So, problem is very simple.
In our Sandbox, I have a user with the employee center role (the default one). They can create Purchase requests. They can modify them once created.
In production, same setup, they can create purchase requests but they can't modify them. There's no edit button.
Any ideas of why? Or where can I access those settings?
Related
We have a travel request application. where a user submit a request which should go into 2 stages of approval process before it gets Final Approval.
Now we did the following:-
Create a SharePoint list which contain those fields; Title, Description, StareDate, EndDate, FirstApproval (the requestor direct manager), SecondApproval (the requester regional approval), Statues (system-generated with those options; open, first-approved, second-approved, Final-Approved).
Power Apps, which send emails to the first-approval and the second-approval users , and show-hide the Approved & Reject buttons based on the item status.
Power Automate,to set item-level permissions, so for example when the item needs first-approval only the approval's direct manager can edit the item, while all stakeholders can read-only.
now the process is not 100% secure, as a requestor using API call or using SharePoint built-in forms, can easily create a new request and define its status as Final-Approved. so in other words the requestor can bypass the Power Apps business logic. so how we can secure our process? so if an item has a status = "Final-Approved", then we can 100% sure that it actually went through the 2 approvals users?
One Approach i am thinking of, is as follow:-
To create additional SharePoint list >> which stores the ItemID + ItemStatus.
Grant all users Read-Only on this new list while grant the service account Contribute.
Update this new list from Power automate Only. so for example only if the submitter's direct manager did the approval, to change the status inside the new list to First-Approved, and so on.. Also only if the submitter's regional manager approve the request + there is already an approval from the direct manager to change the status from First-Approved to Second-Approval.. so what ever the status is inside the new lit i can be sure that it has not been hacked, as end-user will have read-only on this new list.. can anyone advice please?
Thanks
I believe this question is not unique to you, many SharePoint developers need to make specific configurations or use some artifices to ensure a certain process developed in SharePoint.
Using exclusive/custom permission control into List and uses the PowerAutomate layer to conntrol List Item permission only to approver will secures some update from Rest API, for example.
If you want to block New Insert items and/or block Update items by PowerApps, you can substitute the instruction into "OnEdit" and/or "OnNew" events using ResetForm(SharePointForm1);; RequestHide();; with this instructions in these events block some user to create or update SharePoint Items.
Into SharePoint list settings, in advanced settings, you can disable attachments, disable comments in list item, disable search, disable quick edit, disable launch form in dialog.
I think that's all.
Is there a possibility where I can share the configuration of my boards and backlogs with the others in my team?
This way they all have the same columns and order columns that I have.
To configure (add, remove and order) columns in the "Boards/Backlogs" page, the users do not need any additional permission, as long as the users at least have the Reader permission in the project.
Each user can configure the columns on the "Boards/Backlogs" page on his own side. All the changes each user does for columns can only be applied to the "Boards/Backlogs" page on his own side, and not affect on other users' sides.
So, if you want your other team members have the same columns and columns order with that of you on the "Boards/Backlogs" page, you can ask the members to add, remove and order the columns on their own side following the style on your side. For more details, you can see "Change column options".
To configure the "Boards/Boards" page, you need the permissions for configuring team settings. To configure team settings, you must be added to the team administrator role or be a member of the Project Administrators security group.
Only the Administrator users can configure the "Boards/Boards" page. The style configured by the Administrator users is applied to the whole team. That means all the members in your team will see the same things on the "Boards/Boards" page. So, you do not need to grant every team member the permissions to configure the "Boards/Boards" page. Just you Administrator users have the related permissions is OK.
Hello I'd like restrict all users to just access the Work Center with ID = 1
I added a record rule for mrp.workcenter and added the domain filter [('id','=',1)]. But still I can see all the work centers...
Any ideas?
Given domain is correct and work fine.
You can see all the records from admin login. But if you can login from other user, suppose Manufacturing Manager than they can see only one record(I mean id=1).
By default, there are no any rules are apply to admin user. Please check it from other user.
define access rules in security/ir.model.access.csv there you can set rights for create, edit, view and delete for specific groups
I have created a form for a specific group of users in my CRM 2011 system. I want only them to be able to see this form. I can copy their a security role and set the form for this security role only, but I will have a a problem:
they are currently in a security role with another group of users. If I copy the security role, the will not longer see the specific customization's all over across the system.
I only want one form to be different from the others. Is there any way I can find all the forms that are enabled for the specific security role (in order to give the new role this rights too)?
Assumptions based on your question: You already have default form for the entity that is used by all users (All Users). You want to add an additional form to that entity that is only available to some of the users (Select Users). All Users are currently assigned a security role that gives them the necessary access to the system.
Create a new security role (Form Specific Role). You don't have to give this role any privileges just a name.
Assign the Select Users the Form Specific Role. Do NOT remove their other security role(s).
Add the new form the entity, Restricted Form.
Highlight the new form and click Enable Security Roles. Select the option Display only to these selected security roles and select the Form Specific Role you created in step # 1. Make sure Enabled for fallback is unchecked. Click Ok.
From the forms list Form Order and select Main Form Set (or the appropriate form type if you are working on a Mobile or Quick Create Form.
Use the Up/Down arrows to make the new, Restricted Form, the top choice.
Save and Publish all changes.
Now whenever a user that has been assigned the security role accesses this entity their default form choice will be the Restricted Form. There will be NO impact to any other forms they are accessing or any of their privileges in the rest of the system, as required by your problem statement.
I have an application where an user can belong to many companies. The user access the company portal via compnaysubdomain.example.com). When an user access a compnay portal I have to update the roles he have for that company (By checking the subdomain and the database).
I created a request event listener for that, which parses the subdomain, queries the database and adds the new roles to the user. The problem is I need to be able to to access the security context so I can update the user roles, so my listener priority has to be less than Firewall priority. But, if firewall listener is executed first, It checks for the user Roles immediatly which are not updated yet based on the company.
Any suggestions?. May be I need to implement a Custom Firewall Listener or something like that. I dont want to overcomplicate.
Thank you.
Ok. I have decided to create A Firewall listener to achieve this.
I followed the tutorial http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html but only created the Firewall LIstener. The token and provider I am using the one that I was already using.