There are no links between a party role type and a security permission
group.
In the beginning, security roles were simply permissions with the word
ROLE in them. Various applications used the security role permissions to
control access to certain actions.
Over time, application code started using the party role to control
access - effectively making the party role a security role, so the
concept of role based permissions has become blurred or muddled.
https://cwiki.apache.org/OFBTECH/ofbiz-security.html
Unfortunately, the current party role based permissions are not very
well documented. You have to look at the code to determine which roles
control access to various parts of the applications.
-Adrian
On 2/2/2011 10:47 PM, Pankaj Singh wrote:
Hi ,
Yes we have gone through the shared links. Also understand that link between
userIds and security groups and between party and partyrole. What is not
clear is how these roles translate to actual privileges. In other words we
did not find any entity to capture links between RoleType and
SecurityPermisssionGroup.
Here is what we are looking at.
- Derive permissions from associated PartyRole.
- Avoid security group association to userLogin. This is apply security
privileges at the party level rather than at the userlogin level.
Hope that helps. It is possible that all these are implemented in a certain
way and discussed in the link referenced but unclear to us at this time and
therefore looking for hints.
Thanks ,
Pankaj Kumar Singh
On Thu, Feb 3, 2011 at 12:44 AM, BJ Freeman<[email protected]> wrote:
https://cwiki.apache.org/OFBTECH/ofbiz-security.html
https://demo-trunk.ofbiz.apache.org/partymgr/control/viewprofile?partyId=admin
I use this for an example
this party has many logins. each login can have its own Security Groups
On top of this you can also have roles assigned to the party
https://demo-trunk.ofbiz.apache.org/partymgr/control/viewroles?partyId=admin
these are available for all the logins assigned for that party.
from a code level you use the login to find the roles assigned to the
party, as well as the securitygroups for that login.
=========================
BJ Freeman
Strategic Power Office with Supplier Automation<
http://www.businessesnetwork.com/automation/viewforum.php?f=52>
Specialtymarket.com<http://www.specialtymarket.com/>
Systems Integrator-- Glad to Assist
Chat Y! messenger: bjfr33man
Pankaj Singh sent the following on 2/2/2011 9:41 AM:
Hi All,
We have some query about security system please give us some ideas on
below
:-
For a given role type how does the Application find out the applicable
security permissions ?
for example :-
a manager role type in org_A requires ORDERMGR_ADMIN only while another
org_B requires ORDERMGR_ADMIN and PARTYMGR_ADMIN. How can this be done
without code level changes ?
