openerp-community team mailing list archive

Thread
Date

security Vulnerability or duplication in OpenERP??

To: openerp-community@xxxxxxxxxxxxxxxxxxx
From: Masoom Alam <masoom.alam@xxxxxxxxx>
Date: Sat, 22 May 2010 05:18:44 +0500

Hi Every one,


I am having two problems, please identify, whether I am doing some thing
wrong, or this thing is not possible in OpenERP:

*Problem 1*

   1. Whenever, I give access rights on an object, or set of objects to a
   particular user, all the menus related to that object are automatically
   accessible by that user. For example, in the account_voucher, if a list of
   objects such as account.voucher, account.journal etc, etc.  which are
   required for a user, are given, all the menus under the voucher Entries are
   automatically assigned. This is the default behavior. right?
   2. Does this mean that there is no need to have
   "Administration--->Security----->Grant Access to Menus", some how granting
   access to menus is useless, since objects access is needed and when I give
   object access, menus access is automatically granted.
   3. Is there is some way, that i can grant access to a list of objects to
   two or three users, but restrict access to menus?
   4. Scenario: I want to give access to user1 to Bank Receipt Voucher while
   to user2, Cash Payment Voucher. Now menus are different, but objects are
   same.

*Problem 2*
*
*

   1. in the _columns{}, whenever a one2many() relation is chosen for a
   field, on search, the fields associated with the "many portion" are
   automatically shown. Can we restrict this view, i mean certain
   columns/fields from the "many part" can be hidden from particular users,
   while certain can be shown for search purpose only?



Thanking you in advance.
Regards,
MM Alam

Follow ups

Re: security Vulnerability or duplication in OpenERP??
From: Olivier Dony, 2010-05-28
Re: security Vulnerability or duplication in OpenERP??
From: Ana Juaristi, 2010-05-23