I’m working with version 7.00.0015
I have added security module to my project, group mode setup.
The users and groups have been set. Then users have been assigned to groups. Finally grants for applications/groups have been set.
My project has a menu which includes the security sub-menu (automatically set by scriptcase).
When I run the application, and I login as a user who has no grants for some applications (like security applications for example) :
- the user has access to the security sub-menu viewing all its items
- the user can select any of its items and the corresponding application is launched, despite the user has no permission nor access
- the unique difference with a user which has permissions is that has no access to update-insert-delete button to change data, but can view all the records
I have added a user without been assigned to a group, login with that user and the result is the same as describe above: the user has access to all applications in the project, but no update-delete-insert buttons to change data in each application.
I expect that a user belongs to a group which has explicit dennegation for a insert/access/update/delete operation (through out the application/group app) neither can access nor realize information changes in that application…
Furthermore, I expect that a user doesn’t belong to any group, can’t access any application.
Is a bug ?
Another minor bug I have found is when a user access the form linked to the login application for a new user creation. This form adds a user to the database with no data in the “Active” field of the corresponding table in the DB. However, when I login as admin privileges user, and enter the application for this user update, the radio button which represents the Activ field of the table in the DB shows Activ status !!!