Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Actual user permission issue...
09-11-2019, 12:00 AM,
Actual user permission issue...

I would like to ask the next question about the permissions of the actual operator.

For example, I am the head of the company. I hope that the salesperson only knows the quantity of the product and the price of the sale. It doesn't need to know the name and price of the supplier.

However, when I set the salesperson authority to only sell and collect money, the menu in the upper right corner still displays “supplier”. After entering, although the supplier information cann't be modified, the supplier's supply price can still be seen from the entering of left side.

The reverse is also same, the purchasing staff should only see the quantity and purchase price of the supplier, but should not see the price of the salesperson and the customer's information. (Of course, I haven’t done this step yet. I don’t know if I can see the sales price and customer information?)

If it have this feature, please let me know. if there is no such feature, I suggest to add this feature.


09-11-2019, 12:54 AM,
RE: Actual user permission issue...
The security system in webERP is a little complex, but very versatile. You should make sure you have read and fully understood the manual section on this. Many years ago I wrote a blog post on the subject, which I thought Phil had copy and pasted into the web site, but at a quick look I can't find it.
Basically you have a set of security tokens which you can add to with your own customised tokens if you want (SecurityTokens.php). Groups of tokens can be assigned to various user defined job roles (WWW_Access.php) - you can create as many job roles as you like - and each user is assigned a job role. Each script has a security token assigned to it (WWW_Users.php). To use that script the user must have that token in the set of tokens assigned to their job role. They may still see links to that script, but if they try to access it they won't be able to.
So in your example, the "Suppliers" link in the top menu, is attached to the SelectSupplier.php script. If the salesman doesn't have the security token for that script in their job role then they won't be able to access that script.
There are also some hard coded security tokens. One of particular interest to your case is token number 12. A user without this token in their job role cannot see prices, even if they have access to the scripts where prices are displayed.
The first thing I do on setting up a new client is to sit them down and go through the security setup. It is key in getting the installation right, so that it can be used to the maximum efficiency whilst hiding stuff you want hidden.

09-11-2019, 01:05 AM, (This post was last modified: 09-11-2019, 01:59 AM by ALEXSHEN.)
RE: Actual user permission issue...
Hi Tim,

Ok, understand.

I don't have a very specific description at hand, but I understand what you mean. I think I can slowly try to achieve my requirements through different security tokens.

Thanks a lot!!!

Hi Tim,

Ok, solved it.

Thanks again


Forum Jump:

Users browsing this thread: 1 Guest(s)