You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Si Chen (JIRA)" <ji...@apache.org> on 2006/08/10 22:25:15 UTC

[jira] Commented: (OFBIZ-118) Roles and Security for Display of data.

    [ http://issues.apache.org/jira/browse/OFBIZ-118?page=comments#action_12427338 ] 
            
Si Chen commented on OFBIZ-118:
-------------------------------

For the applications such as facility manager or catalog manager, you can use or add a _Role entity and then check permissions related to that Role.  This would not be overly difficult.

The financials application already works kind of like this--only one organization is active during a session.  The issue with financials and crm though is what is the Role associated with a Party?  It's PartyRelationship, so we added and use the securityGroupId in PartyRelationship.  There is a security method in CRMSFA which actually uses PartyRelationship.securityGroupId to determine security.  It was not contributed back to OFBiz originally because David had some concerns about it, but if it's something everybody wants, we can put this method back into the party manager.

> Roles and Security for Display of data.
> ---------------------------------------
>
>                 Key: OFBIZ-118
>                 URL: http://issues.apache.org/jira/browse/OFBIZ-118
>             Project: OFBiz (The Open for Business Project)
>          Issue Type: Improvement
>          Components: accounting, content, ecommerce, humanres, manufacturing, marketing, order, party, product, workeffort
>    Affects Versions: SVN trunk
>            Reporter: BJ Freeman
>
> There is a need to be able to block viewing info except that info that may pertain to that login (partyID)
> The is not taking into consideration Admin or Managers levels.
> for instance you have employees who should not be able to see each others profiles, payroll information, and/or time sheets, as a few examples.
> another area, if an communication event is set to private, no one but the party ID associated with the email address should be able to see them.
> So this is a discussion about how to best implement this.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira