svn commit: r561569 - /ofbiz/trunk/applications/party/data/PartySecurityData.xml

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r561569 - /ofbiz/trunk/applications/party/data/PartySecurityData.xml

sichen
Author: sichen
Date: Tue Jul 31 15:09:15 2007
New Revision: 561569

URL: http://svn.apache.org/viewvc?view=rev&rev=561569
Log:
Not sure if this is intentional or a bug, so here's my fix.  The PARTYADMIN user actually could not set security permissions for any of the users, and there was no SECURITY permission group that I could find

Modified:
    ofbiz/trunk/applications/party/data/PartySecurityData.xml

Modified: ofbiz/trunk/applications/party/data/PartySecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/data/PartySecurityData.xml?view=diff&rev=561569&r1=561568&r2=561569
==============================================================================
--- ofbiz/trunk/applications/party/data/PartySecurityData.xml (original)
+++ ofbiz/trunk/applications/party/data/PartySecurityData.xml Tue Jul 31 15:09:15 2007
@@ -84,4 +84,7 @@
     <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SECURITY_UPDATE"/>
     <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SECURITY_VIEW"/>
     <SecurityGroupPermission groupId="VIEWADMIN" permissionId="SECURITY_VIEW"/>
+
+    <SecurityGroupPermission groupId="PARTYADMIN" permissionId="SECURITY_ADMIN"/>
+
 </entity-engine-xml>


Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r561569 - /ofbiz/trunk/applications/party/data/PartySecurityData.xml

David E Jones

Yeah, I'm pretty sure this was intentional. Security admin privileges should be very explicit and not part of any general group.

I think the intention of the PARTYADMIN group was for general party administration, but NOT the security administration side of parties.

We should discuss this, but I think the most flexible and secure would be to remove this and create a SECURITYADMIN group that has this permission for easy application when needed.

-David


[hidden email] wrote:

> Author: sichen
> Date: Tue Jul 31 15:09:15 2007
> New Revision: 561569
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=561569
> Log:
> Not sure if this is intentional or a bug, so here's my fix.  The PARTYADMIN user actually could not set security permissions for any of the users, and there was no SECURITY permission group that I could find
>
> Modified:
>     ofbiz/trunk/applications/party/data/PartySecurityData.xml
>
> Modified: ofbiz/trunk/applications/party/data/PartySecurityData.xml
> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/data/PartySecurityData.xml?view=diff&rev=561569&r1=561568&r2=561569
> ==============================================================================
> --- ofbiz/trunk/applications/party/data/PartySecurityData.xml (original)
> +++ ofbiz/trunk/applications/party/data/PartySecurityData.xml Tue Jul 31 15:09:15 2007
> @@ -84,4 +84,7 @@
>      <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SECURITY_UPDATE"/>
>      <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SECURITY_VIEW"/>
>      <SecurityGroupPermission groupId="VIEWADMIN" permissionId="SECURITY_VIEW"/>
> +
> +    <SecurityGroupPermission groupId="PARTYADMIN" permissionId="SECURITY_ADMIN"/>
> +
>  </entity-engine-xml>
>
>