[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Roles for 1.3-- feedback?

Chris Travers wrote:
>     Hmm. I have worked in places where they don't want people to be
>     able to
>     look up home numbers/addresses of other employees... Also possibly for
>     outsourced bookkeepers... I would think inheriting the read_contact
>     right should cover this case, maybe?
> Ok.  We may need to think about this some more.  Certainly getting a
> list of names, id's, of employees is required by a surprising set of
> application functionality and we may not be able to address this in
> 1.3 using db-level permissions.

I doubt name and id of a contact would be an issue for any of the places
I'm thinking of. The sensitive things are phone numbers, street
addresses, etc.


John Locke
"Open Source Solutions for Small Business Problems"
published by Charles River Media, June 2004