Allow permission control for idempiereMonitor and OSGI console
Description
Actually idempiereMonitor and Felix console access is allowed just for hardcoded System role (AD_Role_ID=0).
This ticket is to make it configurable via the normal role configuration.
Idea is to create special records in Form and allow/disallow access in AD_Form_Access as usual.
Environment
None
Activity
Show:
Carlos Ruiz March 25, 2019 at 4:42 PM
Correct, idea is those pseudo-forms are "System only" access level.
Nicolas Micoud March 25, 2019 at 4:01 PM
If role is created on System client, I agree, it will be ok
Hiep Lq March 25, 2019 at 3:57 PM
i guess other roles but still only on system client
Nicolas Micoud March 25, 2019 at 3:45 PM
Hi , Nice feature
Just my 2 cents : If you add the access to GardenWorld Admin, a user will be able to open the iDempiere monitor. And so, he will see all schedulers (event those of others tenants). Did you plan to filter usgin client/role the schedulers table ?
And same for Logs ; any user will be able to read logs from all tenants. Isn't it a security hole ?
Major
Actually idempiereMonitor and Felix console access is allowed just for hardcoded System role (AD_Role_ID=0).
This ticket is to make it configurable via the normal role configuration.
Idea is to create special records in Form and allow/disallow access in AD_Form_Access as usual.