c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 719063] Re: [6.0] new user - much too many access rights

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: "Olivier Dony \(OpenERP\)" <719063@xxxxxxxxxxxxxxxxxx>
Date: Fri, 18 Feb 2011 13:08:31 -0000
Reply-to: Bug 719063 <719063@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Wait, wait, this needs clarifications, it is not fully "won't fix". Here
is a summary:

1. We do want new users to have "Employee" and "Partner Manager" groups by default, because this is a must have for users that are created for the purpose of giving access to colleagues in most SMB or SaaS deployments. This is the most common case, so it is the default.
2. For other specific cases (like giving access to external users), assigning (or removing) groups is part of setting up the new users, according to their profiles. Note that there is the "share" module specifically dedicated to sharing data with external users, and it takes care of the basic group/rule setup.
3. By default we want members of "Employee" to be able to see the list of Employees, because in most companies people need to access the "phone book" of the company, and this is how it is done. We have setup special view restrictions on Employee form, so that other Employees can only see basic contact info (phone, job position, picture). You need to be part of HR to see more than that.

We need to make everything consistent with these 3 rules, therefore normal Employees should not indeed be able to see the Payslips or Evaluations of other employees, this is for HR/User (i.e HR Officers) only.
Therefore, some of the patches done by addons3 team are good, but some are not (i.e. Employees must be able to see other Employees, but not all their data). I hope this clears up the situation.

Note to developers: please respect the new convention for naming bugfix branches (like atp) to make the review/merge task easier, and avoid putting everything in the same branch. See guidelines or contact your team leader for more explanations.

** Changed in: openobject-addons
Status: Won't Fix => In Progress

--
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/719063

Title:
[6.0] new user - much too many access rights

Status in OpenERP Modules (addons):
In Progress

Bug description:
Employee and Partner Manager are assigne by default to each new user
IMHO much to much ...
see screenshot ( I didn't check yet if an Employee sees only "his" payslip...) but he sees all other employees and can print ther attendence liste etc. a bit to much for my taste

IMHO only the bare necessary access rights should be given to a group
"Login"

I think of users who should only have access to wiki or documents for
example (external consultants)

References

[Bug 719063] [NEW] [6.0] new user - much too many access rights
From: Ferdinand @ Camptocamp, 2011-02-14