[Vtigercrm-developers] backdoor

Sreenivas Kanumuru svk at vtiger.com
Mon Mar 17 10:24:33 GMT 2014 

Jonathan, i see your point. We have these choices currently in the Role -
Assigned To Setting.

1 - All users
2 - Users with same role or subordinate role
3.- Users with subordinate role

For options #2 and #3, we should only allow them to assign to groups that
do not have any higher role members. We will fix this in next version.

Regards,

Sreenivas


--
Sreenivas Kanumuru
vtiger Team

Direct: +91 96323-55656
Skype: skanumuru

*Connect with us on: *Twitter <http://twitter.com/#%21/vtigercrm> *I*
Facebook <http://www.facebook.com/pages/vtiger/226866697333578?sk=wall> *I*
Blog <http://blog.vtiger.com/>* I*
Wiki<http://wiki.vtiger.com/index.php/Main_Page>
 *I *Forums  <http://forums.vtiger.com/>*I* Website <http://vtiger.com/>


On Mon, Mar 17, 2014 at 3:35 PM, Jonathan Sardo <sardoj at gmail.com> wrote:

> Sreenivas,
>
> It's true for users, but the problem exist with groups.
> A user can assign data to all groups. I think it is a security hole.
>
> Regards,
>
> Jonathan SARDO
> [image: Images intégrées 5]
>
>
> 2014-03-17 10:57 GMT+01:00 Sreenivas Kanumuru <svk at vtiger.com>:
>
>> In Vtiger 6, In Role Settings, for users with a given role, you can
>> choose whether to show all users in Assigned To list or only users with
>> same or below role.
>>
>> Regards,
>> Sreenivas
>>
>>
>>
>> --
>> Sreenivas Kanumuru
>> vtiger Team
>>
>> Direct: +91 96323-55656
>> Skype: skanumuru
>>
>> *Connect with us on: *Twitter <http://twitter.com/#%21/vtigercrm> *I*
>> Facebook <http://www.facebook.com/pages/vtiger/226866697333578?sk=wall>
>> *I* Blog <http://blog.vtiger.com/>* I* Wiki<http://wiki.vtiger.com/index.php/Main_Page>
>>  *I *Forums  <http://forums.vtiger.com/>*I* Website <http://vtiger.com/>
>>
>>
>> On Sun, Mar 16, 2014 at 5:27 PM, Siam Translations LLP <
>> info at siam-translations.com> wrote:
>>
>>> User which cant assign anything to the parent users (Users having Same
>>> Role or Subordinate Role)
>>> Can anyway see all other users what might be not coveted in some
>>> organizations  ... index.php?module=Users&view=List
>>>
>>> Regards
>>> Andrew Smith
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140317/aca9e1d6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 4223 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140317/aca9e1d6/attachment-0001.png>

More information about the vtigercrm-developers mailing list