Odoo Addons (MOVED TO GITHUB)

[6.0] new user - much too many access rights

Bug #719063 reported by Ferdinand on 2011-02-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Odoo Addons (MOVED TO GITHUB)	Fix Released	Low	OpenERP R&D Addons Team 3	Odoo Addons (MOVED TO GITHUB) 6.1

Bug Description

Employee and Partner Manager are assigne by default to each new user
IMHO much to much ...
see screenshot ( I didn't check yet if an Employee sees only "his" payslip...) but he sees all other employees and can print ther attendence liste etc. a bit to much for my taste

IMHO only the bare necessary access rights should be given to a group "Login"

I think of users who should only have access to wiki or documents for example (external consultants)

Related branches

lp:~openerp-commiter/openobject-addons/trunk-dev-addons3-psi2

Merged into lp:~openerp-dev/openobject-addons/trunk-dev-addons3

Purnendu Singh (OpenERP): Needs Resubmitting on 2011-02-16

Mustufa Rangwala (Open ERP): Needs Fixing on 2011-02-16

lp:~openerp-dev/openobject-addons/trunk-bug-719063-atp

Rejected for merging into lp:openobject-addons

OpenERP Core Team: Pending requested 2011-02-18

lp:~openerp-dev/openobject-addons/trunk-bug-719063-pso

Rejected for merging into lp:openobject-addons

qdp (OpenERP): Disapprove on 2011-09-15

Mustufa Rangwala (Open ERP) (community): Approve on 2011-07-12

Ujjvala Collins (community): Needs Resubmitting on 2011-07-12

Purnendu Singh (OpenERP) (community): Needs Resubmitting on 2011-06-08

Ashvin Rathod (OpenERP) (community): Needs Resubmitting on 2011-06-03

Priyesh (OpenERP) (community): Needs Resubmitting on 2011-04-28

Revision history for this message

Ferdinand (office-chricar) wrote on 2011-02-14:

access.png Edit (66.3 KiB, image/png)

Revision history for this message

Amit Parik (amit-parik) wrote on 2011-02-15:

Changed in openobject-addons:
assignee:	nobody → OpenERP R&D Addons Team 3 (openerp-dev-addons3)
importance:	Undecided → Low
status:	New → Confirmed

Meera Trambadia (OpenERP) (mtr-openerp) on 2011-02-15

Changed in openobject-addons:
status:	Confirmed → In Progress

Mustufa Rangwala (Open ERP) (mra-tinyerp) on 2011-02-15

Changed in openobject-addons:
milestone:	none → 6.1

Revision history for this message

Purnendu Singh (OpenERP) (purnendu-singh) wrote on 2011-02-16:

hello,

I fixed this bug for all hr_* modules in lp:~openerp-commiter/openobject-addons/trunk-dev-addons3-psi2 branch.

Revision no: 4649
Revision Id: <email address hidden>

Thanks
PSI

Changed in openobject-addons:
status:	In Progress → Fix Committed

Revision history for this message

Mustufa Rangwala (Open ERP) (mra-tinyerp) wrote on 2011-02-16:

Purnendu,

For hr_expense not working

Changed in openobject-addons:
status:	Fix Committed → Confirmed

Purnendu Singh (OpenERP) (purnendu-singh) on 2011-02-16

Changed in openobject-addons:
status:	Confirmed → In Progress

Revision history for this message

Purnendu Singh (OpenERP) (purnendu-singh) wrote on 2011-02-16:

Hello,

Changes for hr_expense is done, and it's working fine now.

Thanks

Changed in openobject-addons:
status:	In Progress → Fix Committed

Revision history for this message

Mustufa Rangwala (Open ERP) (mra-tinyerp) wrote on 2011-02-16:

Addons3 team has done changes for hr modules.

For crm related module changes will be done by Addons1 Team.

thanks,
mra

Changed in openobject-addons:
status:	Fix Committed → Confirmed
assignee:	OpenERP R&D Addons Team 3 (openerp-dev-addons3) → OpenERP R&D Addons Team 1 (openerp-dev-addons1)

Atul Patel(OpenERP) (atp-openerp) on 2011-02-17

Changed in openobject-addons:
status:	Confirmed → In Progress

Revision history for this message

Atul Patel(OpenERP) (atp-openerp) wrote on 2011-02-17:

Hello,

It has been fixed in https://code.launchpad.net/~openerp-dev/openobject-addons/trunk-bug-719063-atp branch for all crm_* Modules.

Revision no: 4424
Revision Id: <email address hidden>

Thanks

Changed in openobject-addons:
status:	In Progress → Fix Committed

Revision history for this message

tfr (Openerp) (tfr) wrote on 2011-02-18:

this a choice made by us.

by default, new user should be usuable for the saas offer and little company that want to use openerp with a minimal configuration.
If it's a bigger company they just need to take few min to configure each user as they want

Changed in openobject-addons:
status:	Fix Committed → Won't Fix

Revision history for this message

Purnendu Singh (OpenERP) (purnendu-singh) wrote on 2011-02-18:

hello,

As tfr(OpenERP) set this bug to won't fix, we are reverting all the change of hr_* modules from
lp:~openerp-dev/openobject-addons/trunk-dev-addons3 branch

Thanks
PSI

Mustufa Rangwala (Open ERP) (mra-tinyerp) on 2011-02-18

Changed in openobject-addons:
milestone:	6.1 → none

Revision history for this message

Olivier Dony (Odoo) (odo-openerp) wrote on 2011-02-18:

#10

Wait, wait, this needs clarifications, it is not fully "won't fix". Here is a summary:

1. We do want new users to have "Employee" and "Partner Manager" groups by default, because this is a must have for users that are created for the purpose of giving access to colleagues in most SMB or SaaS deployments. This is the most common case, so it is the default.
2. For other specific cases (like giving access to external users), assigning (or removing) groups is part of setting up the new users, according to their profiles. Note that there is the "share" module specifically dedicated to sharing data with external users, and it takes care of the basic group/rule setup.
3. By default we want members of "Employee" to be able to see the list of Employees, because in most companies people need to access the "phone book" of the company, and this is how it is done. We have setup special view restrictions on Employee form, so that other Employees can only see basic contact info (phone, job position, picture). You need to be part of HR to see more than that.

We need to make everything consistent with these 3 rules, therefore normal Employees should not indeed be able to see the Payslips or Evaluations of other employees, this is for HR/User (i.e HR Officers) only.
Therefore, some of the patches done by addons3 team are good, but some are not (i.e. Employees must be able to see other Employees, but not all their data). I hope this clears up the situation.

Note to developers: please respect the new convention for naming bugfix branches (like atp) to make the review/merge task easier, and avoid putting everything in the same branch. See guidelines or contact your team leader for more explanations.

Changed in openobject-addons:
status:	Won't Fix → In Progress

Revision history for this message

Ferdinand (office-chricar) wrote on 2011-02-21:

#11

@Olivier
Just had a look into the access list of Emlpoyees and find
* accounting
* calendar
* crm
* hr
* mrp
* product
* project
* stock
without further invetigation and for more complex not SAAS I assume that a separation beween "Login" and "Employee" rights would ease a more complex setup
and a default SAAS employe could be member of 3 groups too

Revision history for this message

tfr (Openerp) (tfr) wrote on 2011-03-15:

#12

This bug has been treated from addons1 team, is it ok for the team3, in this case we can release the bug.

Changed in openobject-addons:
assignee:	OpenERP R&D Addons Team 1 (openerp-dev-addons1) → OpenERP R&D Addons Team 3 (openerp-dev-addons3)

Revision history for this message

Priyesh (OpenERP) (pso-openerp) wrote on 2011-03-29:

#13

Hello,

According to Olivier's suggestion, I have made changes for timesheet and payslips. Its fixed in
https://code.launchpad.net/~openerp-dev/openobject-addons/trunk-bug-719063-pso

Rev-no: 4609
Revision-Id: <email address hidden>

This branch will be merged soon with Addons branch.

Thanks.

Changed in openobject-addons:
status:	In Progress → Fix Committed

Mustufa Rangwala (Open ERP) (mra-tinyerp) on 2011-04-06

Changed in openobject-addons:
milestone:	none → 6.1

Revision history for this message

qdp (OpenERP) (qdp) wrote on 2011-05-31:

#14

not at all commited... merge proposal disaprooved, i need explanation

Changed in openobject-addons:
status:	Fix Committed → Confirmed

Ashvin Rathod (OpenERP) (ara-tinyerp) on 2011-06-03

Changed in openobject-addons:
status:	Confirmed → In Progress

Revision history for this message

Ashvin Rathod (OpenERP) (ara-tinyerp) wrote on 2011-06-03:

#15

Hello,

Its fixed in lp:~openerp-dev/openobject-addons/trunk-bug-719063-pso branch. It will be merge soon with trunk addons.

Revision ID: <email address hidden>
Revision No: 4610

Thanks.

Changed in openobject-addons:
status:	In Progress → Fix Committed

Purnendu Singh (OpenERP) (purnendu-singh) on 2011-06-08

Changed in openobject-addons:
status:	Fix Committed → In Progress

Revision history for this message

Purnendu Singh (OpenERP) (purnendu-singh) wrote on 2011-06-08:

#16

Hello,

Its fixed in lp:~openerp-dev/openobject-addons/trunk-bug-719063-pso branch. It will be merge soon with trunk addons.

Revision ID: <email address hidden>
Revision No: 4611

Thanks.

Changed in openobject-addons:
status:	In Progress → Fix Committed

Revision history for this message

qdp (OpenERP) (qdp) wrote on 2011-09-15:

#17

We made most of what we decided. Before release of v6.1, we will clean and correct the access rights for HR module that only remains, but in the meanwhile and for the sake of clarity, let me set this bug as fix released.

thanks

Changed in openobject-addons:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

access.png Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.