[
https://issues.apache.org/jira/browse/OFBIZ-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17836780#comment-17836780
]
Pierre Smits commented on OFBIZ-12893:
--------------------------------------
Hi Jacques,
While it may be regarded as an issue of low severity (per your linked page), it
should be regarded as higher because it all has to do with the appeal of OFBiz
to potential adopters. When we OOTB show action triggers or create/edit pages
to users (either via demo sites or in downloaded versions), the potential
adopter may regarded the product as not mature and costly to improve. And thus
opt for other solutions.
> Screen Security in Party should not show create trigger to user with only
> VIEW permission.
> ------------------------------------------------------------------------------------------
>
> Key: OFBIZ-12893
> URL: https://issues.apache.org/jira/browse/OFBIZ-12893
> Project: OFBiz
> Issue Type: Improvement
> Components: party
> Affects Versions: Upcoming Branch
> Reporter: Pierre Smits
> Priority: Major
>
> When accessing
> [https://demo-trunk.ofbiz.apache.org/partymgr/control/FindSecurityGroup] as a
> user with only VIEW permissions (e.g. userId = auditor) the action trigger to
> create something is shown.
> This should not be visible to such a user as it leads to an undesired effect
> and diminished user experience.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
