Allow permission control for idempiereMonitor and OSGI console

Description

Actually idempiereMonitor and Felix console access is allowed just for hardcoded System role (AD_Role_ID=0).

This ticket is to make it configurable via the normal role configuration.

Idea is to create special records in Form and allow/disallow access in AD_Form_Access as usual.

Environment

None

Activity

Show:
Carlos Ruiz
March 25, 2019, 4:42 PM

Correct, idea is those pseudo-forms are "System only" access level.

Nicolas Micoud
March 25, 2019, 4:01 PM

If role is created on System client, I agree, it will be ok

Hiep Lq
March 25, 2019, 3:57 PM

i guess other roles but still only on system client

Nicolas Micoud
March 25, 2019, 3:45 PM

Hi ,
Nice feature

Just my 2 cents :
If you add the access to GardenWorld Admin, a user will be able to open the iDempiere monitor.
And so, he will see all schedulers (event those of others tenants).
Did you plan to filter usgin client/role the schedulers table ?

And same for Logs ; any user will be able to read logs from all tenants.
Isn't it a security hole ?

Regards,

Nicolas

Fixed

Assignee

Carlos Ruiz

Reporter

Carlos Ruiz

Labels

None

Tested By

None

Priority

Major