[jira] Created: (OFBIZ-4130) Tenant super user (tenant admin) can view all database details of all tenants

Tenant super user (tenant admin) can view all database details of all tenants
-----------------------------------------------------------------------------

                 Key: OFBIZ-4130
                 URL: https://issues.apache.org/jira/browse/OFBIZ-4130
             Project: OFBiz
          Issue Type: Bug
          Components: framework
    Affects Versions: SVN trunk
            Reporter: Pierre Smits


When a new tenant is created and the super user of the tenant (the tenant-admin) logs in to WebTools and views the tables Tenant and TenantDataSource he/she can see all details of the tenant databases, incl TenantName, userID and password of the tenant databases.


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pierre Smits updated OFBIZ-4130:
--------------------------------

        Fix Version/s: SVN trunk
                       Release Branch 10.04
    Affects Version/s: Release Branch 10.04

This will also affect multi tenancy in version 10.04.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12984713#action_12984713 ]

Pierre Smits commented on OFBIZ-4130:
-------------------------------------

Currently the tenant tables (tables Tenant and TenantDataSource), not the tables for the tenant, are accessed through delegator org.ofbiz.tenant.
One solution is, that like other database tables, these tables will be accessed trhough the standard delegator org.ofbiz. The tenant admins (with FULLADMIN rights in the tenant environment) then can no longer see the data in the tables of the master databases.

However, they then can create new data entries in the tables in their own tenant environment.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pierre Smits updated OFBIZ-4130:
--------------------------------

    Priority: Critical  (was: Major)

Moved Priority to critical. As this undermines the roll-out of OFBiz as multi tenancy solution.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12993395#comment-12993395 ]

Pierre Smits commented on OFBIZ-4130:
-------------------------------------

Hi all,

I would like to resolve this. But before doing so I would like your feedback regarding this issue and the best approach.

Regards,

Pierre

--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12994104#comment-12994104 ]

Jacques Le Roux commented on OFBIZ-4130:
----------------------------------------

I'd suggest to discuss this on dev ML, it would maybe get a better attention.

--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Hi all,

In current version of the trunk each tenant admin can view all dat in tables
Tenant and TenantDataSource. In my opinion this is an unwanted situation as
one would only want the admin of the root OFBiz application to view/change
information about tenants.

I want to have a go at correcting this situation, but before doing so I
welcome your input to come to the best solution for this issue.

Please provide me with your insights.

Regards,

Pierre

2011/2/13 Jacques Le Roux (JIRA) <[hidden email]>

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12994241#comment-12994241 ]

BJ Freeman commented on OFBIZ-4130:
-----------------------------------

actually this is because the same seed data is loaded into each tenant database.
as I commented on the dev ml, there should be separate seed data for tenants
from the base seed data that gets loaded when ofbiz is first created.
I did this by adding a tenant reader and separating base seed data from tenant seed data.

--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12994249#comment-12994249 ]

Pierre Smits commented on OFBIZ-4130:
-------------------------------------

Hi BJ,

Can you inform me which line in the seed data enables tenant-admins to view data in the tables 'Tenant' and 'TenantDataSource'?

Regards,

Pierre

--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12994251#comment-12994251 ]

BJ Freeman commented on OFBIZ-4130:
-----------------------------------

you might look at this also
http://ofbiz.apache.org/docs/serviceconfig.html#ThreadPool


--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12994252#comment-12994252 ]

BJ Freeman commented on OFBIZ-4130:
-----------------------------------

i did not do a patch so can't tell you what I changed it was last year.
when I get time will review and inform you.

--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12994487#comment-12994487 ]

BJ Freeman commented on OFBIZ-4130:
-----------------------------------

I found this thread
http://osdir.com/ml/dev.ofbiz.apache.org/2010-03/msg01665.html

--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12996238#comment-12996238 ]

Jacques Le Roux commented on OFBIZ-4130:
----------------------------------------

Pierre,

Should we keep open?

--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12996278#comment-12996278 ]

Pierre Smits commented on OFBIZ-4130:
-------------------------------------

Hi Jacques,

Yes please, As this a mayor bug that influences the deployment as a multi-tenant solution. Plus no solution hasn't been provided yet.

Regards,

Pierre

--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196688#comment-13196688 ]

Hans Bakker commented on OFBIZ-4130:
------------------------------------

It think tis is fine as the way it is at the moment:
The super tenant user can see all tenants while the tenants themselves can only see their own tenant records.
You will always need a function which has general access related to tenant info.
Other info cannot be seen by the tenant admin, although this user has normally server access and read the database directly.....

I propose to close this issue.

Regards,
Hans
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196711#comment-13196711 ]

Pierre Smits commented on OFBIZ-4130:
-------------------------------------

So what you're saying  it is ok that when you provide one of the employees of your tenant access to framework tools to do entity data management on the backend he can also find out who your other tenants are?

And via the tenant-ID and some (minor) effort can get access to the data of your other tenants?
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196718#comment-13196718 ]

Hans Bakker commented on OFBIZ-4130:
------------------------------------

please read what i wrote:

The super tenant user can see all tenants while the tenants themselves can only see their own tenant record.

means a tenant with a tenantid can only see his own tenant records.

Regards,
Hans

               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196718#comment-13196718 ]

Hans Bakker edited comment on OFBIZ-4130 at 1/31/12 5:42 AM:
-------------------------------------------------------------

please read what i wrote:

The super tenant user can see all tenants while the tenants themselves can only see their own tenant record.

means a tenant with a tenantid can only see his own tenant records.
A super tenant, actually which is using the default delegator can see the info of all tenants, which is fine.

Regards,
Hans

               
      was (Author: hansbak):
    please read what i wrote:

The super tenant user can see all tenants while the tenants themselves can only see their own tenant record.

means a tenant with a tenantid can only see his own tenant records.

Regards,
Hans

                 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196718#comment-13196718 ]

Hans Bakker edited comment on OFBIZ-4130 at 1/31/12 5:43 AM:
-------------------------------------------------------------

please read what i wrote:

The super tenant user can see all tenants while the tenants themselves can only see their own tenant record.

means a tenant with a tenantid can only see his own tenant records.
A super tenant, actually which is using the default delegator can see the info of all tenants, which is fine.

please go to http://ofbizsaas.com register yourself, you will get a tenant created for you and you can check it out......

Regards,
Hans

               
      was (Author: hansbak):
    please read what i wrote:

The super tenant user can see all tenants while the tenants themselves can only see their own tenant record.

means a tenant with a tenantid can only see his own tenant records.
A super tenant, actually which is using the default delegator can see the info of all tenants, which is fine.

Regards,
Hans

                 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

    [ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196766#comment-13196766 ]

Pierre Smits commented on OFBIZ-4130:
-------------------------------------

First of all: ofbizsaas.com is not endorsed by the Apache OFBiz project, but (probably) a customized instance of a version of OFBiz and owned by Ant Websystems Co. Ltd.

Second:
If users execute following procedure when installing OFBiz trunk (in this case on either MAC or LINUX):
- ./ant run-install-extseed
- ./ant create-admin-user-login
- ./ant run-create-tenant (for tenant #1)
- ./ant run-create-tenant (for tenant #2)
- set 'multitenant'=Y in 'framework/common/config/general.properties'
- and subsequently start OFBiz with ./startofbiz.sh
- and login with either the admin account for tenant #1 or the admin account for tenant #2
- and access table 'tenant' or table 'TenantDataSource' in entity data management via 'Framework Web Tools'

the user will see all registered tenants and associated tenantdata sources. So does any ohter party created in a tenant who has 'SECURITYADMIN' permissions.

I think that such a situation is unwanted and poses great risks.
               
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira