This is a great start! I have nothing to add.
-Adrian
David E Jones wrote:
This thread is specifically for discussing security requirements and
security use scenarios to drive OFBiz security functionality going
forward. Please keep other discussion in another thread.
These things tend to fall into two categories: functionality access and
record-level access, or a combination of both. That is a high level
generalization so just warning you that what I list below may be limited
by my own blindness since I usually think in terms of those two things
for security configuration. In other words, that's the point of this
brainstorming thread.
To get things started, here are a few I can think of and have heard from
others, these are in no particular order:
1. User X can use Artifact Y for anything that artifacts supports and on
any data (where "artifact" is a screen, web page, part of a screen or
page, service, general logic, etc)
2. User X can use Artifact Y only for records determined by Constraint Z
3. User X can use any artifact for records determined by Constraint Z
4. Artifact Y can be used by any user for any purpose it supports
5. Artifact Y can be used by any user for only for records determined by
Constraint Z
6. User X can use any artifact for any record (ie superuser)
Okay, you can see that my initial pass at this is sort of an enumeration
of combinations effort. If you can think of other general scenarios,
please share! Also, please feel free to share specific requirements that
are not in such generic terms (we can worry about putting them in more
generic terms like this later).
Thank You!
-David
