OFBiz OFBiz - Dev

Re: svn commit: r522985 - /ofbiz/trunk/applications/product/data/ProductSecurityData.xml

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
David E Jones-2
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r522985 - /ofbiz/trunk/applications/product/data/ProductSecurityData.xml

David E Jones-2

Are we sure we want to do this? The point of the separate price  
maintenance permission was so that there would be a security group  
that had permission to do other stuff for the catalog/products, but  
NOT be able to change prices.

Adding that permission to the CATALOGADMIN group kind of nullifies  
the effect of the permission...

If you want a user to be able to change prices there are other  
security groups they can go in, like BIZADMIN, or perhaps we should  
add a small security group just for the additional price maintenance  
permission.

Before I make any changes, what are your thoughts on this Si (or  
anyone else)?

-David


On Mar 27, 2007, at 10:20 AM, [hidden email] wrote:

> Author: sichen
> Date: Tue Mar 27 09:20:08 2007
> New Revision: 522985
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=522985
> Log:
> adding missing catalog price maint permission to catalog admin  
> security group
>
> Modified:
>     ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>
> Modified: ofbiz/trunk/applications/product/data/
> ProductSecurityData.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/ 
> data/ProductSecurityData.xml?view=diff&rev=522985&r1=522984&r2=522985
> ======================================================================
> ========
> --- ofbiz/trunk/applications/product/data/ProductSecurityData.xml  
> (original)
> +++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml  
> Tue Mar 27 09:20:08 2007
> @@ -41,6 +41,7 @@
>
>      <SecurityGroup description="Catalog Admin group, has all  
> catalog permissions." groupId="CATALOGADMIN"/>
>      <SecurityGroupPermission groupId="CATALOGADMIN"  
> permissionId="CATALOG_ADMIN"/>
> +    <SecurityGroupPermission groupId="CATALOGADMIN"  
> permissionId="CATALOG_PRICE_MAINT"/>
>      <SecurityGroupPermission groupId="CATALOGADMIN"  
> permissionId="OFBTOOLS_VIEW"/>
>
>      <SecurityGroup description="Catalog Admin View and Purchase  
> Allow Products" groupId="CATALOGADMIN"/>
>
>


smime.p7s (3K) Download Attachment
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r522985 - /ofbiz/trunk/applications/product/data/ProductSecurityData.xml

Jacques Le Roux
Administrator
Keeping the prices out of reach of CATALOGADMIN sounds like a desirable
feature to me

Jacques

>
> Are we sure we want to do this? The point of the separate price
> maintenance permission was so that there would be a security group
> that had permission to do other stuff for the catalog/products, but
> NOT be able to change prices.
>
> Adding that permission to the CATALOGADMIN group kind of nullifies
> the effect of the permission...
>
> If you want a user to be able to change prices there are other
> security groups they can go in, like BIZADMIN, or perhaps we should
> add a small security group just for the additional price maintenance
> permission.
>
> Before I make any changes, what are your thoughts on this Si (or
> anyone else)?
>
> -David
>
>
> On Mar 27, 2007, at 10:20 AM, [hidden email] wrote:
>
> > Author: sichen
> > Date: Tue Mar 27 09:20:08 2007
> > New Revision: 522985
> >
> > URL: http://svn.apache.org/viewvc?view=rev&rev=522985
> > Log:
> > adding missing catalog price maint permission to catalog admin
> > security group
> >
> > Modified:
> >     ofbiz/trunk/applications/product/data/ProductSecurityData.xml
> >
> > Modified: ofbiz/trunk/applications/product/data/
> > ProductSecurityData.xml
> > URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/
> >
data/ProductSecurityData.xml?view=diff&rev=522985&r1=522984&r2=522985
> >
======================================================================

> > ========
> > --- ofbiz/trunk/applications/product/data/ProductSecurityData.xml
> > (original)
> > +++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml
> > Tue Mar 27 09:20:08 2007
> > @@ -41,6 +41,7 @@
> >
> >      <SecurityGroup description="Catalog Admin group, has all
> > catalog permissions." groupId="CATALOGADMIN"/>
> >      <SecurityGroupPermission groupId="CATALOGADMIN"
> > permissionId="CATALOG_ADMIN"/>
> > +    <SecurityGroupPermission groupId="CATALOGADMIN"
> > permissionId="CATALOG_PRICE_MAINT"/>
> >      <SecurityGroupPermission groupId="CATALOGADMIN"
> > permissionId="OFBTOOLS_VIEW"/>
> >
> >      <SecurityGroup description="Catalog Admin View and Purchase
> > Allow Products" groupId="CATALOGADMIN"/>
> >
> >
>
>

BJ Freeman
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r522985 - /ofbiz/trunk/applications/product/data/ProductSecurityData.xml

BJ Freeman
In reply to this post by David E Jones-2
I think a smaller group that has todo with prices change, then put in
Admin Group. This accomplish both.

This brings up on the best practice for Assigning permissions to logins.
Also best practice about laying out Permissions in the UI and services.

David E. Jones sent the following on 4/28/2007 9:22 AM:

>
> Are we sure we want to do this? The point of the separate price
> maintenance permission was so that there would be a security group that
> had permission to do other stuff for the catalog/products, but NOT be
> able to change prices.
>
> Adding that permission to the CATALOGADMIN group kind of nullifies the
> effect of the permission...
>
> If you want a user to be able to change prices there are other security
> groups they can go in, like BIZADMIN, or perhaps we should add a small
> security group just for the additional price maintenance permission.
>
> Before I make any changes, what are your thoughts on this Si (or anyone
> else)?
>
> -David
>
>
> On Mar 27, 2007, at 10:20 AM, [hidden email] wrote:
>
>> Author: sichen
>> Date: Tue Mar 27 09:20:08 2007
>> New Revision: 522985
>>
>> URL: http://svn.apache.org/viewvc?view=rev&rev=522985
>> Log:
>> adding missing catalog price maint permission to catalog admin
>> security group
>>
>> Modified:
>>     ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>>
>> Modified: ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/data/ProductSecurityData.xml?view=diff&rev=522985&r1=522984&r2=522985
>>
>> ==============================================================================
>>
>> --- ofbiz/trunk/applications/product/data/ProductSecurityData.xml
>> (original)
>> +++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml Tue
>> Mar 27 09:20:08 2007
>> @@ -41,6 +41,7 @@
>>
>>      <SecurityGroup description="Catalog Admin group, has all catalog
>> permissions." groupId="CATALOGADMIN"/>
>>      <SecurityGroupPermission groupId="CATALOGADMIN"
>> permissionId="CATALOG_ADMIN"/>
>> +    <SecurityGroupPermission groupId="CATALOGADMIN"
>> permissionId="CATALOG_PRICE_MAINT"/>
>>      <SecurityGroupPermission groupId="CATALOGADMIN"
>> permissionId="OFBTOOLS_VIEW"/>
>>
>>      <SecurityGroup description="Catalog Admin View and Purchase Allow
>> Products" groupId="CATALOGADMIN"/>
>>
>>
>
Free forum by Nabble Edit this page