Hi, 1. Does this mean the permissions relevant to the party are in then code and not as data in database ? 2. If Above is true and we would like to drive through the Database what are the options ? 3. We are also trying to force record level permission by party not userlogin .
Special thanks to you all for useful advise Pankaj Kumar Singh On Thu, Feb 3, 2011 at 12:58 PM, Adrian Crum < [email protected]> wrote: > There are no links between a party role type and a security permission > group. > > In the beginning, security roles were simply permissions with the word ROLE > in them. Various applications used the security role permissions to control > access to certain actions. > > Over time, application code started using the party role to control access > - effectively making the party role a security role, so the concept of role > based permissions has become blurred or muddled. > > > https://cwiki.apache.org/OFBTECH/ofbiz-security.html > > Unfortunately, the current party role based permissions are not very well > documented. You have to look at the code to determine which roles control > access to various parts of the applications. > > -Adrian > > > > On 2/2/2011 10:47 PM, Pankaj Singh wrote: > >> Hi , >> Yes we have gone through the shared links. Also understand that link >> between >> userIds and security groups and between party and partyrole. What is not >> clear is how these roles translate to actual privileges. In other words we >> did not find any entity to capture links between RoleType and >> SecurityPermisssionGroup. >> >> Here is what we are looking at. >> >> - Derive permissions from associated PartyRole. >> - Avoid security group association to userLogin. This is apply security >> privileges at the party level rather than at the userlogin level. >> >> Hope that helps. It is possible that all these are implemented in a >> certain >> way and discussed in the link referenced but unclear to us at this time >> and >> therefore looking for hints. >> >> Thanks , >> Pankaj Kumar Singh >> >> >> On Thu, Feb 3, 2011 at 12:44 AM, BJ Freeman<[email protected]> wrote: >> >> https://cwiki.apache.org/OFBTECH/ofbiz-security.html >>> >>> >>> https://demo-trunk.ofbiz.apache.org/partymgr/control/viewprofile?partyId=admin >>> I use this for an example >>> this party has many logins. each login can have its own Security Groups >>> On top of this you can also have roles assigned to the party >>> >>> >>> https://demo-trunk.ofbiz.apache.org/partymgr/control/viewroles?partyId=admin >>> these are available for all the logins assigned for that party. >>> from a code level you use the login to find the roles assigned to the >>> party, as well as the securitygroups for that login. >>> >>> >>> ========================= >>> BJ Freeman >>> Strategic Power Office with Supplier Automation< >>> http://www.businessesnetwork.com/automation/viewforum.php?f=52> >>> Specialtymarket.com<http://www.specialtymarket.com/> >>> Systems Integrator-- Glad to Assist >>> >>> Chat Y! messenger: bjfr33man >>> >>> >>> Pankaj Singh sent the following on 2/2/2011 9:41 AM: >>> >>> Hi All, >>> >>>> We have some query about security system please give us some ideas on >>>> below >>>> :- >>>> >>>> For a given role type how does the Application find out the applicable >>>> security permissions ? >>>> for example :- >>>> a manager role type in org_A requires ORDERMGR_ADMIN only while another >>>> org_B requires ORDERMGR_ADMIN and PARTYMGR_ADMIN. How can this be done >>>> without code level changes ? >>>> >>>> >>>> >>
