[Vtigercrm-developers] Dashboards/Widgets and Security...

Sreenivas Kanumuru svk at vtiger.com
Fri Apr 4 13:23:05 GMT 2014


Alan,

if Sharing Rule is set to private, History widget does not show updates on
records owned by superiors. Please confirm if Sharing Rule is set to
private.

thanks,
Sreenivas



On Fri, Apr 4, 2014 at 4:13 PM, Siam Translations LLP <
info at siam-translations.com> wrote:

> Noticed the same. Exposing unwanted information should be understood as
> security hole and
> needs prioritized attention.
>
>
> Andrew
>
>
>
>
> On 04-04-2014 3:18 PM, Alan Lord wrote:
>
>> Here's a use-case for VT6 that isn't really covered by the existing
>> design of the Dashboard and other widgets from what I can tell.
>>
>> We recently implemented VT6 for a customer and they are pretty happy with
>> it. They sell hardware and services via a fairly small network of dealers.
>>
>> They give each dealer a single login to vtiger with a fairly restrictive
>> profile so they can basically just manage their Leads.
>>
>> The issue comes with the Dashboard, esp. the History Widget, (and
>> probably the Activity [modTracker] widget on the summary page too but I
>> haven't checked that one). When they first tested logging as a Dealer they
>> were limited to seeing their own Lead records which is fine and expected.
>> But the Dashboard History Widget shows *all* activities. This could, for
>> example, show that a Lead had been assigned to a different Dealer in the
>> same country, or perhaps a derogatory comment regarding a Dealer/Customer).
>>
>> Comments/Suggestions?
>>
>> Cheers
>>
>> Al
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140404/8b0394e1/attachment.html>


More information about the vtigercrm-developers mailing list