[jira] [Comment Edited] (OFBIZ-4130) Tenant super user (tenant admin) can view all database details of all tenants

Wed, 26 Feb 2014 02:22:15 -0800 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13912705#comment-13912705
 ] 

Pierre Smits edited comment on OFBIZ-4130 at 2/26/14 10:21 AM:
---------------------------------------------------------------

Hans said: 'I would not make the webtools application available to tenants'.

Unfortunately, many aspects of keyword maintenance are only accessible through 
the webtools application. This is the result of having no configuration options 
in the various apps and components. Thus we can't avoid granting tenant super 
users access to webtools.

But, apart from that issue (improvement) we should ensure that tenant super 
users don't see tenant configuration details of other tenants.


was (Author: pfm.smits):
Hans said: 'I would not make the webtools application available to tenants'.

Unfortunately, many aspects of keyword maintenance is only accessible through 
the webtools application. This is the result of having no configuration options 
in the various apps and components. Thus we can't avoid granting tenant super 
users access to webtools.

But, apart from that issue we should ensure that tenant super users don't see 
tenant configuration details of other tenants.

> Tenant super user (tenant admin) can view all database details of all tenants
> -----------------------------------------------------------------------------
>
>                 Key: OFBIZ-4130
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-4130
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Release Branch 10.04, Release Branch 11.04, SVN trunk, 
> Release Branch 12.04, Release Branch 13.07
>            Reporter: Pierre Smits
>            Priority: Critical
>             Fix For: Release Branch 10.04, Release Branch 11.04, SVN trunk, 
> Release 11.04.01, Release Branch 12.04, Release Branch 13.07
>
>         Attachments: OFBIZ-4130-MultiTenant-visibilty.patch
>
>
> When a new tenant is created and the super user of the tenant (the 
> tenant-admin) logs in to WebTools and views the tables Tenant and 
> TenantDataSource he/she can see all details of the tenant databases, incl 
> TenantName, userID and password of the tenant databases.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to