
<div dir="ltr">True.</div><div class="gmail_extra"><br clear="all"><div><div><br></div><div><div>Z poważaniem / Regards</div><div>Błażej Pabiszczak</div><div>M: +48.884999123<br>E: <a href="mailto:b.pabiszczak@opensaas.pl" target="_blank">b.pabiszczak@opensaas.pl</a></div>


</div></div>

<br><br><div class="gmail_quote">2014-04-05 14:00 GMT+02:00  <span dir="ltr"><<a href="mailto:vtigercrm-developers-request@lists.vtigercrm.com" target="_blank">vtigercrm-developers-request@lists.vtigercrm.com</a>></span>:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send vtigercrm-developers mailing list submissions to<br>

        <a href="mailto:vtigercrm-developers@lists.vtigercrm.com">vtigercrm-developers@lists.vtigercrm.com</a><br>

<br>

To subscribe or unsubscribe via the World Wide Web, visit<br>

        <a href="http://lists.vtigercrm.com/cgi-bin/mailman/listinfo/vtigercrm-developers" target="_blank">http://lists.vtigercrm.com/cgi-bin/mailman/listinfo/vtigercrm-developers</a><br>

<br>

or, via email, send a message with subject or body 'help' to<br>

        <a href="mailto:vtigercrm-developers-request@lists.vtigercrm.com">vtigercrm-developers-request@lists.vtigercrm.com</a><br>

<br>

You can reach the person managing the list at<br>

        <a href="mailto:vtigercrm-developers-owner@lists.vtigercrm.com">vtigercrm-developers-owner@lists.vtigercrm.com</a><br>

<br>

When replying, please edit your Subject line so it is more specific<br>

than "Re: Contents of vtigercrm-developers digest..."<br>

<br>

<br>

Today's Topics:<br>

<br>

   1. Re: Dashboards/Widgets and Security... (Sreenivas Kanumuru)<br>

<br>

<br>

----------------------------------------------------------------------<br>

<br>

Message: 1<br>

Date: Fri, 4 Apr 2014 18:53:05 +0530<br>

From: Sreenivas Kanumuru <<a href="mailto:svk@vtiger.com">svk@vtiger.com</a>><br>

To: "<a href="mailto:vtigercrm-developers@lists.vtigercrm.com">vtigercrm-developers@lists.vtigercrm.com</a>"<br>

        <<a href="mailto:vtigercrm-developers@lists.vtigercrm.com">vtigercrm-developers@lists.vtigercrm.com</a>><br>

Subject: Re: [Vtigercrm-developers] Dashboards/Widgets and Security...<br>

Message-ID:<br>

        <<a href="mailto:CA%2BzQwC%2B6%2BL8Z5vpn4Rfwn8eSOkp9_BTy1e9RooXMbfQRCii0Pw@mail.gmail.com">CA+zQwC+6+L8Z5vpn4Rfwn8eSOkp9_BTy1e9RooXMbfQRCii0Pw@mail.gmail.com</a>><br>

Content-Type: text/plain; charset="iso-8859-1"<br>

<br>

Alan,<br>

<br>

if Sharing Rule is set to private, History widget does not show updates on<br>

records owned by superiors. Please confirm if Sharing Rule is set to<br>

private.<br>

<br>

thanks,<br>

Sreenivas<br>

<br>

<br>

<br>

On Fri, Apr 4, 2014 at 4:13 PM, Siam Translations LLP <<br>

<a href="mailto:info@siam-translations.com">info@siam-translations.com</a>> wrote:<br>

<br>

> Noticed the same. Exposing unwanted information should be understood as<br>

> security hole and<br>

> needs prioritized attention.<br>

><br>

><br>

> Andrew<br>

><br>

><br>

><br>

><br>

> On 04-04-2014 3:18 PM, Alan Lord wrote:<br>

><br>

>> Here's a use-case for VT6 that isn't really covered by the existing<br>

>> design of the Dashboard and other widgets from what I can tell.<br>

>><br>

>> We recently implemented VT6 for a customer and they are pretty happy with<br>

>> it. They sell hardware and services via a fairly small network of dealers.<br>

>><br>

>> They give each dealer a single login to vtiger with a fairly restrictive<br>

>> profile so they can basically just manage their Leads.<br>

>><br>

>> The issue comes with the Dashboard, esp. the History Widget, (and<br>

>> probably the Activity [modTracker] widget on the summary page too but I<br>

>> haven't checked that one). When they first tested logging as a Dealer they<br>

>> were limited to seeing their own Lead records which is fine and expected.<br>

>> But the Dashboard History Widget shows *all* activities. This could, for<br>

>> example, show that a Lead had been assigned to a different Dealer in the<br>

>> same country, or perhaps a derogatory comment regarding a Dealer/Customer).<br>

>><br>

>> Comments/Suggestions?<br>

>><br>

>> Cheers<br>

>><br>

>> Al<br>

>><br>

>> _______________________________________________<br>

>> <a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a><br>

>><br>

><br>

> _______________________________________________<br>

> <a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a><br>

><br>

-------------- next part --------------<br>

An HTML attachment was scrubbed...<br>

URL: <<a href="http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140404/8b0394e1/attachment-0001.html" target="_blank">http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140404/8b0394e1/attachment-0001.html</a>><br>


<br>

------------------------------<br>

<br>

_______________________________________________<br>

vtigercrm-developers mailing list<br>

<a href="mailto:vtigercrm-developers@lists.vtigercrm.com">vtigercrm-developers@lists.vtigercrm.com</a><br>

<a href="http://lists.vtigercrm.com/cgi-bin/mailman/listinfo/vtigercrm-developers" target="_blank">http://lists.vtigercrm.com/cgi-bin/mailman/listinfo/vtigercrm-developers</a><br>

<br>

<br>

End of vtigercrm-developers Digest, Vol 99, Issue 11<br>

****************************************************<br>

</blockquote></div><br></div>