looking at the current trunk the login, checks the party then looks in contactmech for the Primary Email address. The contact Primary Email address set in the party is used to put the incoming emails into that party or party group. so if you have a party group of Sales, you should associate the employee party to the Sales so they can access the Sales Emails and Send Emails with the sa...@mydomain.com. However each employee should have their own Party with the Primary Email address being one that is External to mydomain.com and ofbiz. Then the email Password would go to that party's external email address.
This part is a choice that I recommend. That a backdoor login be assigned to the Admin party that is not common and is not used except in Dire emergencies. the Primary Email should only go to the owner of the business. The back door I used is not even assigned to a party just has the permissions. so there is no way to get the Admin password Emailed. it can only be reset through webtools. Each employee that would have Admin access should have that in their permissions for the login of their partyID. This way if an employee moves on their access to admin can be terminated without a lot of disruption to the company's process. If someone has a different scheme please share. BJ Freeman sent the following on 7/30/2011 10:53 AM: > even if someone request a password for admin it will only go to the > email account specified, in the profile. > > I do run a nightly service that is like my own dictionary service for > passwords that are common. Then the systems sends a password reset to > the email. > > BJ Freeman sent the following on 7/30/2011 10:22 AM: >> They may have a party Sales, at least in my systems, the login is email >> addresses. it is harder for dictionary attracts to be effective. >> >> >> Mike sent the following on 7/30/2011 7:41 AM: >>> There must be something more. Any organization would have generic >>> logins, like "sales", or it would be easy to guess employee logins >>> from the "about us" page. It makes sense that the password reset >>> should be intended ONLY for customers, not (any) system-type login. >>> >>> I would think that the password reset feature should be limited to >>> certain roles, like "Customer". >>> >>> On Sat, Jul 30, 2011 at 4:00 AM, BJ Freeman <bjf...@free-man.net> wrote: >>>> for production systems do not use "admin" as a lognin. >>>> it is never created. >>>> >>>> Mike sent the following on 7/30/2011 12:10 AM: >>>>> Why is it that *any* user can, using the password reset or "Forgot >>>>> Your Password" can actually force "admin" to change the password? Is >>>>> there a way to turn this off? >>>>> >>>> >>> >> >
