If you don’t trust them to get to tl1 without one of those logins, why not just disable local logins?
إعجابَين (2)
If you don’t trust them to get to tl1 without one of those logins, why not just disable local logins?