When creating a sales order in the field « Salesperson » in Sales follow-up panel, one can select from a list of users. Administrators can select any user but for regular users the list contains only themselves.
I need to allow certain user to select any other user in that field but I don’t want to make them administrators. What is the required permission to do that?
TIA
Hello @pkouvarakis ,
It is the restriction (condition, params) on the perm.auth.User.rwc permission that causes this.
Removing this restriction to reproduce the behavior is possible. Please note that this can create security holes for standard users. In any case, you have to check.
Use other permissions/roles instead.
Regards,
First of all sorry for the late reply.
Thank you for pointing me in the right direction.
Indeed removing the condition solves my issue but of course as you say opens up a security hole.
So first I tried adding perm.auth.User.r which does not have a condition hoping it would override the condition in perm.auth.User.rwc just for the read operation, but it didn’t make any difference.
Then I removed perm.auth.User.rwc from the role and added a new permission perm.auth.User.wc which is same as perm.auth.User.rwc but without read access. This way I was hoping to give unconditional read access and write access based on condition. This partly worked. The user could select any user in salespersonUser but also allowed modification of any user (even though the write access permission included a condition).
It appears that conditions are only applied on read permissions. This means that a user cannot have read only permission on some items but read/write on others. Is that so by design?
