All users can view setup module!

‎Hi guys, 

Trust everyone's doing great. I observed that in version 4 all users have access to the ‎Setup module through the All Applications module. For many administrators, this is a no-no! Granted that they can't create or modify but why should all users see things like all roles created on the system, user permission manager, company information etc if they have no business there? It's a different thing if the user has been given rights like setting user permissions or system manager. 

All this wouldn't have been an issue if we could simply hide the All Applications module just like every other module but alas, it doesn't work! We've tried un-checking the module in the show/hide module panel under setup but it doesn't get hidden! I'm not sure of the logic behind making this module compulsory for all users unless of course if it's a bug?

Please advise 


Kind regards,
Olawale‎



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/20140902095147.5378181.59246.10070%40xavierltd.com.

For more options, visit https://groups.google.com/d/optout.

Can you add this to GitHub Issues?


On 02-Sep-2014, at 3:21 pm, wa...@xavierltd.com wrote:

‎Hi guys, 

Trust everyone's doing great. I observed that in version 4 all users have access to the ‎Setup module through the All Applications module. For many administrators, this is a no-no! Granted that they can't create or modify but why should all users see things like all roles created on the system, user permission manager, company information etc if they have no business there? It's a different thing if the user has been given rights like setting user permissions or system manager. 

All this wouldn't have been an issue if we could simply hide the All Applications module just like every other module but alas, it doesn't work! We've tried un-checking the module in the show/hide module panel under setup but it doesn't get hidden! I'm not sure of the logic behind making this module compulsory for all users unless of course if it's a bug?

Please advise 


Kind regards,
Olawale‎



You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/20140902095147.5378181.59246.10070%40xavierltd.com.

For more options, visit https://groups.google.com/d/optout.




You received this message because you are subscribed to the Google Groups “ERPNext User’s Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to erpnext-user-forum+un…@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/erpnext-user-forum/FD94DA69-8292-446E-B010-445A572C2F4A%40gmail.com.

For more options, visit https://groups.google.com/d/optout.

Has this been addressed? I am setting up some customer permissions and unless this security hole is removed then there is no chance we can allow customers in to use the System :frowning:

Hi there,

This has only been fixed in the upcoming version 5 by making ‎the listing within All Applications non-clickable. If this is a critical issue for you then I suggest you hold on till version 5 hits the shelves (which will be very soon hopefully)

Cheers!

Kind regards,

Just making the option in the All Applications unclickable is fine - But you’re saying it’s “only” fixed in v5 and I should wait for v5 to hit the shelves - do you mean there’s a v5 beta that’s usable now? We are on frappecloud so I’d assume we will only receive v5 once it’s fully released?

This has been fixed in v4 and will be released to frappecloud users today.

@anand that is great news! :smile:

Awesome!

Kind regards,

Olawale

@anand you can no longer click the TEXT “Setup” but you can still click the ICON which allows you to get into the Setup area. Bummer, I was really looking forward to this being fixed :frowning:

Any chance it’s a quick fix to disable the ICON as well?

Oops. Didn’t see that. Will fix it today.

@anand you’re a star! Looking forward to tomorrow to do a proof of concept with some “internal customers”!

Cheers.

@anand any ETA on the release of this fix? I had assumed overnight but it didn’t happen - possibly I confused “fix” with “release” :smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.