Ofbiz Security permission

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Ofbiz Security permission

thanh
Hi all,

I am newbie in ofbiz,

I want to create permission call "Salesman", which this permission, user can
create sale order, view and edit own sale order. Cannot update or view other
sale order which is not belong to themself.

How can I do it, please show me.

Thanks and best regards.
Thanh



--
Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-Dev-f165671.html
Reply | Threaded
Open this post in threaded view
|

Re: Ofbiz Security permission

Jacques Le Roux
Administrator
Hi Thanh,

Your message has been moderated.

Please subscribe to the user ML for such questions and then use your email client
See also why here http://ofbiz.apache.org/mailing-lists.html

You will get a better support , it's more fair to share with everybody  and people can answer you directly on the ML rather than directly to you
The wider the audience the better the answers you might get

Also it's more work for moderators who have to accept your messages as long as you have not subscribed.
I'll personally no longer accept them (other moderators still could)

Thanks

Jacques

Le 28/02/2019 à 19:01, thanh a écrit :

> Hi all,
>
> I am newbie in ofbiz,
>
> I want to create permission call "Salesman", which this permission, user can
> create sale order, view and edit own sale order. Cannot update or view other
> sale order which is not belong to themself.
>
> How can I do it, please show me.
>
> Thanks and best regards.
> Thanh
>
>
>
> --
> Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-Dev-f165671.html
>
Reply | Threaded
Open this post in threaded view
|

Re: Ofbiz Security permission

deepak nigam-2
Hi Thanh,

The permissions you are looking for and corresponding security group are
already available OOTB. You only need to associate user login with
appropriate security groups. Following entities can be of your interest:

1) SecurityPermission
2) SecurityGroup
3) SecurityGroupPermission
4) UserLogin
4) UserLoginSecurityGroup

It can be also achieved via 'Party Manager' application. Just open the
profile of the party and you can add/remove him to any security group. This
feature is available under 'User Name(s)' section.

Thanks & Regards
--
Deepak Nigam


On Fri, Mar 1, 2019 at 2:58 AM Jacques Le Roux <[hidden email]>
wrote:

> Hi Thanh,
>
> Your message has been moderated.
>
> Please subscribe to the user ML for such questions and then use your email
> client
> See also why here http://ofbiz.apache.org/mailing-lists.html
>
> You will get a better support , it's more fair to share with everybody
> and people can answer you directly on the ML rather than directly to you
> The wider the audience the better the answers you might get
>
> Also it's more work for moderators who have to accept your messages as
> long as you have not subscribed.
> I'll personally no longer accept them (other moderators still could)
>
> Thanks
>
> Jacques
>
> Le 28/02/2019 à 19:01, thanh a écrit :
> > Hi all,
> >
> > I am newbie in ofbiz,
> >
> > I want to create permission call "Salesman", which this permission, user
> can
> > create sale order, view and edit own sale order. Cannot update or view
> other
> > sale order which is not belong to themself.
> >
> > How can I do it, please show me.
> >
> > Thanks and best regards.
> > Thanh
> >
> >
> >
> > --
> > Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-Dev-f165671.html
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Ofbiz Security permission

Rajesh Mallah
Hello Mr Deepak / List ,

can you also elaborate to what extent OOTB handles the isolation of
view  between resource owners. Eg below the person asks viewing
his *own* resource but not others.


> > create sale order, view and edit own sale order. Cannot update or view
> other sale order which is not belong to themself.

regds
mallah.

On Fri, Mar 1, 2019 at 9:53 AM Deepak Nigam <[hidden email]>
wrote:

> Hi Thanh,
>
> The permissions you are looking for and corresponding security group are
> already available OOTB. You only need to associate user login with
> appropriate security groups. Following entities can be of your interest:
>
> 1) SecurityPermission
> 2) SecurityGroup
> 3) SecurityGroupPermission
> 4) UserLogin
> 4) UserLoginSecurityGroup
>
> It can be also achieved via 'Party Manager' application. Just open the
> profile of the party and you can add/remove him to any security group. This
> feature is available under 'User Name(s)' section.
>
> Thanks & Regards
> --
> Deepak Nigam
>
>
> On Fri, Mar 1, 2019 at 2:58 AM Jacques Le Roux <
> [hidden email]>
> wrote:
>
> > Hi Thanh,
> >
> > Your message has been moderated.
> >
> > Please subscribe to the user ML for such questions and then use your
> email
> > client
> > See also why here http://ofbiz.apache.org/mailing-lists.html
> >
> > You will get a better support , it's more fair to share with everybody
> > and people can answer you directly on the ML rather than directly to you
> > The wider the audience the better the answers you might get
> >
> > Also it's more work for moderators who have to accept your messages as
> > long as you have not subscribed.
> > I'll personally no longer accept them (other moderators still could)
> >
> > Thanks
> >
> > Jacques
> >
> > Le 28/02/2019 à 19:01, thanh a écrit :
> > > Hi all,
> > >
> > > I am newbie in ofbiz,
> > >
> > > I want to create permission call "Salesman", which this permission,
> user
> > can
> > > create sale order, view and edit own sale order. Cannot update or view
> > other
> > > sale order which is not belong to themself.
> > >
> > > How can I do it, please show me.
> > >
> > > Thanks and best regards.
> > > Thanh
> > >
> > >
> > >
> > > --
> > > Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-Dev-f165671.html
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Ofbiz Security permission

Rishi Solanki
Rajesh,
There is a basic service which checks the weather an user will have
permission to access some UI, process or not. Which can be override as per
the business need. Please take a look into the PartyPermissionServices.xml.
Here you can see examples with fact service always returns true or false.
Also it overrides the default behavior and returns true for userLoing based
on partyId check.

Note that all permission services implements permissionInterface, all the
code in these service is around what data model Deepak Nigam suggested.

HTH!

--
Rishi Solanki
Sr Manager, Enterprise Software Development
HotWax Systems Pvt. Ltd.
Direct: +91-9893287847
http://www.hotwaxsystems.com
www.hotwax.co


On Fri, Mar 1, 2019 at 2:01 PM Rajesh Mallah <[hidden email]>
wrote:

> Hello Mr Deepak / List ,
>
> can you also elaborate to what extent OOTB handles the isolation of
> view  between resource owners. Eg below the person asks viewing
> his *own* resource but not others.
>
>
> > > create sale order, view and edit own sale order. Cannot update or view
> > other sale order which is not belong to themself.
>
> regds
> mallah.
>
> On Fri, Mar 1, 2019 at 9:53 AM Deepak Nigam <[hidden email]>
> wrote:
>
> > Hi Thanh,
> >
> > The permissions you are looking for and corresponding security group are
> > already available OOTB. You only need to associate user login with
> > appropriate security groups. Following entities can be of your interest:
> >
> > 1) SecurityPermission
> > 2) SecurityGroup
> > 3) SecurityGroupPermission
> > 4) UserLogin
> > 4) UserLoginSecurityGroup
> >
> > It can be also achieved via 'Party Manager' application. Just open the
> > profile of the party and you can add/remove him to any security group.
> This
> > feature is available under 'User Name(s)' section.
> >
> > Thanks & Regards
> > --
> > Deepak Nigam
> >
> >
> > On Fri, Mar 1, 2019 at 2:58 AM Jacques Le Roux <
> > [hidden email]>
> > wrote:
> >
> > > Hi Thanh,
> > >
> > > Your message has been moderated.
> > >
> > > Please subscribe to the user ML for such questions and then use your
> > email
> > > client
> > > See also why here http://ofbiz.apache.org/mailing-lists.html
> > >
> > > You will get a better support , it's more fair to share with everybody
> > > and people can answer you directly on the ML rather than directly to
> you
> > > The wider the audience the better the answers you might get
> > >
> > > Also it's more work for moderators who have to accept your messages as
> > > long as you have not subscribed.
> > > I'll personally no longer accept them (other moderators still could)
> > >
> > > Thanks
> > >
> > > Jacques
> > >
> > > Le 28/02/2019 à 19:01, thanh a écrit :
> > > > Hi all,
> > > >
> > > > I am newbie in ofbiz,
> > > >
> > > > I want to create permission call "Salesman", which this permission,
> > user
> > > can
> > > > create sale order, view and edit own sale order. Cannot update or
> view
> > > other
> > > > sale order which is not belong to themself.
> > > >
> > > > How can I do it, please show me.
> > > >
> > > > Thanks and best regards.
> > > > Thanh
> > > >
> > > >
> > > >
> > > > --
> > > > Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-Dev-f165671.html
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Ofbiz Security permission

thanh
Hi Rishi Solanki ,

"1) SecurityPermission
2) SecurityGroup
3) SecurityGroupPermission
4) UserLogin
4) UserLoginSecurityGroup"
=>There is a basic service which checks the weather an user will have
permission to access some UI, process or not.

I know, so how can I get get permission of user who are login from java code. if I can get permission from java code, I can append query some thing like: select * from order_header where (CREATED_BY = USER_LOGIN_ID )

Thanks & Regards


On 2019/03/01 09:13:50, Rishi Solanki <[hidden email]> wrote:

> Rajesh,
> There is a basic service which checks the weather an user will have
> permission to access some UI, process or not. Which can be override as per
> the business need. Please take a look into the PartyPermissionServices.xml.
> Here you can see examples with fact service always returns true or false.
> Also it overrides the default behavior and returns true for userLoing based
> on partyId check.
>
> Note that all permission services implements permissionInterface, all the
> code in these service is around what data model Deepak Nigam suggested.
>
> HTH!
>
> --
> Rishi Solanki
> Sr Manager, Enterprise Software Development
> HotWax Systems Pvt. Ltd.
> Direct: +91-9893287847
> http://www.hotwaxsystems.com
> www.hotwax.co
>
>
> On Fri, Mar 1, 2019 at 2:01 PM Rajesh Mallah <[hidden email]>
> wrote:
>
> > Hello Mr Deepak / List ,
> >
> > can you also elaborate to what extent OOTB handles the isolation of
> > view  between resource owners. Eg below the person asks viewing
> > his *own* resource but not others.
> >
> >
> > > > create sale order, view and edit own sale order. Cannot update or view
> > > other sale order which is not belong to themself.
> >
> > regds
> > mallah.
> >
> > On Fri, Mar 1, 2019 at 9:53 AM Deepak Nigam <[hidden email]>
> > wrote:
> >
> > > Hi Thanh,
> > >
> > > The permissions you are looking for and corresponding security group are
> > > already available OOTB. You only need to associate user login with
> > > appropriate security groups. Following entities can be of your interest:
> > >
> > > 1) SecurityPermission
> > > 2) SecurityGroup
> > > 3) SecurityGroupPermission
> > > 4) UserLogin
> > > 4) UserLoginSecurityGroup
> > >
> > > It can be also achieved via 'Party Manager' application. Just open the
> > > profile of the party and you can add/remove him to any security group.
> > This
> > > feature is available under 'User Name(s)' section.
> > >
> > > Thanks & Regards
> > > --
> > > Deepak Nigam
> > >
> > >
> > > On Fri, Mar 1, 2019 at 2:58 AM Jacques Le Roux <
> > > [hidden email]>
> > > wrote:
> > >
> > > > Hi Thanh,
> > > >
> > > > Your message has been moderated.
> > > >
> > > > Please subscribe to the user ML for such questions and then use your
> > > email
> > > > client
> > > > See also why here http://ofbiz.apache.org/mailing-lists.html
> > > >
> > > > You will get a better support , it's more fair to share with everybody
> > > > and people can answer you directly on the ML rather than directly to
> > you
> > > > The wider the audience the better the answers you might get
> > > >
> > > > Also it's more work for moderators who have to accept your messages as
> > > > long as you have not subscribed.
> > > > I'll personally no longer accept them (other moderators still could)
> > > >
> > > > Thanks
> > > >
> > > > Jacques
> > > >
> > > > Le 28/02/2019 à 19:01, thanh a écrit :
> > > > > Hi all,
> > > > >
> > > > > I am newbie in ofbiz,
> > > > >
> > > > > I want to create permission call "Salesman", which this permission,
> > > user
> > > > can
> > > > > create sale order, view and edit own sale order. Cannot update or
> > view
> > > > other
> > > > > sale order which is not belong to themself.
> > > > >
> > > > > How can I do it, please show me.
> > > > >
> > > > > Thanks and best regards.
> > > > > Thanh
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-Dev-f165671.html
> > > > >
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Ofbiz Security permission

Deepak Dixit-5
Your email has been moderated,
Please subscribe to the user ML for such questions and then use your email
client
See also why here http://ofbiz.apache.org/mailing-lists.html


Thanks & Regards
--
Deepak Dixit
ofbiz.apache.org


On Sun, Mar 3, 2019 at 3:02 PM [hidden email] <
[hidden email]> wrote:

> Hi Rishi Solanki ,
>
> "1) SecurityPermission
> 2) SecurityGroup
> 3) SecurityGroupPermission
> 4) UserLogin
> 4) UserLoginSecurityGroup"
> =>There is a basic service which checks the weather an user will have
> permission to access some UI, process or not.
>
> I know, so how can I get get permission of user who are login from java
> code. if I can get permission from java code, I can append query some thing
> like: select * from order_header where (CREATED_BY = USER_LOGIN_ID )
>
> Thanks & Regards
>
>
> On 2019/03/01 09:13:50, Rishi Solanki <[hidden email]> wrote:
> > Rajesh,
> > There is a basic service which checks the weather an user will have
> > permission to access some UI, process or not. Which can be override as
> per
> > the business need. Please take a look into the
> PartyPermissionServices.xml.
> > Here you can see examples with fact service always returns true or false.
> > Also it overrides the default behavior and returns true for userLoing
> based
> > on partyId check.
> >
> > Note that all permission services implements permissionInterface, all the
> > code in these service is around what data model Deepak Nigam suggested.
> >
> > HTH!
> >
> > --
> > Rishi Solanki
> > Sr Manager, Enterprise Software Development
> > HotWax Systems Pvt. Ltd.
> > Direct: +91-9893287847
> > http://www.hotwaxsystems.com
> > www.hotwax.co
> >
> >
> > On Fri, Mar 1, 2019 at 2:01 PM Rajesh Mallah <[hidden email]>
> > wrote:
> >
> > > Hello Mr Deepak / List ,
> > >
> > > can you also elaborate to what extent OOTB handles the isolation of
> > > view  between resource owners. Eg below the person asks viewing
> > > his *own* resource but not others.
> > >
> > >
> > > > > create sale order, view and edit own sale order. Cannot update or
> view
> > > > other sale order which is not belong to themself.
> > >
> > > regds
> > > mallah.
> > >
> > > On Fri, Mar 1, 2019 at 9:53 AM Deepak Nigam <
> [hidden email]>
> > > wrote:
> > >
> > > > Hi Thanh,
> > > >
> > > > The permissions you are looking for and corresponding security group
> are
> > > > already available OOTB. You only need to associate user login with
> > > > appropriate security groups. Following entities can be of your
> interest:
> > > >
> > > > 1) SecurityPermission
> > > > 2) SecurityGroup
> > > > 3) SecurityGroupPermission
> > > > 4) UserLogin
> > > > 4) UserLoginSecurityGroup
> > > >
> > > > It can be also achieved via 'Party Manager' application. Just open
> the
> > > > profile of the party and you can add/remove him to any security
> group.
> > > This
> > > > feature is available under 'User Name(s)' section.
> > > >
> > > > Thanks & Regards
> > > > --
> > > > Deepak Nigam
> > > >
> > > >
> > > > On Fri, Mar 1, 2019 at 2:58 AM Jacques Le Roux <
> > > > [hidden email]>
> > > > wrote:
> > > >
> > > > > Hi Thanh,
> > > > >
> > > > > Your message has been moderated.
> > > > >
> > > > > Please subscribe to the user ML for such questions and then use
> your
> > > > email
> > > > > client
> > > > > See also why here http://ofbiz.apache.org/mailing-lists.html
> > > > >
> > > > > You will get a better support , it's more fair to share with
> everybody
> > > > > and people can answer you directly on the ML rather than directly
> to
> > > you
> > > > > The wider the audience the better the answers you might get
> > > > >
> > > > > Also it's more work for moderators who have to accept your
> messages as
> > > > > long as you have not subscribed.
> > > > > I'll personally no longer accept them (other moderators still
> could)
> > > > >
> > > > > Thanks
> > > > >
> > > > > Jacques
> > > > >
> > > > > Le 28/02/2019 à 19:01, thanh a écrit :
> > > > > > Hi all,
> > > > > >
> > > > > > I am newbie in ofbiz,
> > > > > >
> > > > > > I want to create permission call "Salesman", which this
> permission,
> > > > user
> > > > > can
> > > > > > create sale order, view and edit own sale order. Cannot update or
> > > view
> > > > > other
> > > > > > sale order which is not belong to themself.
> > > > > >
> > > > > > How can I do it, please show me.
> > > > > >
> > > > > > Thanks and best regards.
> > > > > > Thanh
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Sent from:
> http://ofbiz.135035.n4.nabble.com/OFBiz-Dev-f165671.html
> > > > > >
> > > > >
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Ofbiz Security permission

Rishi Solanki
In reply to this post by thanh
HI,
Yes you can use the permission service to add check at service, script, UI
and inline UI etc. You just need to call the relevant service as per your
business needs. Please refer PartyPermissionServices.xml give you good idea
how to implement and its occurrence gives idea on how to use that.

Best Regards,
--
Rishi Solanki
Sr Manager, Enterprise Software Development
HotWax Systems Pvt. Ltd.
Direct: +91-9893287847
http://www.hotwaxsystems.com
www.hotwax.co


On Sun, Mar 3, 2019 at 3:02 PM [hidden email] <
[hidden email]> wrote:

> Hi Rishi Solanki ,
>
> "1) SecurityPermission
> 2) SecurityGroup
> 3) SecurityGroupPermission
> 4) UserLogin
> 4) UserLoginSecurityGroup"
> =>There is a basic service which checks the weather an user will have
> permission to access some UI, process or not.
>
> I know, so how can I get get permission of user who are login from java
> code. if I can get permission from java code, I can append query some thing
> like: select * from order_header where (CREATED_BY = USER_LOGIN_ID )
>
> Thanks & Regards
>
>
> On 2019/03/01 09:13:50, Rishi Solanki <[hidden email]> wrote:
> > Rajesh,
> > There is a basic service which checks the weather an user will have
> > permission to access some UI, process or not. Which can be override as
> per
> > the business need. Please take a look into the
> PartyPermissionServices.xml.
> > Here you can see examples with fact service always returns true or false.
> > Also it overrides the default behavior and returns true for userLoing
> based
> > on partyId check.
> >
> > Note that all permission services implements permissionInterface, all the
> > code in these service is around what data model Deepak Nigam suggested.
> >
> > HTH!
> >
> > --
> > Rishi Solanki
> > Sr Manager, Enterprise Software Development
> > HotWax Systems Pvt. Ltd.
> > Direct: +91-9893287847
> > http://www.hotwaxsystems.com
> > www.hotwax.co
> >
> >
> > On Fri, Mar 1, 2019 at 2:01 PM Rajesh Mallah <[hidden email]>
> > wrote:
> >
> > > Hello Mr Deepak / List ,
> > >
> > > can you also elaborate to what extent OOTB handles the isolation of
> > > view  between resource owners. Eg below the person asks viewing
> > > his *own* resource but not others.
> > >
> > >
> > > > > create sale order, view and edit own sale order. Cannot update or
> view
> > > > other sale order which is not belong to themself.
> > >
> > > regds
> > > mallah.
> > >
> > > On Fri, Mar 1, 2019 at 9:53 AM Deepak Nigam <
> [hidden email]>
> > > wrote:
> > >
> > > > Hi Thanh,
> > > >
> > > > The permissions you are looking for and corresponding security group
> are
> > > > already available OOTB. You only need to associate user login with
> > > > appropriate security groups. Following entities can be of your
> interest:
> > > >
> > > > 1) SecurityPermission
> > > > 2) SecurityGroup
> > > > 3) SecurityGroupPermission
> > > > 4) UserLogin
> > > > 4) UserLoginSecurityGroup
> > > >
> > > > It can be also achieved via 'Party Manager' application. Just open
> the
> > > > profile of the party and you can add/remove him to any security
> group.
> > > This
> > > > feature is available under 'User Name(s)' section.
> > > >
> > > > Thanks & Regards
> > > > --
> > > > Deepak Nigam
> > > >
> > > >
> > > > On Fri, Mar 1, 2019 at 2:58 AM Jacques Le Roux <
> > > > [hidden email]>
> > > > wrote:
> > > >
> > > > > Hi Thanh,
> > > > >
> > > > > Your message has been moderated.
> > > > >
> > > > > Please subscribe to the user ML for such questions and then use
> your
> > > > email
> > > > > client
> > > > > See also why here http://ofbiz.apache.org/mailing-lists.html
> > > > >
> > > > > You will get a better support , it's more fair to share with
> everybody
> > > > > and people can answer you directly on the ML rather than directly
> to
> > > you
> > > > > The wider the audience the better the answers you might get
> > > > >
> > > > > Also it's more work for moderators who have to accept your
> messages as
> > > > > long as you have not subscribed.
> > > > > I'll personally no longer accept them (other moderators still
> could)
> > > > >
> > > > > Thanks
> > > > >
> > > > > Jacques
> > > > >
> > > > > Le 28/02/2019 à 19:01, thanh a écrit :
> > > > > > Hi all,
> > > > > >
> > > > > > I am newbie in ofbiz,
> > > > > >
> > > > > > I want to create permission call "Salesman", which this
> permission,
> > > > user
> > > > > can
> > > > > > create sale order, view and edit own sale order. Cannot update or
> > > view
> > > > > other
> > > > > > sale order which is not belong to themself.
> > > > > >
> > > > > > How can I do it, please show me.
> > > > > >
> > > > > > Thanks and best regards.
> > > > > > Thanh
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Sent from:
> http://ofbiz.135035.n4.nabble.com/OFBiz-Dev-f165671.html
> > > > > >
> > > > >
> > > >
> > >
> >
>