If I want to update my profile, I see all groups, roles and business units – no matter if I have the permissions for these entities.
I log in as a “Marketing Manager” in the demo-CRM and go to the profile-update page. There I see all role and group data and can even change my business units. The permissions for the Role “Marketing Manager” are all set to None for Business Unit, Role and Group.
I must not be able to edit these. And I also should not see all Business Unit, Role and Group entries.
The forum ‘OroPlatform – Security’ is closed to new topics and replies.