Hi, I'd like to tighten done the access tho data that XML-RPC scripts have, and am try to understand what openerp offers.
The doc I've found so far is: http://doc.openerp.com/developer/2_7_menu_action/7_3_security.html http://doc.openerp.com/book/8/8_20_Config/8_20_Config_accessRights.html Openerp allows security roles to be granted to a user. It would make sense to create a security role with just the rights needed for remote requests. A 'group' can be granted a list of access rights: read, write, create, delete access to objects. The objects seem to correspond to database tables, so for example: * Invoices: account.invoice, account.invoice.line, account.invoice.tax * Partners: res.partner, res.partner.address,, res.partner.address.category, res.company.address Is that correct so far? - A group "remote" was created and read access granted to the partner/invoice objects above, the remoterpc user was given access to this group. In this situation most scripts that listed partners/addresses and invoices hung: they were able to list invoice or partner ids, but not their details. >> Is there as way to configure the server to return an access denied with >> precise errors message in the logs immediately? Going further: >> Is it possible to grant read/write access on a field level? I.e. only allow >> one or two specific partner fields to be write-able. >> Is it possible to only allow specific partner categories to be readable and >> others read/write? Thanks in advance, Sean -------------------- m2f -------------------- -- http://www.openobject.com/forum/viewtopic.php?p=55470#55470 -------------------- m2f -------------------- _______________________________________________ Tinyerp-users mailing list http://tiny.be/mailman2/listinfo/tinyerp-users
