You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by si...@apache.org on 2007/03/27 18:20:09 UTC
svn commit: r522985 -
/ofbiz/trunk/applications/product/data/ProductSecurityData.xml
Author: sichen
Date: Tue Mar 27 09:20:08 2007
New Revision: 522985
URL: http://svn.apache.org/viewvc?view=rev&rev=522985
Log:
adding missing catalog price maint permission to catalog admin security group
Modified:
ofbiz/trunk/applications/product/data/ProductSecurityData.xml
Modified: ofbiz/trunk/applications/product/data/ProductSecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/data/ProductSecurityData.xml?view=diff&rev=522985&r1=522984&r2=522985
==============================================================================
--- ofbiz/trunk/applications/product/data/ProductSecurityData.xml (original)
+++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml Tue Mar 27 09:20:08 2007
@@ -41,6 +41,7 @@
<SecurityGroup description="Catalog Admin group, has all catalog permissions." groupId="CATALOGADMIN"/>
<SecurityGroupPermission groupId="CATALOGADMIN" permissionId="CATALOG_ADMIN"/>
+ <SecurityGroupPermission groupId="CATALOGADMIN" permissionId="CATALOG_PRICE_MAINT"/>
<SecurityGroupPermission groupId="CATALOGADMIN" permissionId="OFBTOOLS_VIEW"/>
<SecurityGroup description="Catalog Admin View and Purchase Allow Products" groupId="CATALOGADMIN"/>
Re: svn commit: r522985 - /ofbiz/trunk/applications/product/data/ProductSecurityData.xml
Posted by BJ Freeman <bj...@free-man.net>.
I think a smaller group that has todo with prices change, then put in
Admin Group. This accomplish both.
This brings up on the best practice for Assigning permissions to logins.
Also best practice about laying out Permissions in the UI and services.
David E. Jones sent the following on 4/28/2007 9:22 AM:
>
> Are we sure we want to do this? The point of the separate price
> maintenance permission was so that there would be a security group that
> had permission to do other stuff for the catalog/products, but NOT be
> able to change prices.
>
> Adding that permission to the CATALOGADMIN group kind of nullifies the
> effect of the permission...
>
> If you want a user to be able to change prices there are other security
> groups they can go in, like BIZADMIN, or perhaps we should add a small
> security group just for the additional price maintenance permission.
>
> Before I make any changes, what are your thoughts on this Si (or anyone
> else)?
>
> -David
>
>
> On Mar 27, 2007, at 10:20 AM, sichen@apache.org wrote:
>
>> Author: sichen
>> Date: Tue Mar 27 09:20:08 2007
>> New Revision: 522985
>>
>> URL: http://svn.apache.org/viewvc?view=rev&rev=522985
>> Log:
>> adding missing catalog price maint permission to catalog admin
>> security group
>>
>> Modified:
>> ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>>
>> Modified: ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/data/ProductSecurityData.xml?view=diff&rev=522985&r1=522984&r2=522985
>>
>> ==============================================================================
>>
>> --- ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>> (original)
>> +++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml Tue
>> Mar 27 09:20:08 2007
>> @@ -41,6 +41,7 @@
>>
>> <SecurityGroup description="Catalog Admin group, has all catalog
>> permissions." groupId="CATALOGADMIN"/>
>> <SecurityGroupPermission groupId="CATALOGADMIN"
>> permissionId="CATALOG_ADMIN"/>
>> + <SecurityGroupPermission groupId="CATALOGADMIN"
>> permissionId="CATALOG_PRICE_MAINT"/>
>> <SecurityGroupPermission groupId="CATALOGADMIN"
>> permissionId="OFBTOOLS_VIEW"/>
>>
>> <SecurityGroup description="Catalog Admin View and Purchase Allow
>> Products" groupId="CATALOGADMIN"/>
>>
>>
>
Re: svn commit: r522985 -
/ofbiz/trunk/applications/product/data/ProductSecurityData.xml
Posted by Jacques Le Roux <ja...@les7arts.com>.
Keeping the prices out of reach of CATALOGADMIN sounds like a desirable
feature to me
Jacques
>
> Are we sure we want to do this? The point of the separate price
> maintenance permission was so that there would be a security group
> that had permission to do other stuff for the catalog/products, but
> NOT be able to change prices.
>
> Adding that permission to the CATALOGADMIN group kind of nullifies
> the effect of the permission...
>
> If you want a user to be able to change prices there are other
> security groups they can go in, like BIZADMIN, or perhaps we should
> add a small security group just for the additional price maintenance
> permission.
>
> Before I make any changes, what are your thoughts on this Si (or
> anyone else)?
>
> -David
>
>
> On Mar 27, 2007, at 10:20 AM, sichen@apache.org wrote:
>
> > Author: sichen
> > Date: Tue Mar 27 09:20:08 2007
> > New Revision: 522985
> >
> > URL: http://svn.apache.org/viewvc?view=rev&rev=522985
> > Log:
> > adding missing catalog price maint permission to catalog admin
> > security group
> >
> > Modified:
> > ofbiz/trunk/applications/product/data/ProductSecurityData.xml
> >
> > Modified: ofbiz/trunk/applications/product/data/
> > ProductSecurityData.xml
> > URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/
> >
data/ProductSecurityData.xml?view=diff&rev=522985&r1=522984&r2=522985
> >
======================================================================
> > ========
> > --- ofbiz/trunk/applications/product/data/ProductSecurityData.xml
> > (original)
> > +++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml
> > Tue Mar 27 09:20:08 2007
> > @@ -41,6 +41,7 @@
> >
> > <SecurityGroup description="Catalog Admin group, has all
> > catalog permissions." groupId="CATALOGADMIN"/>
> > <SecurityGroupPermission groupId="CATALOGADMIN"
> > permissionId="CATALOG_ADMIN"/>
> > + <SecurityGroupPermission groupId="CATALOGADMIN"
> > permissionId="CATALOG_PRICE_MAINT"/>
> > <SecurityGroupPermission groupId="CATALOGADMIN"
> > permissionId="OFBTOOLS_VIEW"/>
> >
> > <SecurityGroup description="Catalog Admin View and Purchase
> > Allow Products" groupId="CATALOGADMIN"/>
> >
> >
>
>
Re: svn commit: r522985 - /ofbiz/trunk/applications/product/data/ProductSecurityData.xml
Posted by "David E. Jones" <jo...@undersunconsulting.com>.
Are we sure we want to do this? The point of the separate price
maintenance permission was so that there would be a security group
that had permission to do other stuff for the catalog/products, but
NOT be able to change prices.
Adding that permission to the CATALOGADMIN group kind of nullifies
the effect of the permission...
If you want a user to be able to change prices there are other
security groups they can go in, like BIZADMIN, or perhaps we should
add a small security group just for the additional price maintenance
permission.
Before I make any changes, what are your thoughts on this Si (or
anyone else)?
-David
On Mar 27, 2007, at 10:20 AM, sichen@apache.org wrote:
> Author: sichen
> Date: Tue Mar 27 09:20:08 2007
> New Revision: 522985
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=522985
> Log:
> adding missing catalog price maint permission to catalog admin
> security group
>
> Modified:
> ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>
> Modified: ofbiz/trunk/applications/product/data/
> ProductSecurityData.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/
> data/ProductSecurityData.xml?view=diff&rev=522985&r1=522984&r2=522985
> ======================================================================
> ========
> --- ofbiz/trunk/applications/product/data/ProductSecurityData.xml
> (original)
> +++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml
> Tue Mar 27 09:20:08 2007
> @@ -41,6 +41,7 @@
>
> <SecurityGroup description="Catalog Admin group, has all
> catalog permissions." groupId="CATALOGADMIN"/>
> <SecurityGroupPermission groupId="CATALOGADMIN"
> permissionId="CATALOG_ADMIN"/>
> + <SecurityGroupPermission groupId="CATALOGADMIN"
> permissionId="CATALOG_PRICE_MAINT"/>
> <SecurityGroupPermission groupId="CATALOGADMIN"
> permissionId="OFBTOOLS_VIEW"/>
>
> <SecurityGroup description="Catalog Admin View and Purchase
> Allow Products" groupId="CATALOGADMIN"/>
>
>