OroPlatform Forums

Covering OroPlatform topics, including community updates and company announcements.

Forums Forums OroPlatform OroPlatform – Security business unit tree structure seems useless

This topic contains 3 replies, has 3 voices, and was last updated by Ahmad Golzar Ahmad Golzar 5 years, 11 months ago.

Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.

  • Creator
  • #35480
    Ahmad Golzar
    Ahmad Golzar


    I’ve been doing some tests on ORO security system. I have defined a hierarchy of business units. My expectation was that when I assign a Business Unit to a user, the user will have access to all entities that their owner is users that belong to children of that business unit. But my tests show that I should assign the user the children business units as well to achieve this. Therefore it seems being able to define a tree of Business Units is of no use. You could easily define them flat.

    So my question is that either this is bug in the current version and it will be corrected later or it is intended to work like this.


Viewing 3 replies - 1 through 3 (of 3 total)
  • Author
  • #35481

    Yurii Muratov

    Hi, Ahmad.

    To have access to records from child business units, You should set division access level.
    Then You set business unit access level, You will haven’t access to records from child business units.

    More info about access levels You can see here: https://github.com/orocrm/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/access-levels.md
    And some examples here: https://github.com/orocrm/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/examples.md

    Dima Soroka
    Dima Soroka

    The tree of business units is used for access level definition as “Division” (assigned BU + all children) or “Business Unit” (only selected business unit). More details you can find on examples page.

    Please let us know if something doesn’t work and feel free to open issue on github if this is the case.

    Ahmad Golzar
    Ahmad Golzar

    Dear Yurii and Dima,

    Thank you so much for the replies. I knew I should have missed something. It is clear now.

    As I was reading the document I got to this part about “user” access level:
    User: Allows to gives a user a permissions to access to own records and records that are shared with the user.

    What does this part mean?
    “records that are shared with the user”

    Is this the “share” feature that is going to be added to oro in future releases? Or is it already functional.

    Thanks again,

Viewing 3 replies - 1 through 3 (of 3 total)

The forum ‘OroPlatform – Security’ is closed to new topics and replies.

You will be redirected to [title]. Would you like to continue?

Yes No