Security levels inside Managament


#43

@emre I just noticed an issue: If I create a new role and define management permissions, I cannot give access to Users.Role List to that role, otherwise they can go in and change the management permissions. That’s is fine.

However, if I give the role access to Users.User List, which typically you would do, as you would want to say allow a manager to add new users, the user can also delete any user, including the ones with “higher” permissions than themselves. This essentially means if we have a “support” role with full permissions, then a “manager” role with management permissions set but access to create new users, the manager can delete the support user and therefore remove all admin / support access to the system. The only way to fix would be going into the database and re-creating the user manually via the database.

Is there any way we can have something in place to stop this happening?


#44

@emre Products.Product List is not working but Products.Price List Editor working well what might be the issue?


#45

I got it, I needed to restart, Thanks