Openbravo Issue Tracking System - Openbravo ERP | ||||||||||||
| View Issue Details | ||||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||||||
| 0038659 | Openbravo ERP | C. Security | public | 2018-05-30 15:54 | 2018-06-04 09:57 | |||||||
| Reporter | alostale | |||||||||||
| Assigned To | alostale | |||||||||||
| Priority | normal | Severity | minor | Reproducibility | have not tried | |||||||
| Status | closed | Resolution | fixed | |||||||||
| Platform | OS | 5 | OS Version | |||||||||
| Product Version | ||||||||||||
| Target Version | Fixed in Version | 3.0PR18Q3 | ||||||||||
| Merge Request Status | ||||||||||||
| Review Assigned To | caristu | |||||||||||
| OBNetwork customer | ||||||||||||
| Web browser | ||||||||||||
| Modules | Core | |||||||||||
| Support ticket | ||||||||||||
| Regression level | ||||||||||||
| Regression date | ||||||||||||
| Regression introduced in release | ||||||||||||
| Regression introduced by commit | ||||||||||||
| Triggers an Emergency Pack | No | |||||||||||
| Summary | 0038659: new roles should be manual by default | |||||||||||
| Description | When creating new Roles, it is possible to define whether access for all objects will be granted automatically or not (through the Manual flag) also in case of automatic access if access to advanced features will be granted, see doc [1]. Currently new roles are defaulted to automatically be granted to all possible objects by being not manual and advanced features. It is more common to have restricted roles with access to only some specific objects than roles with access to all of them. Current defaults are error prone: if the user creating a new role forgets to flag default "Manual" field and saves the new role, all objects will be automatically granted. Setting it correctly afterwards, forces to remove access to all those objects. --- [1] http://wiki.openbravo.com/wiki/Role [^] | |||||||||||
| Steps To Reproduce | 1. Create a new role keeping all default values -> check there is access to all windows, reports, etc | |||||||||||
| Proposed Solution | -Change defaults to Manual: Yes Advanced: No - If a role is updated afterwards from manual to automatic, grant access to all objects automatically | |||||||||||
| Additional Information | ||||||||||||
| Tags | No tags attached. | |||||||||||
| Relationships |
| |||||||||||
| Attached Files | ||||||||||||
| Issue History | ||||||||||||
| Date Modified | Username | Field | Change | |||||||||
| 2018-05-30 15:54 | alostale | New Issue | ||||||||||
| 2018-05-30 15:54 | alostale | Assigned To | => alostale | |||||||||
| 2018-05-30 15:54 | alostale | Modules | => Core | |||||||||
| 2018-05-30 15:54 | alostale | Triggers an Emergency Pack | => No | |||||||||
| 2018-05-31 14:25 | hgbot | Checkin | ||||||||||
| 2018-05-31 14:25 | hgbot | Note Added: 0104842 | ||||||||||
| 2018-05-31 14:25 | hgbot | Status | new => resolved | |||||||||
| 2018-05-31 14:25 | hgbot | Resolution | open => fixed | |||||||||
| 2018-05-31 14:25 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/5ae34663c0339d067e787c2e4f9784df253bbbfe [^] | |||||||||
| 2018-05-31 14:28 | alostale | Review Assigned To | => caristu | |||||||||
| 2018-06-04 09:54 | caristu | Issue cloned | 0038689 | |||||||||
| 2018-06-04 09:54 | caristu | Relationship added | related to 0038689 | |||||||||
| 2018-06-04 09:57 | caristu | Note Added: 0104904 | ||||||||||
| 2018-06-04 09:57 | caristu | Status | resolved => closed | |||||||||
| 2018-06-04 09:57 | caristu | Fixed in Version | => 3.0PR18Q3 | |||||||||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||