Re: Role 'parts_edit' has unusable menu item "Goods and Services

On Sun, Apr 16, 2017 at 10:28 PM, Erik Huelsmann <..hidden..> wrote:

Hi all,

While developing BDD tests with minimal rights for the test users (I'm using minimal rights with the explicit goal to test that the setup of individual roles makes sense), I'm running into my next problem:

When I assign a user 'part_edit' rights (but no other rights), it's assigned access to the "Goods and Services > Search" menu. However, when the user clicks on the menu item, an error appears:

The user does not have access to the "employee__all_salespeople"() function.

Actually, studying the error a bit longer, the problem is *within* the "employee__all_salespeople" function: it's the fact that the user with 'part_edit' rights doesn't have access to the (underlying) "person" table.

So then the question becomes a little bit different:

How are we going to hand out rights on tables like 'person' and 'company' without providing full insight into the company's operation to roles which are supposed to be severely limited in their access rights, such as "inventory_adjust" or "inventory_reports" (or even "part_edit")?

Should a user with part_edit have rights to view all sales in the company? If not, should the UI limit the number of available searches to exclude the sales people?

More importantly: does this apply to other factors in the system? (The list of customers, the list of employees, the list of ....?)

Concluding from the underlying cause mentioned above, yes, this applies widely to items in the system and I think we should be looking at the solution for this problem using the broader perspective of the many problems that it's supposed to solve.

Bye,

Erik.

http://efficito.com -- Hosted accounting and ERP.

Robust and Flexible. No vendor lock-in.

Re: Role 'parts_edit' has unusable menu item "Goods and Services > Search"?