OFBiz OFBiz - Dev

[jira] [Comment Edited] (OFBIZ-4130) Tenant super user (tenant admin) can view all database details of all tenants

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Comment Edited] (OFBIZ-4130) Tenant super user (tenant admin) can view all database details of all tenants

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13912705#comment-13912705 ]

Pierre Smits edited comment on OFBIZ-4130 at 2/26/14 10:21 AM:
---------------------------------------------------------------

Hans said: 'I would not make the webtools application available to tenants'.

Unfortunately, many aspects of keyword maintenance are only accessible through the webtools application. This is the result of having no configuration options in the various apps and components. Thus we can't avoid granting tenant super users access to webtools.

But, apart from that issue (improvement) we should ensure that tenant super users don't see tenant configuration details of other tenants.


was (Author: pfm.smits):
Hans said: 'I would not make the webtools application available to tenants'.

Unfortunately, many aspects of keyword maintenance is only accessible through the webtools application. This is the result of having no configuration options in the various apps and components. Thus we can't avoid granting tenant super users access to webtools.

But, apart from that issue we should ensure that tenant super users don't see tenant configuration details of other tenants.

> Tenant super user (tenant admin) can view all database details of all tenants
> -----------------------------------------------------------------------------
>
>                 Key: OFBIZ-4130
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-4130
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Release Branch 10.04, Release Branch 11.04, SVN trunk, Release Branch 12.04, Release Branch 13.07
>            Reporter: Pierre Smits
>            Priority: Critical
>             Fix For: Release Branch 10.04, Release Branch 11.04, SVN trunk, Release 11.04.01, Release Branch 12.04, Release Branch 13.07
>
>         Attachments: OFBIZ-4130-MultiTenant-visibilty.patch
>
>
> When a new tenant is created and the super user of the tenant (the tenant-admin) logs in to WebTools and views the tables Tenant and TenantDataSource he/she can see all details of the tenant databases, incl TenantName, userID and password of the tenant databases.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
Free forum by Nabble Edit this page