c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 776969] Re: No way to set specific access right

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: Nima-k2 <776969@xxxxxxxxxxxxxxxxxx>
Date: Sun, 08 May 2011 05:08:39 -0000
Reply-to: Bug 776969 <776969@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

i solved the problem with two rules  . one has a the domain off [(1,"=",1)],for every one,and prompt for read.so every one in sales>user can see all leads.
but i created another rule with domain [('user_id','=',user.id)] ,for read/write/create action .now  the person can edit his/her own data but not others,also he/she can see all other leads too.

this is solved ,but it doesn't give me the confidence that is secure.
don't u think?

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/776969

Title:
  No way to set specific access right

Status in OpenERP Server:
  Opinion

Bug description:
  hello
  there is no way to set access right so that a user can only change his/her own data in the system and all other things are read-only.
  like in leads a user should be able to see all leads but also should be able to modify only  his/her own and not others too.
  it is a bug because sale users are restricted to see their own data because if we allow them to see others' they can edit them,if we disable write access they wouldn't be able to edit any data including their own data.
  i expect from a system with these magnitude to have such a capability .

References

[Bug 776969] [NEW] No way to set specific access right
From: Nima-k2, 2011-05-04