Permissions setup

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Permissions setup

opablo
Hi,

We have an organization with two companies (the organization
headquarters at two different countries), each of them working
separately, but both included in the organization (so the organization
user views all data). Is there a way to configure OfBiz that a user from
a company can see only the orders from the company he/she belongs and is
not able to see the orders from the other company?

Regards,

Óscar

Reply | Threaded
Open this post in threaded view
|

Re: Permissions setup

David E Jones

Not configure per se, but the data structures are there and this sort of thing has been done before, it's just a matter of a little customization to filter queries and such how you want to.

-David


opablo wrote:

> Hi,
>
> We have an organization with two companies (the organization
> headquarters at two different countries), each of them working
> separately, but both included in the organization (so the organization
> user views all data). Is there a way to configure OfBiz that a user from
> a company can see only the orders from the company he/she belongs and is
> not able to see the orders from the other company?
>
> Regards,
>
> Óscar
>
Reply | Threaded
Open this post in threaded view
|

Re: Permissions setup

jonwimp
Also, if you code your data retrieval functions into services, you can use SECAs to slap on
pre-checks (permissions checks).

But I thought there was something else done for this. The service engine can call a
custom-specified "permissions checking service" prior to calling a service. So, a service
"getPrivateInfo" can have a custom-specified permissions service called "somePermissionsChecks"
attached to it.

Is that true?

Jonathon

David E Jones wrote:

>
> Not configure per se, but the data structures are there and this sort of
> thing has been done before, it's just a matter of a little customization
> to filter queries and such how you want to.
>
> -David
>
>
> opablo wrote:
>> Hi,
>>
>> We have an organization with two companies (the organization
>> headquarters at two different countries), each of them working
>> separately, but both included in the organization (so the organization
>> user views all data). Is there a way to configure OfBiz that a user from
>> a company can see only the orders from the company he/she belongs and is
>> not able to see the orders from the other company?
>>
>> Regards,
>>
>> Óscar
>>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Permissions setup

David E Jones

That is true, but it's not quite that simple, or in other words there are other things that need to have checks and filters, like an order find query, that won't be do-able with a just service level permission checks and such.

-David


Jonathon -- Improov wrote:

> Also, if you code your data retrieval functions into services, you can
> use SECAs to slap on pre-checks (permissions checks).
>
> But I thought there was something else done for this. The service engine
> can call a custom-specified "permissions checking service" prior to
> calling a service. So, a service "getPrivateInfo" can have a
> custom-specified permissions service called "somePermissionsChecks"
> attached to it.
>
> Is that true?
>
> Jonathon
>
> David E Jones wrote:
>>
>> Not configure per se, but the data structures are there and this sort
>> of thing has been done before, it's just a matter of a little
>> customization to filter queries and such how you want to.
>>
>> -David
>>
>>
>> opablo wrote:
>>> Hi,
>>>
>>> We have an organization with two companies (the organization
>>> headquarters at two different countries), each of them working
>>> separately, but both included in the organization (so the organization
>>> user views all data). Is there a way to configure OfBiz that a user from
>>> a company can see only the orders from the company he/she belongs and is
>>> not able to see the orders from the other company?
>>>
>>> Regards,
>>>
>>> Óscar
>>>
>>
>>
>