Setting access to Application Dictionary -> Report&Process to an "ordinary" user
78 views
Skip to first unread message
Martin V
May 7, 2014, 2:44:21 AM5/7/14
to idem...@googlegroups.com
Hello,
I'd like to ask whether it's possible to allow acces of non System and non Admin user to Application Dictionary -> Report&Process to be able to create processes?
I know when I login as System possible. But when I log in as a GardenAdmin the option is not there. And as a System there is no option (or I didn't find it) how to set other roles and users than System. I.e. as a System I can't set GardenAdmin or it's role to allow hin to access Application Dictionary -> Report&Process.
Is it possible (and how) to create restricted user and allow him to create process?
Thanks in advance
Martin Vavrušák
I'd like to ask whether it's possible to allow acces of non System and non Admin user to Application Dictionary -> Report&Process to be able to create processes?
I know when I login as System possible. But when I log in as a GardenAdmin the option is not there. And as a System there is no option (or I didn't find it) how to set other roles and users than System. I.e. as a System I can't set GardenAdmin or it's role to allow hin to access Application Dictionary -> Report&Process.
Is it possible (and how) to create restricted user and allow him to create process?
Thanks in advance
Martin Vavrušák
Anozi Mada
May 7, 2014, 3:50:51 AM5/7/14
to idem...@googlegroups.com
Hi Martin,
I don't see why you need ordinary user to be able to create process since it usually involves java class or jasper.
But if you need it:
1. Login as SuperUser/System, open window Table search for AD_Process and set the data access level to "System+Client"
2. Login as client's admin, add window "Report & Process" access in Role > Window Access to the role you want.
Regards,
Anozi Mada
I don't see why you need ordinary user to be able to create process since it usually involves java class or jasper.
But if you need it:
1. Login as SuperUser/System, open window Table search for AD_Process and set the data access level to "System+Client"
2. Login as client's admin, add window "Report & Process" access in Role > Window Access to the role you want.
Regards,
Anozi Mada
Martin V
May 7, 2014, 5:19:17 AM5/7/14
to idem...@googlegroups.com
Thanks for your reaction.
The reason is to allow of setting JasperReport.Your instruction worked.
--To view this discussion on the web visit https://groups.google.com/d/msgid/idempiere/ff49e595-b973-4d92-81af-71f4d5d8da0d%40googlegroups.com.
You received this message because you are subscribed to a topic in the Google Groups "iDempiere" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/idempiere/11L359pnUx0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to idempiere+...@googlegroups.com.
Carlos Antonio Ruiz Gomez
May 7, 2014, 10:22:08 AM5/7/14
to idem...@googlegroups.com
Please allow me to add that you're
opening a BIG security hole on your installation.
Regards,
Carlos Ruiz
Regards,
Carlos Ruiz
On 07/05/14 04:19, Martin V wrote:
Martin V
May 8, 2014, 3:29:24 AM5/8/14
to idem...@googlegroups.com
Hello Carlos,
much for your comment. Could you please little more specify what is the threat? I can imagine damaging processes which are allready present in the system. Have you meant this?
Hiep Lq
May 8, 2014, 3:41:17 AM5/8/14
to idem...@googlegroups.com
give a client admin right to process window is danger, he can stole system admin password.
jasper is very strong, it process query direct from database or call java function.
other danger, he can run any process, more process is just design for system admin.
Carlos Antonio Ruiz Gomez
May 8, 2014, 10:00:49 AM5/8/14
to idem...@googlegroups.com
Agree with Hiep, also with jasper you
can execute DML/DDL statements against the database, and you can
execute queries that overstep the iDempiere tenant/org security.
Jasper reports installed must be controlled by the administrator, you must not install a jasper provided by a third party, you must check its validity and compliance with security on the source before installing.
Also allowing a user to set up a process is opening also the possibility to invoke scripts and possibly malicious java code and database procedures.
Jasper reports installed must be controlled by the administrator, you must not install a jasper provided by a third party, you must check its validity and compliance with security on the source before installing.
Also allowing a user to set up a process is opening also the possibility to invoke scripts and possibly malicious java code and database procedures.
Reply all
Reply to author
Forward
0 new messages