Hi Gabriel, We had a requirement once where security needed to be on row / record level, and OFBiz does supports this on the widget level.
Your solution is not hard, you will probably need to define a few view entities with constraints on roletype of logged in user. You will also limit what shows up on the screen with hasrolepermission tags. This section might help: https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions#OFBizSecurityPermissions-Atrecordlevel,byusingRolelimitedpermissionsorrelatedmeans HTH Taher Alkhateeb On Aug 26, 2015 3:04 AM, "Gabriel Oberreuter" <goberreu...@gmail.com> wrote: > Hello, > > I have the following requirement: > At our company, Invoices are always assigned to a sales_rep executive, and > in Ofbiz we do this by creating an InvoiceRole (roleTypeId SALES_REP) > between each Invoice and its corresponding sales rep. > > Now, we need to limit the access of each sales rep only to his own > Invoices. Can be this done within the included Ofbiz functionality? > > As far as I know (don't know much of inner part of ofbiz yet), we need some > customization. I am thinking of modifying each invoice screen (or screen's > forms) to limit the invoice list based on the logged in user, which has to > be some kind of admin or a sales rep. In the latter case, the filter should > only include invoices belonging to this sales rep. > > I am also thinking in a hierarchical schemma, were sales_rep supervisors > have access to all their supervised sales_rep. > > Any better idea? Am I pointing in the right direction? > > I know that we can limit access to accounting with security groups, but I > think that security groups is not the way to go, as I believe they are > thought to restrict by kinds of operations, but not by (sub)groups of > elements meeting certain conditions. > > Thanks!! > > -- > Gabriel Oberreuter > Mobile: +56 9 85299198 >