You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by si...@apache.org on 2007/03/27 18:20:09 UTC

svn commit: r522985 - /ofbiz/trunk/applications/product/data/ProductSecurityData.xml

Author: sichen
Date: Tue Mar 27 09:20:08 2007
New Revision: 522985

URL: http://svn.apache.org/viewvc?view=rev&rev=522985
Log:
adding missing catalog price maint permission to catalog admin security group

Modified:
    ofbiz/trunk/applications/product/data/ProductSecurityData.xml

Modified: ofbiz/trunk/applications/product/data/ProductSecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/data/ProductSecurityData.xml?view=diff&rev=522985&r1=522984&r2=522985
==============================================================================
--- ofbiz/trunk/applications/product/data/ProductSecurityData.xml (original)
+++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml Tue Mar 27 09:20:08 2007
@@ -41,6 +41,7 @@
     
     <SecurityGroup description="Catalog Admin group, has all catalog permissions." groupId="CATALOGADMIN"/>
     <SecurityGroupPermission groupId="CATALOGADMIN" permissionId="CATALOG_ADMIN"/>
+    <SecurityGroupPermission groupId="CATALOGADMIN" permissionId="CATALOG_PRICE_MAINT"/>
     <SecurityGroupPermission groupId="CATALOGADMIN" permissionId="OFBTOOLS_VIEW"/>
 
     <SecurityGroup description="Catalog Admin View and Purchase Allow Products" groupId="CATALOGADMIN"/>

Re: svn commit: r522985 - /ofbiz/trunk/applications/product/data/ProductSecurityData.xml

Posted by BJ Freeman <bj...@free-man.net>.

I think a smaller group that has todo with prices change, then put in
Admin Group. This accomplish both.

This brings up on the best practice for Assigning permissions to logins.
Also best practice about laying out Permissions in the UI and services.

David E. Jones sent the following on 4/28/2007 9:22 AM:
> 
> Are we sure we want to do this? The point of the separate price
> maintenance permission was so that there would be a security group that
> had permission to do other stuff for the catalog/products, but NOT be
> able to change prices.
> 
> Adding that permission to the CATALOGADMIN group kind of nullifies the
> effect of the permission...
> 
> If you want a user to be able to change prices there are other security
> groups they can go in, like BIZADMIN, or perhaps we should add a small
> security group just for the additional price maintenance permission.
> 
> Before I make any changes, what are your thoughts on this Si (or anyone
> else)?
> 
> -David
> 
> 
> On Mar 27, 2007, at 10:20 AM, sichen@apache.org wrote:
> 
>> Author: sichen
>> Date: Tue Mar 27 09:20:08 2007
>> New Revision: 522985
>>
>> URL: http://svn.apache.org/viewvc?view=rev&rev=522985
>> Log:
>> adding missing catalog price maint permission to catalog admin
>> security group
>>
>> Modified:
>>     ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>>
>> Modified: ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/data/ProductSecurityData.xml?view=diff&rev=522985&r1=522984&r2=522985
>>
>> ==============================================================================
>>
>> --- ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>> (original)
>> +++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml Tue
>> Mar 27 09:20:08 2007
>> @@ -41,6 +41,7 @@
>>
>>      <SecurityGroup description="Catalog Admin group, has all catalog
>> permissions." groupId="CATALOGADMIN"/>
>>      <SecurityGroupPermission groupId="CATALOGADMIN"
>> permissionId="CATALOG_ADMIN"/>
>> +    <SecurityGroupPermission groupId="CATALOGADMIN"
>> permissionId="CATALOG_PRICE_MAINT"/>
>>      <SecurityGroupPermission groupId="CATALOGADMIN"
>> permissionId="OFBTOOLS_VIEW"/>
>>
>>      <SecurityGroup description="Catalog Admin View and Purchase Allow
>> Products" groupId="CATALOGADMIN"/>
>>
>>
>

Re: svn commit: r522985 - /ofbiz/trunk/applications/product/data/ProductSecurityData.xml

Posted by Jacques Le Roux <ja...@les7arts.com>.

Keeping the prices out of reach of CATALOGADMIN sounds like a desirable
feature to me

Jacques

>
> Are we sure we want to do this? The point of the separate price
> maintenance permission was so that there would be a security group
> that had permission to do other stuff for the catalog/products, but
> NOT be able to change prices.
>
> Adding that permission to the CATALOGADMIN group kind of nullifies
> the effect of the permission...
>
> If you want a user to be able to change prices there are other
> security groups they can go in, like BIZADMIN, or perhaps we should
> add a small security group just for the additional price maintenance
> permission.
>
> Before I make any changes, what are your thoughts on this Si (or
> anyone else)?
>
> -David
>
>
> On Mar 27, 2007, at 10:20 AM, sichen@apache.org wrote:
>
> > Author: sichen
> > Date: Tue Mar 27 09:20:08 2007
> > New Revision: 522985
> >
> > URL: http://svn.apache.org/viewvc?view=rev&rev=522985
> > Log:
> > adding missing catalog price maint permission to catalog admin
> > security group
> >
> > Modified:
> >     ofbiz/trunk/applications/product/data/ProductSecurityData.xml
> >
> > Modified: ofbiz/trunk/applications/product/data/
> > ProductSecurityData.xml
> > URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/
> >
data/ProductSecurityData.xml?view=diff&rev=522985&r1=522984&r2=522985
> >
======================================================================
> > ========
> > --- ofbiz/trunk/applications/product/data/ProductSecurityData.xml
> > (original)
> > +++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml
> > Tue Mar 27 09:20:08 2007
> > @@ -41,6 +41,7 @@
> >
> >      <SecurityGroup description="Catalog Admin group, has all
> > catalog permissions." groupId="CATALOGADMIN"/>
> >      <SecurityGroupPermission groupId="CATALOGADMIN"
> > permissionId="CATALOG_ADMIN"/>
> > +    <SecurityGroupPermission groupId="CATALOGADMIN"
> > permissionId="CATALOG_PRICE_MAINT"/>
> >      <SecurityGroupPermission groupId="CATALOGADMIN"
> > permissionId="OFBTOOLS_VIEW"/>
> >
> >      <SecurityGroup description="Catalog Admin View and Purchase
> > Allow Products" groupId="CATALOGADMIN"/>
> >
> >
>
>

Re: svn commit: r522985 - /ofbiz/trunk/applications/product/data/ProductSecurityData.xml

Posted by "David E. Jones" <jo...@undersunconsulting.com>.

Are we sure we want to do this? The point of the separate price  
maintenance permission was so that there would be a security group  
that had permission to do other stuff for the catalog/products, but  
NOT be able to change prices.

Adding that permission to the CATALOGADMIN group kind of nullifies  
the effect of the permission...

If you want a user to be able to change prices there are other  
security groups they can go in, like BIZADMIN, or perhaps we should  
add a small security group just for the additional price maintenance  
permission.

Before I make any changes, what are your thoughts on this Si (or  
anyone else)?

-David

On Mar 27, 2007, at 10:20 AM, sichen@apache.org wrote:

> Author: sichen
> Date: Tue Mar 27 09:20:08 2007
> New Revision: 522985
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=522985
> Log:
> adding missing catalog price maint permission to catalog admin  
> security group
>
> Modified:
>     ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>
> Modified: ofbiz/trunk/applications/product/data/ 
> ProductSecurityData.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/ 
> data/ProductSecurityData.xml?view=diff&rev=522985&r1=522984&r2=522985
> ====================================================================== 
> ========
> --- ofbiz/trunk/applications/product/data/ProductSecurityData.xml  
> (original)
> +++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml  
> Tue Mar 27 09:20:08 2007
> @@ -41,6 +41,7 @@
>
>      <SecurityGroup description="Catalog Admin group, has all  
> catalog permissions." groupId="CATALOGADMIN"/>
>      <SecurityGroupPermission groupId="CATALOGADMIN"  
> permissionId="CATALOG_ADMIN"/>
> +    <SecurityGroupPermission groupId="CATALOGADMIN"  
> permissionId="CATALOG_PRICE_MAINT"/>
>      <SecurityGroupPermission groupId="CATALOGADMIN"  
> permissionId="OFBTOOLS_VIEW"/>
>
>      <SecurityGroup description="Catalog Admin View and Purchase  
> Allow Products" groupId="CATALOGADMIN"/>
>
>