[ https://issues.apache.org/jira/browse/OFBIZ-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17836971#comment-17836971 ]
Pierre Smits commented on OFBIZ-12893: -------------------------------------- Hi Jacques, bq. Sincerely I'll not backport to R18.12; and R20.01, like Zappa said, is not dead, it just smells funny. Indeed it does. Is r20.01 even a thing? When you delve into where this rabbit hole (the menu-item 'security') leads, you'll find that it does not pointto a screen in the party component, or even the webtools component (where it is totally appropriate to have), but to the common component in the framework folder. > Screen Security in Party should not show create trigger to user with only > VIEW permission. > ------------------------------------------------------------------------------------------ > > Key: OFBIZ-12893 > URL: https://issues.apache.org/jira/browse/OFBIZ-12893 > Project: OFBiz > Issue Type: Improvement > Components: party > Affects Versions: Upcoming Branch > Reporter: Pierre Smits > Priority: Major > > When accessing > [https://demo-trunk.ofbiz.apache.org/partymgr/control/FindSecurityGroup] as a > user with only VIEW permissions (e.g. userId = auditor) the action trigger to > create something is shown. > This should not be visible to such a user as it leads to an undesired effect > and diminished user experience. -- This message was sent by Atlassian Jira (v8.20.10#820010)