Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | |||||||||||
| 0007374 | |||||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||||
| feature request | [Openbravo ERP] C. Security | minor | always | 2009-02-05 06:42 | 2009-05-22 19:36 | ||||||
| Reporter | pjuvara | View Status | public | ||||||||
| Assigned To | iciordia | ||||||||||
| Priority | normal | Resolution | open | Fixed in Version | |||||||
| Status | acknowledged | Fix in branch | Fixed in SCM revision | ||||||||
| Projection | none | ETA | none | Target Version | |||||||
| OS | Any | Database | Any | Java version | |||||||
| OS Version | Database version | Ant version | |||||||||
| Product Version | 2.40 | SCM revision | |||||||||
| Review Assigned To | |||||||||||
| Web browser | |||||||||||
| Modules | Core | ||||||||||
| Regression level | |||||||||||
| Regression date | |||||||||||
| Regression introduced in release | |||||||||||
| Regression introduced by commit | |||||||||||
| Triggers an Emergency Pack | No | ||||||||||
| Summary | 0007374: Secure records so that only user who created them can view them | ||||||||||
| Description | You should be able to declare in AD that in a particular window only the user who created the records is able to see them. This behavior is for instance needed in the requistion flow where only the employee who created a requisition and the purchasing agent should be able to see them. We have resolved this requirement in 2.40 with a workaround: we duplicated the window and added a custom where clause to enforce security. This implementation however is not fully correct has it creates redundant code and it is confusing. See issues 7311 and 4716 for more details. Another example of this need is in the Employee Appraisal module about to be published on top of 2.50. In that case, only the manager who created the appraisal, her management chain and the HR manager are able to see records. In that case, there is an additional twist as the manager is able to share the appraisal with the employee, so depending on the record status other users are also able to see the record. | ||||||||||
| Proposed Solution | In order to avoid duplications, we should allow to specify a custom filter in the role - window association. This custom filter is applied in addition to the standard organization based security. | ||||||||||
| Tags | ReleaseCandidate | ||||||||||
| Attached Files | |||||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||
|
|||||||||||||||
 Relationships |
|
Notes |
|
| There are no notes attached to this issue. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-02-05 06:42 | pjuvara | New Issue | |
| 2009-02-05 06:42 | pjuvara | Assigned To | => pjuvara |
| 2009-02-05 06:42 | pjuvara | sf_bug_id | 0 => 2566916 |
| 2009-02-05 06:42 | pjuvara | Regression testing | => No |
| 2009-02-05 06:43 | pjuvara | Relationship added | related to 0007311 |
| 2009-02-05 06:43 | pjuvara | Relationship added | related to 0004716 |
| 2009-02-05 06:43 | pjuvara | Status | new => acknowledged |
| 2009-02-05 06:43 | pjuvara | Tag Attached: ReleaseCandidate | |
| 2009-05-22 19:36 | pjuvara | Assigned To | pjuvara => iciordia |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |