Hi , Yes we have gone through the shared links. Also understand that link between userIds and security groups and between party and partyrole. What is not clear is how these roles translate to actual privileges. In other words we did not find any entity to capture links between RoleType and SecurityPermisssionGroup.
Here is what we are looking at. - Derive permissions from associated PartyRole. - Avoid security group association to userLogin. This is apply security privileges at the party level rather than at the userlogin level. Hope that helps. It is possible that all these are implemented in a certain way and discussed in the link referenced but unclear to us at this time and therefore looking for hints. Thanks , Pankaj Kumar Singh On Thu, Feb 3, 2011 at 12:44 AM, BJ Freeman <[email protected]> wrote: > https://cwiki.apache.org/OFBTECH/ofbiz-security.html > > https://demo-trunk.ofbiz.apache.org/partymgr/control/viewprofile?partyId=admin > I use this for an example > this party has many logins. each login can have its own Security Groups > On top of this you can also have roles assigned to the party > > https://demo-trunk.ofbiz.apache.org/partymgr/control/viewroles?partyId=admin > these are available for all the logins assigned for that party. > from a code level you use the login to find the roles assigned to the > party, as well as the securitygroups for that login. > > > ========================= > BJ Freeman > Strategic Power Office with Supplier Automation < > http://www.businessesnetwork.com/automation/viewforum.php?f=52> > Specialtymarket.com <http://www.specialtymarket.com/> > Systems Integrator-- Glad to Assist > > Chat Y! messenger: bjfr33man > > > Pankaj Singh sent the following on 2/2/2011 9:41 AM: > > Hi All, >> We have some query about security system please give us some ideas on >> below >> :- >> >> For a given role type how does the Application find out the applicable >> security permissions ? >> for example :- >> a manager role type in org_A requires ORDERMGR_ADMIN only while another >> org_B requires ORDERMGR_ADMIN and PARTYMGR_ADMIN. How can this be done >> without code level changes ? >> >> > -- Thanks , Pankaj Kumar Singh
