You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by David E Jones <jo...@hotwaxmedia.com> on 2007/08/01 00:12:20 UTC
Re: svn commit: r561569 - /ofbiz/trunk/applications/party/data/PartySecurityData.xml
Yeah, I'm pretty sure this was intentional. Security admin privileges should be very explicit and not part of any general group.
I think the intention of the PARTYADMIN group was for general party administration, but NOT the security administration side of parties.
We should discuss this, but I think the most flexible and secure would be to remove this and create a SECURITYADMIN group that has this permission for easy application when needed.
-David
sichen@apache.org wrote:
> Author: sichen
> Date: Tue Jul 31 15:09:15 2007
> New Revision: 561569
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=561569
> Log:
> Not sure if this is intentional or a bug, so here's my fix. The PARTYADMIN user actually could not set security permissions for any of the users, and there was no SECURITY permission group that I could find
>
> Modified:
> ofbiz/trunk/applications/party/data/PartySecurityData.xml
>
> Modified: ofbiz/trunk/applications/party/data/PartySecurityData.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/data/PartySecurityData.xml?view=diff&rev=561569&r1=561568&r2=561569
> ==============================================================================
> --- ofbiz/trunk/applications/party/data/PartySecurityData.xml (original)
> +++ ofbiz/trunk/applications/party/data/PartySecurityData.xml Tue Jul 31 15:09:15 2007
> @@ -84,4 +84,7 @@
> <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SECURITY_UPDATE"/>
> <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SECURITY_VIEW"/>
> <SecurityGroupPermission groupId="VIEWADMIN" permissionId="SECURITY_VIEW"/>
> +
> + <SecurityGroupPermission groupId="PARTYADMIN" permissionId="SECURITY_ADMIN"/>
> +
> </entity-engine-xml>
>
>
Re: svn commit: r561569 - /ofbiz/trunk/applications/party/data/PartySecurityData.xml
Posted by Adrian Crum <ad...@hlmksw.com>.
It seems to me that Security Administration is used for OFBiz users, whereas Party Administration
isn't - since a party isn't necessarily a user.
David E Jones wrote:
>
> Yeah, I'm pretty sure this was intentional. Security admin privileges
> should be very explicit and not part of any general group.
>
> I think the intention of the PARTYADMIN group was for general party
> administration, but NOT the security administration side of parties.
>
> We should discuss this, but I think the most flexible and secure would
> be to remove this and create a SECURITYADMIN group that has this
> permission for easy application when needed.
>
> -David
>
>
> sichen@apache.org wrote:
>
>> Author: sichen
>> Date: Tue Jul 31 15:09:15 2007
>> New Revision: 561569
>>
>> URL: http://svn.apache.org/viewvc?view=rev&rev=561569
>> Log:
>> Not sure if this is intentional or a bug, so here's my fix. The
>> PARTYADMIN user actually could not set security permissions for any of
>> the users, and there was no SECURITY permission group that I could find
>>
>> Modified:
>> ofbiz/trunk/applications/party/data/PartySecurityData.xml
>>
>> Modified: ofbiz/trunk/applications/party/data/PartySecurityData.xml
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/data/PartySecurityData.xml?view=diff&rev=561569&r1=561568&r2=561569
>>
>> ==============================================================================
>>
>> --- ofbiz/trunk/applications/party/data/PartySecurityData.xml (original)
>> +++ ofbiz/trunk/applications/party/data/PartySecurityData.xml Tue Jul
>> 31 15:09:15 2007
>> @@ -84,4 +84,7 @@
>> <SecurityGroupPermission groupId="FLEXADMIN"
>> permissionId="SECURITY_UPDATE"/>
>> <SecurityGroupPermission groupId="FLEXADMIN"
>> permissionId="SECURITY_VIEW"/>
>> <SecurityGroupPermission groupId="VIEWADMIN"
>> permissionId="SECURITY_VIEW"/>
>> +
>> + <SecurityGroupPermission groupId="PARTYADMIN"
>> permissionId="SECURITY_ADMIN"/>
>> +
>> </entity-engine-xml>
>>
>>
>