[Vtigercrm-developers] Security bug I believe
Tony Sandman
tonysandman999 at gmail.com
Sat Jan 9 05:01:48 GMT 2021
So, I have PO and a related list of Vendors.
The Users (limited access) have read access to PO through Group.
The Vendors module is private. All cool as the user cannot see any vendor
not assigned to him BUT... if the admin adds all other vendors to the
related list of mentioned PO, limited access users can see all columns from
Vendors in this related list.
Emails, names, phone numbers whatever is defined.
Do you agree this is something unwanted?
T
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210109/70edeebd/attachment.html>
More information about the vtigercrm-developers
mailing list