and save the form. A failure message appears if you don’t have a user with the matching screen name:

    The friendly URL may conflict with another page.

    You’ll see this failure message if there’s an existing conflict with a user screen name:

    Please enter a unique friendly URL. Site [user-first-name user-last-name] has the same friendly URL.

Next, learn about collecting users in organizations.

« Adding, Editing, and Deleting UsersOrganizations »
Was this article helpful?
0 out of 0 found this helpful