[Vtigercrm-developers] Security

[Prasad]

Pricebook does not have assigned owner so it is kindly of public record.
For those module having assigned owner - Role based sharing access applies
for reading / writing.

*Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I* Facebook
<http://www.facebook.com/pages/vtiger/226866697333578?sk=wall> *I* Blog
<https://blogs.vtiger.com/>* I* Wiki
<http://wiki.vtiger.com/index.php/Main_Page> *I *Forums
<https://discussions.vtiger.com>*I* Website <https://www.vtiger.com/>

On Tue, Sep 30, 2014 at 4:44 PM, Pabiszczak, Błażej <
b.pabiszczak at opensaas.pl> wrote:

> Who is this question to? To me or to Vtiger?
>
>
> Z poważaniem / Regards
> Błażej Pabiszczak
> M: +48.884999123
> E: b.pabiszczak at opensaas.pl
>
> 2014-09-30 9:54 GMT+02:00 Alan Bell <alan.bell at libertus.co.uk>:
>
>>  On 30/09/14 08:45, Pabiszczak, Błażej wrote:
>>
>>
>>  You can change any records from pricebook module
>>
>>
>>  Please edit pricebook record change manually recordid to other (e.g.
>> some account) and save.
>>
>>  I have noticed this one before, or similar, if you are in any entity
>> and you change the record in the URL it will load the page but with no
>> relevant data on it. In 5.4 series it would say " Record you are trying
>> to access is not found. Go Back." I figured it was just loading the
>> wrong entity through the form, does it actually get around the security and
>> allow you to update an entity that you wouldn't otherwise be able to
>> see/update?
>>
>> Alan.
>>
>>
>> --
>> Libertus Solutionshttp://libertus.co.uk
>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140930/928f49fc/attachment.html>