Daniel,
Your description of granting permission to subsets of data seems to be very
similar to what we have here where I work. Although there seems to be some
functionality along these lines in the product catalog, there isn't much
built-in in the rest of the application suite.
Our solution required two steps: 1. Create custom permissions and roles to be
assigned to users, and 2. Modify the data entry screens to perform additional
permissions checking on the affected entities.
Daniel Goodwin wrote:
> SVN : 6759
>
> Two things I have noticed in relation to security.
> They may be by design
> so I'm not sure they are issues
> I have been trying to create a new security group
> (FACILITY_RESTRICT)
> which has retricted access to a subset of facilities.
> Initially I just
> wanted access to facility list (I know FACILITY_ADMIN
> etc will be needed
> to do anything of consequence)
>
> 1. To start with I created a new party and user login
> and assigned the
> FACILITY_VIEW permission. However I also had to add in
> OFBTOOLS_VIEW
> permission to get the login screen to actual get me to
> the list of
> facilities - why?
> 2. Secondly this issue took me some time to resolve
> because of cacheing.
> If I removed a permission(say OFBTOOLS_VIEW) then this
> was immediately
> checked at next login (which would be within say 10
> secs). However if I
> re-added the missing permission this would NOT be
> checked or found until
> after I emptied cache . Is this by design? (I presume
> the cache would
> reset itself in time anyway?)
>
> Daniel
>
>
>
> ___________________________________________________________
> Win a BlackBerry device from O2 with Yahoo!. Enter now.
http://www.yahoo.co.uk/blackberry>
> _______________________________________________
> Users mailing list
>
[hidden email]
>
http://lists.ofbiz.org/mailman/listinfo/users>
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Locked
