[Erp5-users] how to design security
Jean-Paul Smets
jp at nexedi.com
Thu Jun 21 15:43:56 CEST 2007
bartek a écrit :
> gunjan jhunjhunwala wrote:
>> hi,
>> I am a novice in erp5 and I'm trying to study it from the wiki and
>> other docs around the web.
>>
>> According to Base_setDefaultSecurity[1], it says that associate has
>> only the common functions but not the power to modify.
>
> Not necessarily - Base_setDefaultSecurity contains default security
> settings, but they are meant to be changed.
>
>> I think Associate should be replaced with Assignee in above case or wiki
>
I agree. Associate in this case should be Assignee. I already discussed
this with bartek. I think this makes the howto a bit confusing (although
the rest is good).
It is quite simple:
Author : a person who can create a document in a module
Assignee : the person in charge of processing the document, who has been
assigned a task by an assignor
Assignor : the person in charge of reviewing / validating / assigning tasks
Auditor : someone who can view the document (sooner or later) but is not
really involved in the process
Associate : someone else who is involved in the process (more than as a
simple Auditor) but is not under the reponsability of the Assignor.
Example: (reception process)
- a person P1 receives goods. He is Assignee on that packing list
(in charge of validating the content of the packing list)
- a person P2 is an accounting agent. He is Assignee on the purchase
invoice which corresponds to the previous packing list
- P1 will be Asscociate for that purchase invoice (so that he can
for example do a validation step, although he is not in the accounting
department)
- a person P3 is an accounting manager. He is Assignor on the
purchase invoice
- the CEO has the right to view everything. He is Auditor on everything.
- there is also a person P4 who is Assignor on the packing lists and
reviews the tasks of P1
P1: Assignee on packing list, Associate on purchase invoice
P2: Assignee on Purchase Invoice,
P3: Assignor on Purchase Invoice
CEO: Auditor on everything
P4: Assignor on Packing List, Auditor on Purchase Invoice for which P1
is Associate
> It can be argued - playing with security model is more an art then a
> science. In this case, I think Associate is appropriate because it is
> a person who is expected to cooperate with the author because he works
> with him, he is the
You are right, it is more art than science. But for pedagogy, it is
better to make a good example with Assignor / Assignee first. This is
the base concept. Then introduce Associate for cases where people who
are Assignee for one kind objects must interact with other people who
are Assignee on other kinds of objects.
> Author's "team-mate". An Assignee would be somebody to whom the
> certain task is more or less explicitly "assigned". For example, if
> the document in question was related to a project, then people working
> on that project could be classified as Assignees in the context of the
> document.
>
If I find time, I will rewrite a bit the howto so that it focuses on
Assignor / Assignee first. Otherwise, we will see everyone using
Associate instead of Assignee.
> If I'm wrong, somebody correct me please.
>
> Bartek
>
>> document[2] should redefine the common_permission_list.
>>
>> Please let me know about your opinion.
>> [1]
>> http://svn.erp5.org/*checkout*/erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_setDefaultSecurity.xml?revision=11320&content-type=text%2Fplain
>> <http://svn.erp5.org/*checkout*/erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Base_setDefaultSecurity.xml?revision=11320&content-type=text%2Fplain>
>>
>> [2] http://wiki.erp5.org/HowToDesignSecurity
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Erp5-users mailing list
>> Erp5-users at erp5.org
>> http://erp5.org/mailman/listinfo/erp5-users
>
>
More information about the Erp5-users
mailing list