Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | |||||||||||
| 0006527 | |||||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||||
| feature request | [Openbravo ERP] C. Security | major | always | 2008-12-14 10:53 | 2014-05-08 20:55 | ||||||
| Reporter | jtarbal | View Status | public | ||||||||
| Assigned To | iciordia | ||||||||||
| Priority | normal | Resolution | open | Fixed in Version | |||||||
| Status | acknowledged | Fix in branch | Fixed in SCM revision | ||||||||
| Projection | none | ETA | none | Target Version | |||||||
| OS | Any | Database | Any | Java version | |||||||
| OS Version | Database version | Ant version | |||||||||
| Product Version | 2.40 | SCM revision | |||||||||
| Review Assigned To | |||||||||||
| Web browser | |||||||||||
| Modules | Core | ||||||||||
| Regression level | |||||||||||
| Regression date | |||||||||||
| Regression introduced in release | |||||||||||
| Regression introduced by commit | |||||||||||
| Triggers an Emergency Pack | No | ||||||||||
| Summary | 0006527: Security enhancements related to role management | ||||||||||
| Description | Here you are a list of proposed security enhancements that are related to role management: - By default the role "System Administration" has access to some functionalities of "Master Data, Sales, Procurement, Warehouse, Production, MRP and Financial Management". This role should only have access to all functionalities of "Application Dictionary" and "General Setup". - By default when performing an "Initial Client Setup", the "Admin" role has access to some functionalities of "Application Dictionary" and shouldn't. Similarly, the User role has access to some functionalities of "General Setup" and shouldn't. - In all roles, the "Information" module in the left menu shows all possible searches. However, the searches should be related to the permissions that the role has. A criterion could be to link each of the search to some modules. For instance, the "Accounts" search could have sense if the role has access to the Financial Management module. However, the "Shipment line" search could be linked to the Sales, Warehouse and Procurement modules. - In the Role window, it would be great if in the permissions management tabs (windows, forms, reports, etc.) it appears the module (as in the left menu) that the functionality belongs. This would make a lot easier the permissions management. - In the Role window, it would be great to have a button to remove permissions by selecting a module (similar to the Insert Permissions button, but for removing purposes) | ||||||||||
| Tags | Clean-up, ReleaseCandidate | ||||||||||
| Attached Files | |||||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0014198) jtarbal (reporter) 2009-03-02 09:31 |
These improvements would reduce the time needed when parametrizing different roles. Thus, it is an improvement for the consultants rather than the end-user. Role parametrization is something that has to be done in all Openbravo ERP implementations. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-12-14 10:53 | jtarbal | New Issue | |
| 2008-12-14 10:53 | jtarbal | Assigned To | => rafaroda |
| 2008-12-14 10:53 | jtarbal | sf_bug_id | 0 => 2426525 |
| 2008-12-17 10:07 | rafaroda | Assigned To | rafaroda => pjuvara |
| 2008-12-17 20:14 | pjuvara | Tag Attached: Clean-up | |
| 2008-12-17 20:14 | pjuvara | Tag Attached: ReleaseCandidate | |
| 2008-12-17 20:14 | pjuvara | Status | new => acknowledged |
| 2009-01-15 17:36 | joan | Issue Monitored: joan | |
| 2009-03-02 09:31 | jtarbal | Note Added: 0014198 | |
| 2009-05-22 19:36 | pjuvara | Assigned To | pjuvara => iciordia |
| 2014-05-08 20:55 | johnfandl | Issue Monitored: johnfandl | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |