Yeah, I'm pretty sure this was intentional. Security admin privileges should be very explicit and not part of any general group.
I think the intention of the PARTYADMIN group was for general party administration, but NOT the security administration side of parties. We should discuss this, but I think the most flexible and secure would be to remove this and create a SECURITYADMIN group that has this permission for easy application when needed. -David [EMAIL PROTECTED] wrote:
Author: sichen Date: Tue Jul 31 15:09:15 2007 New Revision: 561569 URL: http://svn.apache.org/viewvc?view=rev&rev=561569 Log: Not sure if this is intentional or a bug, so here's my fix. The PARTYADMIN user actually could not set security permissions for any of the users, and there was no SECURITY permission group that I could find Modified: ofbiz/trunk/applications/party/data/PartySecurityData.xml Modified: ofbiz/trunk/applications/party/data/PartySecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/data/PartySecurityData.xml?view=diff&rev=561569&r1=561568&r2=561569 ============================================================================== --- ofbiz/trunk/applications/party/data/PartySecurityData.xml (original) +++ ofbiz/trunk/applications/party/data/PartySecurityData.xml Tue Jul 31 15:09:15 2007 @@ -84,4 +84,7 @@ <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SECURITY_UPDATE"/> <SecurityGroupPermission groupId="FLEXADMIN" permissionId="SECURITY_VIEW"/> <SecurityGroupPermission groupId="VIEWADMIN" permissionId="SECURITY_VIEW"/> + + <SecurityGroupPermission groupId="PARTYADMIN" permissionId="SECURITY_ADMIN"/> + </entity-engine-xml>
