Hello Wai, To try to better understand your examples, i will reformulate :
* A user can access a functionality using an oauth2 settings that is configured only by an administrator ? But the concerned user can view it.
The way i would implement that is using *security group* granting permission to configure these kinds of parameters (that do not seems to belong to SystemProperty since it do not contains userLogin/party reference).
The Owner of the configuration, could only view it (based on userLoginId or partyId check on the configuration entity) and those from a specific screen.
* The property is hidden by default (to anyone, including the ofbizTenantOwner), but can be configured by a specific profile (OfbizOwner).
Given the property type, i would store it into SystemProperty and grant access to it using security through a specific screen.
I do not get the point that could justify the creation of accessType onto SystemProperty.
But if you want to configure access to SystemProperty configuration, that could be possible is to add a permissionId field... but that won't solve your examples.
HTH Gil On 10/08/2017 21:08, Wai wrote:
Sorry it took so long to reply. I was not notified by Nabble that anybody responded.When I use the term "access", it is _not_ related to ofbiz security. Perhaps I should have used a different term to describe these fields. I shall replace "access" with readWriteType.readWriteType means how ofbiz treats the property when a user interacts with it. Of course, only users with the proper ofbiz authorization may access the properties. Some properties are mean to be viewed and not modified (ie. readWriteType=readOnly). Some are hidden altogether (ie. readWriteType=hidden).Example of a read only property field:An ofbiz owner may subscribe to a third party service via oauth2 authentication. This 3rd party service is used by ofbiz to provide a functionality. A user with proper ofbiz authorization may modify the oauth2 authentication parameters(ie. readWriteType=readWrite) and can also view the current oauth2 status (ie. readWriteType=readOnly). (Note: this is not related to ofbiz passport component).In the case of readWriteType=hidden, lets define 2 terms. ofbizOwner and ofbizTenantOwner. ofbizOwner is an entity that owns an ofbiz system. Such an entity is responsible for installation, setup, upgrades, database upgrades and tenant administrations. A ofbizInstanceOwner is a tenant of an ofbiz system configured for multitenant mode of operation. A property with readWriteType=hidden is one which is administered by the ofbizOwner and stored in the database of an ofbizTenantOwner and affects the instance of that tenant. As such, the ofbizTenantOwner cannot view nor edit such a property.Hope this clear things up. -- View this message in context: http://ofbiz.135035.n4.nabble.com/Re-Request-for-enhance-entity-SystemProperty-tp4709235p4709445.html Sent from the OFBiz - Dev mailing list archive at Nabble.com.
