Regular user can edit other employees information

**moonvn** · 2007-12-20, 04:11 AM

Hi,

I searched for my issue and found this report. However my case is a little bit different.
http://www.sugarcrm.com/forums/showt...ight=Employees

1. Login as normal user.
2. Click on Employees link.
3. Click on an employee and edit that record.

Result: that record is save with amended information.

My expectation is a user can not edit other employee information.

I'm using 5.0 beta2

Which role should I set ? Please help.

Thanks in advance.

**andydreisch** · 2007-12-20, 06:42 PM

Hi moonvn, this was addressed some time ago and our GA release does not exhibit this problem. You can verify this in our demo site if you'd like.

Since Beta2 there have been countless bug fixes that you're not taking advantage of. This is why Sugar does not support production use of pre-GA versions (which are meant exclusively for testing purposes).

Andy

**moonvn** · 2007-12-26, 04:02 AM

Originally Posted by andydreisch

Hi moonvn, this was addressed some time ago and our GA release does not exhibit this problem. You can verify this in our demo site if you'd like.

Since Beta2 there have been countless bug fixes that you're not taking advantage of. This is why Sugar does not support production use of pre-GA versions (which are meant exclusively for testing purposes).

Andy

Hi Andy,

Thank you very much for your prompt in reply.

I will setup the released version then

Best regards,

Moon

**agcopley** · 2008-04-04, 03:20 PM

Funny...I am using 5.0.0bCE and this problem is still there! I have a feeling this bugfix was unfixed...QA issues here again.

Thanks
Andrew

**JVWay** · 2008-04-04, 04:29 PM

Maybe that's a CE thing. I'm running 5.0.0b enterprise and cannot edit employees with a regular user. I have assigned a Role that allows virtually everything but I am not an admin.

So you might double check that. It would be interesting to know if it's a CE thing or not.

**agcopley** · 2008-04-05, 07:16 PM

Originally Posted by JVWay

Maybe that's a CE thing. I'm running 5.0.0b enterprise and cannot edit employees with a regular user. I have assigned a Role that allows virtually everything but I am not an admin.

So you might double check that. It would be interesting to know if it's a CE thing or not.

Naaa..it turns out that I can edit only my own details...however this is still wrong! Should be an admin activity.

Thanks
Andrew

**kuske** · 2008-04-05, 08:18 PM

I tested this in 5.0.0b and normal users do not have the right to edit other users here in my clean installation.
Even if I hack the calling link from DetailView ti EditView the system gives the correct answer
"Unauthorized access to administration."

The fact that a user can edit his own details could be a feature, isn't it?

Thread: Regular user can edit other employees information

LinkBack

Thread Tools

Search Thread

Display

Regular user can edit other employees information

Re: Regular user can edit other employees information

Re: Regular user can edit other employees information

Re: Regular user can edit other employees information

Re: Regular user can edit other employees information

Re: Regular user can edit other employees information

Re: Regular user can edit other employees information

Thread Information

Users Browsing this Thread

Similar Threads

report to in USER INFORMATION

How can i assign permission to the edit contact of a user

Cannot Login

Bookmarks

Bookmarks

Posting Permissions