[
https://issues.apache.org/jira/browse/OFBIZ-12380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17443356#comment-17443356
]
Jacques Le Roux commented on OFBIZ-12380:
-----------------------------------------
Hi Pierre,
Is it not logical than auditor has access to all? Are there other profiles who
have access to this ressource, and others?
> User with only VIEW permission should not see 'editInvoice' screen/form
> -----------------------------------------------------------------------
>
> Key: OFBIZ-12380
> URL: https://issues.apache.org/jira/browse/OFBIZ-12380
> Project: OFBiz
> Issue Type: Improvement
> Components: accounting
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: permissions
>
> Currently, when a user has only view permissions, as demonstrated in trunk
> demo with userId = auditor, he/she/they can access the header of an invoice.
> This shows a form with edit capabilities.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
