[
https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13266749#comment-13266749
]
Jacopo Cappellato commented on OFBIZ-4130:
------------------------------------------
Hans,
unfortunately I don't know much about this code, but I would like to try to
help to resolve in some way this ticket.
If I well understand, the issue reported here is that, if a tenant user is
granted the role of 'SECURITYADMIN' then it has access to the data of other
tenants.
How would you classify this, according to your design? Is it a bug (but the
solution proposed is not good)? Is it an intended feature by design (i.e.
SECURITYADMIN should be used to create a superuser, that can manage all
tenants)? Is it a side effect of the design (i.e. SECURITYADMIN should *never*
be used for tenant users)?
If I understand this then I can probably be of some help.
> Tenant super user (tenant admin) can view all database details of all tenants
> -----------------------------------------------------------------------------
>
> Key: OFBIZ-4130
> URL: https://issues.apache.org/jira/browse/OFBIZ-4130
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Release Branch 10.04, SVN trunk
> Reporter: Pierre Smits
> Priority: Critical
> Fix For: Release Branch 10.04, SVN trunk, Release 11.04.01
>
> Attachments: OFBIZ-4130-MultiTenant-visibilty.patch
>
>
> When a new tenant is created and the super user of the tenant (the
> tenant-admin) logs in to WebTools and views the tables Tenant and
> TenantDataSource he/she can see all details of the tenant databases, incl
> TenantName, userID and password of the tenant databases.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
