[Vtigercrm-developers] Dashboards/Widgets and Security...

Sreenivas Kanumuru svk at vtiger.com
Thu Apr 17 13:24:01 GMT 2014 

>
> *The issue comes with the Dashboard, esp. the History Widget, (and
> probably the Activity [modTracker] widget on the summary page too but I
> haven't checked that one). When they first tested logging as a Dealer they
> were limited to seeing their own Lead records which is fine and expected.
> But the Dashboard History Widget shows *all* activities. This could, for
> example, show that a Lead had been assigned to a different Dealer in the
> same country, or perhaps a derogatory comment regarding a Dealer/Customer).*


If Sharing Rules for "Leads" module is private then Dealer-A will not see
updates/comments on a Lead owned by Dealer-B.

--
Sreenivas Kanumuru
vtiger Team

Direct: +91 96323-55656
Skype: skanumuru

*Connect with us on: *Twitter <http://twitter.com/#%21/vtigercrm> *I*
Facebook <http://www.facebook.com/pages/vtiger/226866697333578?sk=wall> *I*
Blog <http://blog.vtiger.com/>* I*
Wiki<http://wiki.vtiger.com/index.php/Main_Page>
 *I *Forums  <http://forums.vtiger.com/>*I* Website <http://vtiger.com/>


On Thu, Apr 17, 2014 at 6:21 PM, Alan Lord <alanslists at gmail.com> wrote:

> On 04/04/14 14:23, Sreenivas Kanumuru wrote:
>
>> Alan,
>>
>> if Sharing Rule is set to private, History widget does not show updates
>> on records owned by superiors. Please confirm if Sharing Rule is set to
>> private.
>>
>
> The Sharing rule for what? I'm not sure I understand.
>
> The Calendar is always private, and in the list of modules I can see in
> the Sharing Rules settings doesn't show anything like dashboard or
> history...
>
> All the main entity modules are set as Private.
>
> I've just set this up on a dev server and sure enough, if I log in as
> subordinate role ("Dealers" - right at the bottom of a hierarchy) and
> enable the dashboard for this profile I can see all the comments added to
> Trouble Tickets. These comments were made by a user in a top-level role
> ("Administrators") and the Tickets I can see the comments of are unrelated
> to the user I have logged in as. The Tickets module is set as private and
> there are no Advanced Sharing Rules set and the Dealer User/Role is not
> part of any group. If I click on the link to the Ticket I am shown a blank
> page.
>
> Role Hierarchy
> --------------
>
> Organisation
> |-->Administrators
>     |-->Sales Management
>        |-->Dealers
>
> A bug or something wrong with our configuration? Can anyone reproduce this?
>
> Cheers
>
> Al
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140417/1b2fed4f/attachment.html>

More information about the vtigercrm-developers mailing list