Posted by Daniel Goodwin on
URL: http://ofbiz.116.s1.nabble.com/Users-Facility-security-and-cache-tp137562.html

SVN : 6759

Two things I have noticed in relation to security.
They may be by design
so I'm not sure they are issues
I have been trying to create a new security group
(FACILITY_RESTRICT)
which has retricted access to a subset of facilities.
Initially I just
wanted access to facility list (I know FACILITY_ADMIN
etc will be needed
to do anything of consequence)

1. To start with I created a new party and user login
and assigned the
FACILITY_VIEW permission. However I also had to add in
OFBTOOLS_VIEW
permission to get the login screen to actual get me to
the list of
facilities - why?
2. Secondly this issue took me some time to resolve
because of cacheing.
If I removed a permission(say OFBTOOLS_VIEW) then this
was immediately
checked at next login (which would be within say 10
secs). However if I
re-added the missing permission this would NOT be
checked or found until
after I emptied cache . Is this by design? (I presume
the cache would
reset itself in time anyway?)

Daniel


               
___________________________________________________________
Win a BlackBerry device from O2 with Yahoo!. Enter now. http://www.yahoo.co.uk/blackberry
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users