Following the General Data Protection Regulation (GDPR-EU), the journal manager’s rights in connection with user profile customization have been greatly limited, but I cannot fully find out what rules we are following in the new settings of OJS 3. They do not seem to be fully consistent.
As shown indirectly by the image below, the journal manager can make adjustments of the user’s profile. This applies to all those with the link ‘Merge Users’. Here the journal manager can edit the users profile and give them new roles and remove other roles. Can anyone tell me why those options still exist concerning some of the users while others seem to be protected against having their profile edited?