HowToMigrateToERP5Security - ERP5 Community Wiki - Industrial Grade Open Source / Libre Software ERP/CRM Solution

ERP5 KM

Download | Documentation | Discussion | Screenshots | Demo | RecentChanges | HOW TO MIGR...P5 SECURITY


HowToMigrateToERP5Security

Overview ERP5 has a strong security system which can control permissions and local roles in module-level, document-level, etc. in combination with workflows and types. Traditionally, ERP5 used NuxUserGroups for group management. But the current trend is to use ERP5Security, which is more flexible and more integrated into the ERP5 data model. ERP5Security is based on PluggableAuthService. PluggableAuthService allows for adding new features via plugins. So ERP5Security provides three plugins to implement document and category based authentication: ERP5UserManager, ERP5GroupManager and ERP5RoleManager. This document describes how to migrate from NuxUserGroups to ERP5Security. Note that this document is very experimental, and might not be complete. Backup The first step is to backup the Data.fs, so that you can refer to it whenever necessary later. In particular, it is better to save information inside acl_users. Product Installation Remove NuxUserGroups and put ERP5Security. You also need to install PluggableAuthService and PluginRegistry. Recreation of acl_users Restart Zope, and log in as a user which is defined in the application-level acl_users (in the Live CD, zope). Then, open the ZMI on the ERP5 Site, and remove the existing acl_users. And, add a PluggableAuthService. Activation of ERP5Security FIXME: I just followed the instructions in the source code of ERP5Site. It might be possible to simply execute setupERP5Site again. Ownership The ownership of ZODB objects (notably Script (Python)) is broken now, because all the users are removed. In this configuration, Zope emits a strange error when you execute a script. So it is better to take the ownership of objects. But it is not recommended to take the ownership of ERP5 Documents, because the owner is used to control security. FIXME: then, what is the right way to fix the ownership of documents? In my case, I didn't have important documents, so I took over all the ownership of the whole site. User registration In ERP5Security, accounts are defined in Person documents. According to the previous information, input all the users and fill in the assignment of each person correctly. If the person has a login, a password and at least one open assignment, the user account is activated. HowToMigrateToERP5Security (last edited 2008-01-03 13:48:01 by localhost)

Immutable Page
Comments
Info
Attachments
More Actions:

Login

Learn about new ERP5 releases,technical articles, events and more.

Subscribe to the monthly ERP5 Newsletter!