Gareth Cantrell Posted November 9, 2023 Share Posted November 9, 2023 I tried to copy the "Supplier User" role in Supplier Manager and removed all the canCreate-, canDelete and canUpdate- permissions, leaving only the canView- permissions in place. However, this doesn't work as expected and the user in this "view-only" role can still update and delete everything, despite not having those permissions assigned. How can I create a role which restricts access to the Supplier, and more importantly, the Contract information? Link to comment Share on other sites More sharing options...
Steve Giller Posted November 9, 2023 Share Posted November 9, 2023 Can you show the config of the edited Role and all the Roles the User has? When I remove all but the canView* rights I don't get the option to Create a Supplier - the left User has the ootb Role, the right has the View-Only Role I created. Link to comment Share on other sites More sharing options...
Steve Giller Posted November 9, 2023 Share Posted November 9, 2023 I do see a Create New option for Contracts, so I'll report that internally. Link to comment Share on other sites More sharing options...
Gareth Cantrell Posted November 9, 2023 Author Share Posted November 9, 2023 @Steve Giller I found the source of the confusion ... the edit buttons on each panel are still shown and allows you to go into edit mode and after editing the fields, the Save button activates. However, when clicking the Save button an error is shown. From a usability perspective, it would be better if the Edit buttons were not shown if the update permissions are missing. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now