[
https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13259496#comment-13259496
]
Pierre Smits commented on OFBIZ-4130:
-------------------------------------
Hans,
I believe you do not fully understand the issue at hand. I am NOT talking about
the admin (as you call it the super tenant user) of the main delegator, who
indeed must be able to administer and add tenants.
I am talking about users of tenants who have been granted the role of
'SECURITYADMIN' to manage/maintain data thru webtools for their own tenant.
These users can see details of all tenants in tables 'Tenant', TenantComponent'
and 'TenantDataSource'. And that is a situation you would not want.
Regards,
Pierre
> Tenant super user (tenant admin) can view all database details of all tenants
> -----------------------------------------------------------------------------
>
> Key: OFBIZ-4130
> URL: https://issues.apache.org/jira/browse/OFBIZ-4130
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Release Branch 10.04, SVN trunk
> Reporter: Pierre Smits
> Priority: Critical
> Fix For: Release Branch 10.04, SVN trunk
>
> Attachments: OFBIZ-4130-MultiTenant-visibilty.patch
>
>
> When a new tenant is created and the super user of the tenant (the
> tenant-admin) logs in to WebTools and views the tables Tenant and
> TenantDataSource he/she can see all details of the tenant databases, incl
> TenantName, userID and password of the tenant databases.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
