I would like to propose an additional configuration that would allow a district to disable the password reset option by individual user. Currently, the only configuration option to control the ability to reset your own password applies to entire groups of users: Employee/Secured, Guardian, and then Students. Having the ability to add another layer of protection to the database would further reduce risk of compromised accounts. One specific use case: disabling the ability for the Payroll Manager to reset their own password. Instead they could have an established process for requesting a password reset if needed (which would be unknown to a fraudster).