Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0027459
TypeCategorySeverityReproducibilityDate SubmittedLast Update
design defect[Openbravo ERP] 03. Procurement managementmajoralways2014-08-25 12:312014-12-30 08:27
ReportermaiteView Statuspublic 
Assigned Toreinaldoguerra 
PriorityurgentResolutionopenFixed in Version
StatusscheduledFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0027459: Data from non-accessible organizations is obtained in Multidimensional reports

DescriptionData from non-accessible organizations is obtained in Multidimensional reports
Steps To Reproduce1. Access Role window and edit "F&B España, S.A - Procurement" role to set it as "User level= Organization"
2. Go to "Org Access" tab and delete records for "España" and "España sur" so role only has access to "España Norte" organization
3. Log out and log in again with "F&B España, S.A - Procurement" role
4. Go to "Purchase Dimensional Report" and realize that in Organization combo you are able to see more organizations than "España Norte".
5. Set * organization and run report. Realize that data from other organizations is considered
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to defect 0027953 closedjorge-garcia AccessibleOrgTree wrongly used in some reports may create security issues 
related to defect 00307973.0PR15Q4 closedalostale Validation rule automatically adds wrong organization list to the where clause 

-  Notes
(0071107)
reinaldoguerra (developer)
2014-10-22 04:56

 Test plan used:
1- Login into Openbravo ERP as F&B International Group Admin
2- Go to Role window and edit "F&B España, S.A - Procurement" role. Set user level as "Organization",
3- Go to "Org Access" tab and delete records for "España" and "España sur" so role only has access to "España Norte" organization.
4- Log out and log in again with "F&B España, S.A - Procurement" role
5- Go to "Purchase Dimensional Report" and realize that in Organization combo you are able to see only organizations accessed by logged role, in this case: "España Norte".
6- Select From Date and To Date fields, also "España Norte" organization and fill dimensions filter with Business Partner and Product options.
7- Launch report and realize that records are filtered by Business partner and Products defined for "España Norte" organization.
8- Check Comparative Report option and insert reference dates.
9- Select product in dimesions filter.
9- Launch report and realize that fields and their references are filtered for selected organization.

- Issue History
Date Modified Username Field Change
2014-08-25 12:31 maite New Issue
2014-08-25 12:31 maite Assigned To => dmiguelez
2014-08-25 12:31 maite Modules => Core
2014-08-25 12:31 maite Resolution time => 1411509600
2014-08-25 12:31 maite Triggers an Emergency Pack => No
2014-08-25 12:32 maite Issue Monitored: networkb
2014-09-29 16:12 jonalegriaesarte Target Version 3.0PR14Q4 => 3.0PR15Q1
2014-10-21 05:01 reinaldoguerra Status new => scheduled
2014-10-21 05:02 reinaldoguerra Assigned To dmiguelez => reinaldoguerra
2014-10-22 04:56 reinaldoguerra Note Added: 0071107
2014-10-22 18:52 vmromanos Relationship added related to 0027953
2014-11-04 10:50 Sandrahuguet Type defect => design defect
2014-11-11 11:03 ngarcia Summary Date from non-accessible organizations is obtained in Multidimensional reports => Data from non-accessible organizations is obtained in Multidimensional reports
2014-11-11 11:03 ngarcia Description Updated View Revisions
2014-12-30 08:27 Sandrahuguet Target Version 3.0PR15Q1 =>
2015-09-10 09:11 alostale Relationship added related to 0030797

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker