Customize user roles for product stores

Hi all,
I run Ofbiz for one company and I should create multiple Product Stores and multiple websites for this company.
 I need to apply roles to users in such a way so that the users of one Product Store can not view the data of another Product Store. As we know if a person is having rights to log into the Catalog Manager, he/she can have access to all products, categories and catalogs and can easily handle the Product Store settings for all stores. How can I implement this security?

thanks in advance,

Depending on the number of stores (this does not scale well with high numbers) you might want to explore multitenant

https://cwiki.apache.org/confluence/display/OFBIZ/Multitenancy+support#Multitenancysupport-Settingtheecommerceapp.touseaspecificTenantDatabase

Jacques

Le 04/07/2014 23:17, ayyoob a écrit :
--

thanks Jacques for reply.
but is it a good idea to use multi-tenancy for one company?
Isn't it possible to do it through the permissions, roles and security group features of OFBIZ?

Hi Jacques,

Do you have any statistics on how the numbers of stores effect the
performance of OFBiz?

Regards,

Pierre Smits

*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com


On Sun, Jul 6, 2014 at 6:32 PM, Jacques Le Roux <
[hidden email]> wrote:

> Depending on the number of stores (this does not scale well with high
> numbers) you might want to explore multitenant
> ...
> Jacques
>

It's certainly possible, but also certainly harder and not as secure (with multitenant you get a clear separation)

Jacques

Le 07/07/2014 13:32, ayyoob a écrit :
--

Hi Pierre,

No

Jacques

Le 07/07/2014 13:40, Pierre Smits a écrit :
--

thanks Jacques.

Hi ayyoob.imani,

Are we to understand that you need to have the access to the backend
configuration of product stores and their associated catalogs, categories
and products even more restricted that is available in current feature set?

Or is your requirement more related to the ecommerce front-end?

Regards,

Pierre Smits

*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com


On Fri, Jul 4, 2014 at 11:17 PM, ayyoob <[hidden email]> wrote:

Hi Pierre Smits,
Suppose the situation where one company has ten units and each unit has a product store and a website associated to its product store.
I want salespersons from each unit to have access and update right just to products from his unit.

Thanks in advance,

Ayyoob Imani

Hi Ayyoob,

I would say that having 10 units = 10 product store & assoc website should
not pose a performance issue. But to be complete, that also depends on the
traffic your stores are generating.

As for applying fine-grained user permissions goes (based on your
input/applying to your situation), following is available:

   - Roles for users can be set on:
      - Product,
      - Product Catalog,
      - Product Category,
      - Product Store, and
      - Product Store Group
   - Permissions related to roles in the Catalog component:
      - CATALOG_ROLE_CREATE
      - CATALOG_ROLE_UPDATE
      - CATALOG_ROLE_DELETE
   - Permission available to maintain prices:
      - CATALOG_PRICE_MAINT

However, in current feature set of OFBiz there are no permission
calculations (based on role definitions for users) implemented to ensure
that the right people can create, update and delete the right entity
record. Lik in: Catalog Manager A can create, update and expire Catalog 1,
but can't do so for Catalog 2 (because he is not the Catalog Manager of
Catalog 2).

This is something we, at ORRTIZ.COM, came across as well and have extended
this quite a bit for our customers.

Furthermore, at the moment it is not possible to assign a price on a
product directly to a Catalog (which can be associated to a store).

Regards,

Pierre Smits

*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com


On Tue, Jul 8, 2014 at 9:11 AM, ayyoob <[hidden email]> wrote: