[ https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13266749#comment-13266749 ]
Jacopo Cappellato commented on OFBIZ-4130: ------------------------------------------ Hans, unfortunately I don't know much about this code, but I would like to try to help to resolve in some way this ticket. If I well understand, the issue reported here is that, if a tenant user is granted the role of 'SECURITYADMIN' then it has access to the data of other tenants. How would you classify this, according to your design? Is it a bug (but the solution proposed is not good)? Is it an intended feature by design (i.e. SECURITYADMIN should be used to create a superuser, that can manage all tenants)? Is it a side effect of the design (i.e. SECURITYADMIN should *never* be used for tenant users)? If I understand this then I can probably be of some help. > Tenant super user (tenant admin) can view all database details of all tenants > ----------------------------------------------------------------------------- > > Key: OFBIZ-4130 > URL: https://issues.apache.org/jira/browse/OFBIZ-4130 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: Release Branch 10.04, SVN trunk > Reporter: Pierre Smits > Priority: Critical > Fix For: Release Branch 10.04, SVN trunk, Release 11.04.01 > > Attachments: OFBIZ-4130-MultiTenant-visibilty.patch > > > When a new tenant is created and the super user of the tenant (the > tenant-admin) logs in to WebTools and views the tables Tenant and > TenantDataSource he/she can see all details of the tenant databases, incl > TenantName, userID and password of the tenant databases. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira