The word "role" in the context of an organization doesn't necessarily
translate into a RoleType and PartyRole in OFBiz... or in other words
the work "role" is used for various different meanings. In OFBiz we
try to distinguish between a PartyRole that is used to describe how a
Party relates to other things in the system, and a SecurityGroup which
defines which users have which permissions.
The concept of a SecurityGroup was separated from the Party/RoleType/
PartyRole stuff for a few reasons. One of them was to have a framework
level security model that is separate the business level elements in
the base applications, including the party stuff. In general framework
components are not allowed to have a dependency on applications
components, and the webapp tools are in the framework and RoleType/
PartyRole in applications.
Backing up a bit, the client using the word "role" is part of a
requirement and a design needs to be created based on that
requirement. From the bit of this that I've read the closest concept
in OFBiz to this is actually SecurityGroup and NOT RoleType.
-David
On Dec 11, 2008, at 8:44 AM, Ray wrote:
It came about from a requirement driven around roles so that was the
suggested limiter. The example would be someone with a role of "Sales
Rep" who works in house answering calls, processing paperwork might
easily deal with 200 a day where as someone operating as "Sales
Consultant" in the field visiting clients personally might only deal
with 20 a day.
They both have security to access the same client view but the user
request was to limit them with a differing number of allowed accesses
based on their roles.
If that needs to be translated in to security groups for
implementation
to fit in with OFBiz practices then fine, I'm not struck to it being
roles. This was thought to be a generally useful feature others
might be
interested in hence we are trying to make it compatible for the
community.
Ray
David E Jones wrote:
Instead of attaching this to a Party RoleType, it would be better to
attach it to a SecurityPermission or SecurityGroup. Access to
resources
like pages and such is governed by permissions in OFBiz, and roles
are
used for record-level security (like which parties a user can
view/edit/etc as opposed to being able to use the view profile
screen).
-David
