Yes indeed. Why having it out of the box if you can configure it yourself on each installation ?
No dia 11/05/2012, às 18:10, "Hamza BENHMANI" <[email protected]> escreveu: > Hello Alexis, > > I agree that this is a predefined groups rights issue, because I believe that > such customization should be done by default, but still, the groups and > access rights in OpenERP are (more or less) flexibly customizable, which > means, for instance, in this case you can : > > - whether create a brand new group and give him only the right to write on > the address object. > - or start from scratch and make your own structure of groups and access > rights. > > Kind regards. > > 2012/5/11 Hamza BENHMANI <[email protected]> > Hello Alexis, > > I agree that this is a predefined groups rights issue, because I believe that > such customization should be done by default, but still, the groups and > access rights in OpenERP are (more or less) flexibly customizable, which > means, for instance, in this case you can : > > - whether create a brand new group and give him only the right to write on > the address object. > - or start from scratch and make your own structure of groups and access > rights. > > Kind regards. > > > 2012/5/11 Alexis de Lattre <[email protected]> > Dear OpenERP community friends, > > I share with you something that may be interesting for the whole community. > The issue I point out is present in OpenERP 6.0 and 6.1 (probably in other > versions too) : > > 1. Only few groups have write access on res.partner.address : Partner > Manager, Administration / Configuration, HR Manager and Accounting & Finance > / Invoicing & Payments (in v6.1) > > 2. It means that, if you want your sales, purchase or stock users (not > managers) to be able to update a phone number or an email address on a > Partner Address, you will probably think : he needs write access on Partner > Addresses, so I need to add him to the group "Partner Manager". > > 3. If you look at the details of the ACLs for the group "Partner Manager", > you will see that this group has write/create access on res.partner.bank and > res.bank. > > 4. It means that all users that belong to the "Partner Manager" group can > modify the bank account numbers and other bank details on any partner. > > 5. Imagine one of them replaces the IBAN and BIC of a supplier by his own > bank account. > > 6. If the company uses OpenERP to generate bank files to pay the suppliers, > the employee will receive the money instead of the supplier ! > > 7. The employee then runs away to the British Virgin Islands... :) > > Of course, I know that all OpenERP integrators take the time to review all > ACLs on every deployment of OpenERP to check that nobody has "too much" > rights... :-) > > But I wanted to share the light on this issue... the "Partner Manager" group > gives a lot of rights, probably too much for a regular employee... but you > probably want your regular employees to update phone numbers and e-mail > addresses on partners, but there is no native "intermediate" group to give > them such rights. > > Regards, > > -- > Alexis de Lattre > > _______________________________________________ > Mailing list: https://launchpad.net/~openerp-community > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openerp-community > More help : https://help.launchpad.net/ListHelp > > > > -- > Hamza BENHMANI > (+212) 6 64 38 27 79 > http://benhmani.com > http://benhmani-hamza.110mb.com > http://benhmani-hamza.110mb.com/english.html > > > > > -- > Hamza BENHMANI > Consultant technique Open Source > Bureau : +212 (0) 522 23 54 44 > Portable : +212 (0) 664 38 27 79 > Skype : hamza.ben7 > > > 10, rue Ibnou Al Arif > 20 100 Casablanca - Maroc > [email protected] > www.kazacube.com > > _______________________________________________ > Mailing list: https://launchpad.net/~openerp-community > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openerp-community > More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openerp-community Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-community More help : https://help.launchpad.net/ListHelp
