| chat.freenode.net #tryton log beginning Tue Jun 7 00:00:01 CEST 2016 | ||
| 2016-06-07 00:07 -!- JosDzG(~Thunderbi@fixed-203-141-189-203-141-123.iusacell.net) has joined #tryton | ||
| 2016-06-07 01:20 -!- kstenger(~karla@r186-50-59-88.dialup.adsl.anteldata.net.uy) has joined #tryton | ||
| 2016-06-07 01:34 -!- cedk(~ced@gentoo/developer/cedk) has joined #tryton | ||
| 2016-06-07 01:37 -!- Pilou(~Pilou@rogoth.ir5.eu) has joined #tryton | ||
| 2016-06-07 01:38 -!- Pilou(~Pilou@rogoth.ir5.eu) has joined #tryton | ||
| 2016-06-07 01:38 -!- Pilou(~Pilou@pdpc/supporter/active/pilou) has joined #tryton | ||
| 2016-06-07 01:39 -!- Pilou(~Pilou@rogoth.ir5.eu) has joined #tryton | ||
| 2016-06-07 01:39 -!- Pilou(~Pilou@pdpc/supporter/active/pilou) has joined #tryton | ||
| 2016-06-07 01:40 -!- Pilou(~Pilou@rogoth.ir5.eu) has joined #tryton | ||
| 2016-06-07 03:21 -!- JosDzG(~Thunderbi@fixed-203-141-189-203-141-123.iusacell.net) has joined #tryton | ||
| 2016-06-07 03:26 -!- JosDzG(~Thunderbi@fixed-203-141-189-203-141-123.iusacell.net) has joined #tryton | ||
| 2016-06-07 05:49 -!- frispete_(~frispete@p54A915D6.dip0.t-ipconnect.de) has joined #tryton | ||
| 2016-06-07 07:14 -!- ccaz(~ccr@ax313-1-82-66-159-99.fbx.proxad.net) has joined #tryton | ||
| 2016-06-07 07:47 -!- rpit(~rpit@2a02:908:e672:9420:56ee:75ff:fe0d:d3c7) has joined #tryton | ||
| 2016-06-07 08:00 -!- Timitos(~kpreisler@host-88-217-184-172.customer.m-online.net) has joined #tryton | ||
| 2016-06-07 08:01 -!- prayashm(~prayashm@103.194.232.184) has joined #tryton | ||
| 2016-06-07 08:01 -!- prayashm(~prayashm@unaffiliated/prayashm) has joined #tryton | ||
| 2016-06-07 08:14 -!- udono(~udono@ip-178-202-239-138.hsi09.unitymediagroup.de) has joined #tryton | ||
| 2016-06-07 08:22 -!- cedk(~ced@gentoo/developer/cedk) has joined #tryton | ||
| 2016-06-07 08:44 -!- zmijunkie(~Adium@x2f7f592.dyn.telefonica.de) has joined #tryton | ||
| 2016-06-07 08:56 -!- mrichez(~smuxi@mail.saluc.com) has joined #tryton | ||
| 2016-06-07 09:04 -!- zmijunkie(~Adium@b2b-78-94-52-226.unitymedia.biz) has joined #tryton | ||
| 2016-06-07 09:49 -!- shrox(shrox@nat/iiit/x-rtksxordnwpftern) has joined #tryton | ||
| 2016-06-07 10:45 -!- shrox(shrox@nat/iiit/x-tphlpwqxmlcmqugt) has joined #tryton | ||
| 2016-06-07 10:48 -!- meigallodixital(~meigallod@249.135.116.91.static.reverse-mundo-r.com) has joined #tryton | ||
| 2016-06-07 11:22 -!- nicoe(~nicoe@host-85-201-184-151.dynamic.voo.be) has joined #tryton | ||
| 2016-06-07 12:45 -!- mrichez(~smuxi@mail.saluc.com) has joined #tryton | ||
| 2016-06-07 12:45 -!- tbruyere(~smuxi@mail.saluc.com) has joined #tryton | ||
| 2016-06-07 12:47 -!- shrox(shrox@nat/iiit/x-ujsxxvqhovnkrfiq) has joined #tryton | ||
| 2016-06-07 12:48 -!- shrox(shrox@nat/iiit/x-dswbayogpocowqzc) has joined #tryton | ||
| 2016-06-07 13:06 -!- mariomop(~quassel@181.92.2.104) has joined #tryton | ||
| 2016-06-07 13:45 <sisalp> hello everybody. For a training package, I 'am planning to do the following : | ||
| 2016-06-07 13:45 <sisalp> - limitate admin user to Administration menu | ||
| 2016-06-07 13:46 <sisalp> - create a powerful user called "manager" to administrate the ERP for everything the admin has now reason to know | ||
| 2016-06-07 13:46 <sisalp> Anyone has done this already ? | ||
| 2016-06-07 13:56 <sisalp> if I keep only the group "Administration" for the admin user, can it break module installation at configuration step ? | ||
| 2016-06-07 13:57 <sisalp> If I add all groups but "Administration" to "manager" user, is he autonomous for setting all the ERP functions, but creating users and installing modules ? | ||
| 2016-06-07 13:58 <pokoli> sisalp: I have never done something like this | ||
| 2016-06-07 13:58 <pokoli> sisalp: AFAIK admin user is not user for module installation, so it won't break anything. You only have to take in account that groups are added to admin user via xml definition | ||
| 2016-06-07 13:59 <pokoli> sisalp: and for the manager user, it should be autonomous of setting all the ERP functions otherwise (IMHO) its a bug and must be fixed | ||
| 2016-06-07 13:59 <sisalp> up to here it says : you are not allowed to delete this record (in French), it is part of base configuration | ||
| 2016-06-07 14:00 <pokoli> sisalp: of course, because this is set via xml. | ||
| 2016-06-07 14:00 <pokoli> sisalp: I'm wondering if it won't be easier to inactivate the admin user, and create your own user that only belongs to the administration group | ||
| 2016-06-07 14:01 <sisalp> pokoli: good idea | ||
| 2016-06-07 14:03 <sisalp> pokoli: I would create a "ERP administrator" who is limited to administration. | ||
| 2016-06-07 14:04 <sisalp> Tryton accepts that I dis-activate the admin user. Good so far ... | ||
| 2016-06-07 14:05 <sisalp> but I cannot change admin login | ||
| 2016-06-07 14:07 <udono> sisalp: Hi, watch out that you are not going to jail you out of Tryton by deactivating the admin user. | ||
| 2016-06-07 14:08 <udono> sisalp: I would not touch the internal admin user. Give him a strong password, nobody except you knows. | ||
| 2016-06-07 14:09 <udono> And create a new "adm" odr "Admin" or "administrator" for the other users. | ||
| 2016-06-07 14:11 <pokoli> sisalp: yes, login can not be changed because is loaded from xml also, so you have yo user another login as udono suggested | ||
| 2016-06-07 14:11 <sisalp> Udono: thank you. I created "supervisor" and "manager". If supervisor is able to change admin password, I can forget it | ||
| 2016-06-07 14:12 <sisalp> have you any opinion on what I'm doing ? shouldn't it be good practice ? | ||
| 2016-06-07 14:12 <udono> sisalp: Sounds reasonable | ||
| 2016-06-07 14:14 <udono> sisalp: the distiction of supervisor and manager I don't understand, but Iam sure you'll have reasons. | ||
| 2016-06-07 14:16 <sisalp> words are not the best indeed, the idea is that the technician in charge of opening access/closing access to users has no reason to be allowed to configure key functions, and vice-versa | ||
| 2016-06-07 14:16 <udono> sisalp: so why don't give him the admin password? | ||
| 2016-06-07 14:17 <sisalp> because the admin can do everything on all functions | ||
| 2016-06-07 14:19 <sisalp> and I cannot depopulate admin user | ||
| 2016-06-07 14:19 <udono> sisalp: ok, understand. But I think you need some additional Groups to restrict the technican, because when you give him the group "Internal Administration" she has something like full access. | ||
| 2016-06-07 14:20 <udono> /him/her/ | ||
| 2016-06-07 14:21 <cedk> sisalp: but a user that can create users and set access rights, has by definition access to everything he wants | ||
| 2016-06-07 14:21 <sisalp> yes I agree. Adding modules too is very powerful. and he can can create any user for himself | ||
| 2016-06-07 14:21 <sisalp> cedk: this is my point, yes | ||
| 2016-06-07 14:22 <cedk> admin is like root so of course it is better to use for daily work a limited user | ||
| 2016-06-07 14:22 <sisalp> the idea is to organize things a little better to encourage reasonable practices, in particular, not managung a company from admin user | ||
| 2016-06-07 14:23 <sisalp> so it is a matter of first proposition at system setup, then the admin user can do what he wants | ||
| 2016-06-07 14:26 <sisalp> cedk : if my supervisor has access to module install, but not to account configuration, will the installation/initial setup of account fail ? | ||
| 2016-06-07 14:28 <udono> sisalp: maybe you can use record rules to filter the internal administration group for the technican, so when he creates ne users he can not choose it to get full access. You can forbid the access to the modules and many other internal settings via model and menu access. But I think it is a little bit work to set it up. | ||
| 2016-06-07 14:28 <cedk> sisalp: normally not | ||
| 2016-06-07 14:31 <sisalp> cedk: so probably I can succeed in just creating two additional users, one for Administration menu, the other for all other menus as suggested by pokoly:, then propose to users to refrain using admin when not necessary | ||
| 2016-06-07 14:33 <cedk> sisalp: yes like you do on UNIX | ||
| 2016-06-07 14:34 <sisalp> cedk: I thought UNIX was better because here I just hide menus, not sure it is enough to enforce security | ||
| 2016-06-07 14:37 <cedk> sisalp: if the supervisor user is only in admin group, he can not access account, sale, purchase etc. | ||
| 2016-06-07 14:37 <cedk> sisalp: but yes it is a user who has by default the right to create users | ||
| 2016-06-07 14:38 <cedk> sisalp: so it is like a user on UNIX who has the right to write on /etc/password | ||
| 2016-06-07 14:38 <sisalp> cedk: so it is better than I tought | ||
| 2016-06-07 14:58 <sisalp> my Administration only users has party and products menus per default | ||
| 2016-06-07 14:59 <cedk> sisalp: because they are readable by everybody | ||
| 2016-06-07 14:59 <Timitos> sisalp: this is due to the fact that by default everybody can see products and parties. you need to add default permissions for these classes | ||
| 2016-06-07 15:01 <sisalp> well, parties may be useful also to set-up a user | ||
| 2016-06-07 15:02 <sisalp> let 's say it is simple and acceptable as is ;-) | ||
| 2016-06-07 15:03 <sisalp> udono : I had to restore my database because I got jailed out as you warned me ;-) | ||
| 2016-06-07 15:04 <pokoli> sisalp: you can reactivate the admin user via and sql update from the database in case you got jailed :) | ||
| 2016-06-07 15:05 <cedk> also it will be good to be able to reset admin password from trytond-admin | ||
| 2016-06-07 15:07 <udono> sisalp: :-) so it goes | ||
| 2016-06-07 15:07 <udono> cedk: +1 would be a great feature | ||
| 2016-06-07 15:20 <cedk> udono: I think there is an issue for that | ||
| 2016-06-07 15:21 <cedk> udono: https://bugs.tryton.org/issue5385 | ||
| 2016-06-07 15:33 <udono> cedk: thanks | ||
| 2016-06-07 17:26 -!- JosDzG(~Thunderbi@fixed-203-141-189-203-141-123.iusacell.net) has joined #tryton | ||
| 2016-06-07 18:04 -!- shrox(shrox@nat/iiit/x-rqdngrgdxawvzoaq) has joined #tryton | ||
| 2016-06-07 18:37 -!- kstenger(~karla@r186-55-69-179.dialup.adsl.anteldata.net.uy) has joined #tryton | ||
| 2016-06-07 18:54 -!- shrox(shrox@nat/iiit/x-nrgtivyxljblhirz) has joined #tryton | ||
| 2016-06-07 18:58 -!- prayashm(~prayashm@103.194.233.147) has joined #tryton | ||
| 2016-06-07 18:58 -!- prayashm(~prayashm@unaffiliated/prayashm) has joined #tryton | ||
| 2016-06-07 19:11 -!- Telesight(~anthony@4dae0c97.ftth.telfortglasvezel.nl) has joined #tryton | ||
| 2016-06-07 19:30 <shrox> cedk: Any idea how I can set the xlink options in <draw:image>? Like they are in this - http://pastebin.ubuntu.com/17095135/ | ||
| 2016-06-07 19:31 -!- kstenger(~karla@r186-50-17-39.dialup.adsl.anteldata.net.uy) has joined #tryton | ||
| 2016-06-07 19:43 -!- leio(~leio@gentoo/developer/leio) has joined #tryton | ||
| 2016-06-07 19:44 -!- kstenger(~karla@r186-50-17-39.dialup.adsl.anteldata.net.uy) has joined #tryton | ||
| 2016-06-07 19:44 <cedk> shrox: it is an href attribute but in the namespace xlink | ||
| 2016-06-07 19:45 <cedk> shrox: look for example at the method _handle_images of relatorio | ||
| 2016-06-07 19:50 <shrox> cedk: Cool. Having a look at it right now. Thanks! | ||
| 2016-06-07 20:37 -!- shrox(shrox@nat/iiit/x-ujnmtespmldmrvog) has joined #tryton | ||
| 2016-06-07 20:38 -!- kstenger(~karla@r186-50-17-39.dialup.adsl.anteldata.net.uy) has joined #tryton | ||
| 2016-06-07 21:01 -!- prayashm(~prayashm@103.194.233.147) has joined #tryton | ||
| 2016-06-07 21:01 -!- prayashm(~prayashm@unaffiliated/prayashm) has joined #tryton | ||
| 2016-06-07 21:06 -!- Pilou(~Pilou@rogoth.ir5.eu) has joined #tryton | ||
| 2016-06-07 21:06 -!- Pilou(~Pilou@pdpc/supporter/active/pilou) has joined #tryton | ||
| 2016-06-07 21:13 -!- nicoe(~nicoe@91.179.6.224) has joined #tryton | ||
| 2016-06-07 21:26 -!- zmijunkie(~Adium@i59F5C210.versanet.de) has joined #tryton | ||
| 2016-06-07 21:51 -!- zmijunkie(~Adium@i59F5C210.versanet.de) has joined #tryton |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!