Re: svn commit: r561569 - /ofbiz/trunk/applications/party/data/PartySecurityData.xml

> Author: sichen
> Date: Tue Jul 31 15:09:15 2007
> New Revision: 561569
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=561569
> Log:
> Not sure if this is intentional or a bug, so here's my fix.  The PARTYADMIN user actually could not set security permissions for any of the users, and there was no SECURITY permission group that I could find
>
> Modified:
>     ofbiz/trunk/applications/party/data/PartySecurityData.xml
>
> Modified: ofbiz/trunk/applications/party/data/PartySecurityData.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/data/PartySecurityData.xml?view=diff&rev=561569&r1=561568&r2=561569
> ==============================================================================
> --- ofbiz/trunk/applications/party/data/PartySecurityData.xml (original)
> +++ ofbiz/trunk/applications/party/data/PartySecurityData.xml Tue Jul 31 15:09:15 2007
> @@ -84,4 +84,7 @@
>      <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SECURITY_UPDATE"/>
>      <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SECURITY_VIEW"/>
>      <SecurityGroupPermission groupId="VIEWADMIN" permissionId="SECURITY_VIEW"/>
> +
> +    <SecurityGroupPermission groupId="PARTYADMIN" permissionId="SECURITY_ADMIN"/>
> +
>  </entity-engine-xml>
>
>

>
> Yeah, I'm pretty sure this was intentional. Security admin privileges
> should be very explicit and not part of any general group.
>
> I think the intention of the PARTYADMIN group was for general party
> administration, but NOT the security administration side of parties.
>
> We should discuss this, but I think the most flexible and secure would
> be to remove this and create a SECURITYADMIN group that has this
> permission for easy application when needed.
>
> -David
>
>
> [hidden email] wrote:
>
>> Author: sichen
>> Date: Tue Jul 31 15:09:15 2007
>> New Revision: 561569
>>
>> URL: http://svn.apache.org/viewvc?view=rev&rev=561569
>> Log:
>> Not sure if this is intentional or a bug, so here's my fix.  The
>> PARTYADMIN user actually could not set security permissions for any of
>> the users, and there was no SECURITY permission group that I could find
>>
>> Modified:
>>     ofbiz/trunk/applications/party/data/PartySecurityData.xml
>>
>> Modified: ofbiz/trunk/applications/party/data/PartySecurityData.xml
>> URL:
>> http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/data/PartySecurityData.xml?view=diff&rev=561569&r1=561568&r2=561569 
>>
>> ==============================================================================
>>
>> --- ofbiz/trunk/applications/party/data/PartySecurityData.xml (original)
>> +++ ofbiz/trunk/applications/party/data/PartySecurityData.xml Tue Jul
>> 31 15:09:15 2007
>> @@ -84,4 +84,7 @@
>>      <SecurityGroupPermission groupId="FLEXADMIN"
>> permissionId="SECURITY_UPDATE"/>
>>      <SecurityGroupPermission groupId="FLEXADMIN"
>> permissionId="SECURITY_VIEW"/>
>>      <SecurityGroupPermission groupId="VIEWADMIN"
>> permissionId="SECURITY_VIEW"/>
>> +
>> +    <SecurityGroupPermission groupId="PARTYADMIN"
>> permissionId="SECURITY_ADMIN"/>
>> +
>>  </entity-engine-xml>
>>
>>
>