6 Aug
2012
6 Aug
'12
3:22 p.m.
> If a user has the right to edit a page then he can
see all the
> property values of objects attached to that page.
I will look into the hole confidental data thing
i worked at company where they used hidden properties as well.
In IBM Lotus Notes, client versions 5 till 7
The same trick was widely used by everyone.
It was good - for really doing one's work one had to know more than bare
minimum.
But it was security breach nonetheless.
It looks like IBM/Lotus could not implement per-property visibility.
And probably it is rather hard to implement it in doc-flow systems at all.
--
View this message in context:
http://xwiki.475771.n2.nabble.com/Inventory-Macro-tp7580719p7580727.html
Sent from the XWiki- Users mailing list archive at Nabble.com.