[Vtigercrm-developers] Dashboards/Widgets and Security...
Siam Translations LLP
info at siam-translations.com
Fri Apr 4 10:43:01 GMT 2014
Noticed the same. Exposing unwanted information should be understood as
security hole and
needs prioritized attention.
Andrew
On 04-04-2014 3:18 PM, Alan Lord wrote:
> Here's a use-case for VT6 that isn't really covered by the existing
> design of the Dashboard and other widgets from what I can tell.
>
> We recently implemented VT6 for a customer and they are pretty happy
> with it. They sell hardware and services via a fairly small network of
> dealers.
>
> They give each dealer a single login to vtiger with a fairly
> restrictive profile so they can basically just manage their Leads.
>
> The issue comes with the Dashboard, esp. the History Widget, (and
> probably the Activity [modTracker] widget on the summary page too but
> I haven't checked that one). When they first tested logging as a
> Dealer they were limited to seeing their own Lead records which is
> fine and expected. But the Dashboard History Widget shows *all*
> activities. This could, for example, show that a Lead had been
> assigned to a different Dealer in the same country, or perhaps a
> derogatory comment regarding a Dealer/Customer).
>
> Comments/Suggestions?
>
> Cheers
>
> Al
>
> _______________________________________________
> http://www.vtiger.com/
More information about the vtigercrm-developers
mailing list