[ https://issues.apache.org/jira/browse/OFBIZ-12892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17814686#comment-17814686 ]
Jacques Le Roux commented on OFBIZ-12892: ----------------------------------------- That sounds reasonable to me indeed, would you provide a patch? It could be even backported, it's a kind of low severity: https://security.apache.org/blog/severityrating/ > Screen Classifications in Party should not show create trigger to user with > only VIEW permission > ------------------------------------------------------------------------------------------------ > > Key: OFBIZ-12892 > URL: https://issues.apache.org/jira/browse/OFBIZ-12892 > Project: OFBiz > Issue Type: Improvement > Components: party > Affects Versions: Upcoming Branch > Reporter: Pierre Smits > Priority: Major > > When accessing > [https://demo-trunk.ofbiz.apache.org/partymgr/control/showclassgroups] as a > user with only VIEW permissions (e.g. userId = auditor) the action trigger to > create a new Party Classification Group is shown. > This should not be visible to such a user as it leads to an undesired effect > and diminished user experience. -- This message was sent by Atlassian Jira (v8.20.10#820010)