OroPlatform Forums

Covering OroPlatform topics, including community updates and company announcements.

Forums Forums OroPlatform OroPlatform – Security Change ownership type for ORO's entities

This topic contains 6 replies, has 2 voices, and was last updated by  Alex Medvedev 9 years, 4 months ago.

Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.

  • Creator
    Topic
  • #35484

    Alex Medvedev
    Participant

    Hi guys!

    Suppose i use “Business Unit” security schema (for simplicity) for ORO’s Contact entities and i need to make users belongs to Business Unit “A” possible to view ORO Contact B entity.
    Nowadays i need to set owner id of this contact B to one of the participants C of Business Unit A.
    But the problem is that when user C would move to another Business Unit, all the A’s participants will lose ability to view contact B because of user C’s affiliation to another Business Unit. To solve this problem i should create something like ‘system’ user belongs to A, that can not be moved from A to anywhere and that should be used to link target contacts entities to A.
    When contacts are created automatically (for example during some sync process or etc) the logic to determine system users (belongs to Business Unit needed) to set as owner of creating entities seems to be a little bit more ugly.

    In this case ability to change ownership type “USER” to “BUSINESS UNIT” would be very appreciated. But as know it can be done now (am i wrong?).

    May be there is some way to deal with relations of entities like Contacts or Accounts to Business Units in more handy way?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Author
    Replies
  • #35485

    Yevhen Shyshkin
    Participant

    Hello, Alex Medvedev.

    Unfortunately there is no ability to change owner after entity was created for now, but this is very good point and we definitely need to discuss and improve this behaviour.

    As for case with moving of user to another business unit – as long as owner changes its business unit all related entities should be moved to new business unit. As an alternative solution you might have the same user in two business units, so data will be shared between both business units.

    #35486

    Alex Medvedev
    Participant

    Thanks, Yevhen!

    Yes, ability to change such thing as ownership type sounds as a great thing, but from the other side it is obviously not so trivial since this config is tightly related to db schema (in fact to relation constraints between the entities), so may be it can be done with the help of migrations.

    In my use case the person could be moved to another business unit due to promotion (movement to parent BU), demotion (movement to child BU) or horizontal displacement in the position (movement to generally unrelated BU) and this case should not affect any permissions to view or deal by users from original business unit of replaced user with entities (Contacts or Accounts for example) ownered by replaced user.

    #35487

    Yevhen Shyshkin
    Participant

    Hm… If you don’t want to depend on this specific user then maybe you should change ACL access level for Account/Contact from User to Organization/System? In this case all permissions will be shared between all users in organization/system.

    #35488

    Alex Medvedev
    Participant

    No, i want to divide responsibilities between business units.

    Suppose there are 2 sets of different Contacts (or Accounts): A and B
    and 2 Business Units: C and D.

    I need to make Contacts/Accounts from A viewable/editable by participants of business unit C, but not of D and
    Contacts/Accounts from B viewable/editable by participants of D, but not of C.

    Btw i use more extended structure with hierarchical BU’s, but in simplified view it looks just like i described above.

    So IMHO ability to change ownership type for Contacts/Accounts (and ideally for any other built-in entities) can solve this case pretty elegant, as i mentioned above)

    #35489

    Yevhen Shyshkin
    Participant

    In this case the only way is really to change ownership type from User to BusinessUnit.

    To do that you have to create migration that will add businesUnit fields to Account/Contact entities and override ownership configuration – from this to that. And don’t forget to change owner data in Accounts/Contacts from user to business unit.

    After that you should be able to manage owners as business units.

    #35490

    Alex Medvedev
    Participant

    Yes, i’ve considered approach to change ownership type on my side just like you say above, but this can be conflict-dangerous during further ORO updates since such things affect vendor db schema and entity config in fact. Therefor i’ve choosen to have ‘system’ user hardly related to each BU to link entities to whole BU if needed until we cannot change entities ownership type out of the box in ORO.

    Thank you for conversation.

Viewing 6 replies - 1 through 6 (of 6 total)

The forum ‘OroPlatform – Security’ is closed to new topics and replies.

Back to top