When accessing to User Window via System Admin > General Rules > Security > User, one can view all other user profile, and even can change other user password easily.
This will become severe security problem for big system implementation especially when deploy digital approval (workflow).
using Recod Data Access > Record Access trick, we can limit user view to only his own record this good only for one role - one user configuration not for one role - many user.
Hope someone can share experience on how to solve this issue.
Rgds.
Usman
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Actually what I want to achieve is to limit user (except admin), so that he can only access/change his own profile and password.
I've tried to restrcted using personal lock technique, but seems it's not suitable for one role with many user configuration (correct me I'm wrong) since other user with the same role will not be able to access his record.
Will much appreciate if you could give more detail on how to achive this simple requirement.
Rgds.
Usman
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1. Create another window, call it "My Profile", create a tab using table AD_User, on Where Clause set AD_User_ID=@#AD_User_ID@, add fields to that tab. Add window to menu (maybe, near "User" window).
2. From Role window deny access to "User" window for any normal user.
That's it.
Best regards,
Teo Sarca
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When accessing to User Window via System Admin > General Rules > Security > User, one can view all other user profile, and even can change other user password easily.
This will become severe security problem for big system implementation especially when deploy digital approval (workflow).
using Recod Data Access > Record Access trick, we can limit user view to only his own record this good only for one role - one user configuration not for one role - many user.
Hope someone can share experience on how to solve this issue.
Rgds.
Usman
Hi,
I think this can be restricted by role configuration.
Best regards,
Teo Sarca
Hi, Teo.
Actually what I want to achieve is to limit user (except admin), so that he can only access/change his own profile and password.
I've tried to restrcted using personal lock technique, but seems it's not suitable for one role with many user configuration (correct me I'm wrong) since other user with the same role will not be able to access his record.
Will much appreciate if you could give more detail on how to achive this simple requirement.
Rgds.
Usman
Hi,
1. Create another window, call it "My Profile", create a tab using table AD_User, on Where Clause set AD_User_ID=@#AD_User_ID@, add fields to that tab. Add window to menu (maybe, near "User" window).
2. From Role window deny access to "User" window for any normal user.
That's it.
Best regards,
Teo Sarca
Hi Teo,
very clever solution - I think we should even have this (or something similar) in trunk since it seems to be a common request.
What do you think?
Regards,
Karsten
Hi Karsten,
> very clever solution - I think we should even have this (or something similar) in trunk since it seems to be a common request.
> What do you think?
Having the profile window i think is a common requirement.
Restricting "User" window access (and how/for whom) depends on implementation requirements.
Best regards,
Teo Sarca
I've created a wiki page on this topic :
http://www.adempiere.com/wiki/index.php/How_to_Limit_User_Access_to_own_Record
Hope it is useful.
Rgds.
Usman
Great! thanks Usman. I wikifized it a little.
Best regards,
Teo Sarca
Many, Thanks Teo.
It work perfectly as expected.
I'll we put this little, simple but usefull tips on wiki for other newbies :)
Rgds.
Usman