+1

On Jun 15, 2009, at 11:29 AM, Mridul Pathak wrote:

Hi David,

We have documentation on OFBiz wiki where various Actors and their roles have been defined. These are the Actors which are meant to use OFBiz backend applications. Each Actor has some specific role, and he executes a certain business process. For example, a buyer places purchase order, or a packer packs inventory into boxes for shipping. There are many such actors which have been defined, and in many cases the business process associated with them is also defined. They are standard to every organization, though some of them may vary slightly from organization to organization.

What I am actually thinking here is that we should be able to apply security on "Actor/Business Process" combination. Like for a buyer, we can have a specific security group, which allows only purchase order placement and nothing else. Or for packer, only those security permissions should be assigned which just allows him to pack inventory into boxes for shipping, that is to complete his business process, and he shouldn't be able to control other parts of the facility application.

These security groups may exist as seed data and can be used by any organization OOTB. Or, if it is not a good idea to keep them as seed data, they can still exist as demo data. Also, this effort can help us evaluating OFBiz Security Model, that how far on the business process level we can apply the security, and then we can go for improvements if found any.

If what I am proposing here makes sense, we can think about my last proposal as an initial start toward this effort. We can start with defining application specific security groups. So that if someone has permissions only for a Order Manager application, he won't be able to control other applications.

--
Thanks,
Mridul Pathak

On 15-Jun-09, at 1:36 PM, David E Jones wrote:


That's an interesting idea... what are you thinking about _why_ would we want that?

-David


On Jun 15, 2009, at 2:00 AM, Mridul Pathak wrote:

I think we should have application specific security group not only for Accounting but for all other applications. And demo data for parties each having an application specific permissions will also be a good thing to have.

--
Thanks,
Mridul Pathak
HotWax Media Pvt. Ltd.
http://www.hotwaxmedia.com


On 15-Jun-09, at 12:26 PM, Sumit Pandit wrote:

Anil,

Thank you for your response.
Created a jira issue - https://issues.apache.org/jira/browse/OFBIZ-2606 and patch is uploaded with testing steps.

Thanks And Regards
Sumit Pandit

On Jun 15, 2009, at 9:57 AM, Anil Patel wrote:

Sumit,
Looks like good thing to do. Having this profile handy will give us opportunity to break out of habit of using admin/ofbiz user account for testing application. If you have time it will be good to create a Jira issue for it and contribute patch.

Regards
Anil Patel

On Jun 13, 2009, at 9:45 AM, Sumit Pandit wrote:

Hello Devs,

I would like to propose setup of a new SecurityGroup which is dedicated to OFBiz Accounting component only. It will assigned by all SecurityPermission which are required to handle variuos accounting operations. Purpose of this will be to be able to create a UserLogin, who will have restricted access to Accounting component only.

It will reflect to changes in following entities  -
create a new SecurityGroup and assign all associated SecurityPermission to it.
Create a new UserLogin and assign SecurityGroup to him.
Additional suggestion - Create a new PartyRole - "ACCOUNTANT", child of Role - "EMPLOYEE".

Thoughts?

Thanks And Regards
Sumit Pandit






Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to