no field security with csv export
Bug #854849 reported by
invitu
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo GTK Client (MOVED TO GITHUB) |
Confirmed
|
Wishlist
|
OpenERP's Framework R&D |
Bug Description
Field security is not managed in csv exporting.
If a user has not the right to access to a field in an object (for example standard price in products), he can export the data with gtk client.
This is a security hole
security vulnerability: | yes → no |
visibility: | private → public |
To post a comment you must log in.
Hi Cyril,
As discussed, this is rather an improvement request than a security bug, as OpenERP does not have per-field access rights at the moment. Also, the bug does not have to be private, so let's make it public.
Thanks for your understanding!