Posted by Adrian Crum on Sep 07, 2007; 9:55pm
URL: http://ofbiz.116.s1.nabble.com/Asset-Maintenance-Permissions-Problems-tp183482.html

I noticed that the Asset Maint component requires the OFBTOOLS base permission to use the component.
So, I added that permission to a test user login. The Asset Maint component appears for that user
login. When I try to perform any work, I get permissions errors because the Asset Maint component
calls services in other components - which have their own sets of permissions.

Updating a maintenance produced this error message:

"Security Error: to run updateFixedAssetMaint you must have the ACCOUNTING_UPDATE or
ACCOUNTING_ADMIN permission, or the limited ACCOUNTING_ROLE_UPDATE permission calling service
updateFixedAssetMaint in updateFixedAssetMaintAndWorkEffort"

The ACCOUNTING_ROLE_UPDATE permission doesn't exist. I added it manually to the test user login.
After logging out and back in, I still get the same error message. I added the ACCOUNTING_UPDATE
permission to the user login, and I was able to update a maintenance. Problem is, that gives me
permission to update other things in Accounting..

This is the same type of problem I ran into with Forums - the Forum feature calls Content Manager
services which require Content Manager permissions.

I've suggested separating business logic from permissions checking logic in the past, but that got a
mixed response. I could do that with the FixedAssetServices.xml file - move the embedded permissions
checking to a separate service (using the new permissions checking capability).

Any thoughts?

-Adrian