View source | View content page | Page history | Printable version   

Projects:Role Access Extension





Currently, Openbravo security model allow to grant access to roles for different windows. It is also possible to exclude access for a tab within a granted window by using the table access. But more fine grained security for fields is no supported.

Feature overview

The objective of this project is to increase this security granularity making possible to define for a concrete role, in a window that has access to, which are the fields that cannot edit.

Users & use cases

The roles affected by this new feature are:


Functional specification

The way of granting/revoking editability will be:


Assuming the following window structure:

W1      (window)
|- T1   (tab)
   |-F1 (field)
Model Definition UI Notes
W1 T1 F1 F2 F1 F2
E - - - E E Current case
RO - - - RO RO Current case
E RO - - RO RO New/Save/Delete buttons disabled
E RO E - E RO New/Save/Delete buttons enabled
E E RO - RO E New/Save/Delete buttons enabled
E E RO RO RO RO New/Save/Delete buttons disabled

Technical specification

Model Changes

Two new tables to be created:

New tabs:

Server Side Changes

As these new settings are role specific, they must not be cached, so the implementation cannot be in the window generation side.

It must be implemented in WindowSettingsActionHandler which is called when instantiating a new window.

Client Side Changes

WindowSettingsActionHandler is invoked in OBStandardWindow.initWidget, the callback function where the new information regarding tab/window accesssibility to modify the required javascript objects.

User experience design





This feature development is tracked using the following issue(s): to-be-added




Retrieved from ""

This page has been accessed 2,519 times. This page was last modified on 8 June 2012, at 05:30. Content is available under Creative Commons Attribution-ShareAlike 2.5 Spain License.