[
https://issues.apache.org/jira/browse/OFBIZ-12892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17814686#comment-17814686
]
Jacques Le Roux commented on OFBIZ-12892:
-----------------------------------------
That sounds reasonable to me indeed, would you provide a patch?
It could be even backported, it's a kind of low severity:
https://security.apache.org/blog/severityrating/
> Screen Classifications in Party should not show create trigger to user with
> only VIEW permission
> ------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-12892
> URL: https://issues.apache.org/jira/browse/OFBIZ-12892
> Project: OFBiz
> Issue Type: Improvement
> Components: party
> Affects Versions: Upcoming Branch
> Reporter: Pierre Smits
> Priority: Major
>
> When accessing
> [https://demo-trunk.ofbiz.apache.org/partymgr/control/showclassgroups] as a
> user with only VIEW permissions (e.g. userId = auditor) the action trigger to
> create a new Party Classification Group is shown.
> This should not be visible to such a user as it leads to an undesired effect
> and diminished user experience.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
