erp5.org  |  nexedi.org  |  openbrick.org  |  umigumi.org  |  storever.com  |  nexedi.com
 
Printable version XML version
Login
Name

Password


Join
Forgot your password?

Highlights

ERP5: A Next-Generation, Open-Source ERP Architecture

ERP5 Success Story

Linux ERP Software List

Open Source / Libre ERP List
erp5.org => wiki.erp5.org !

erp5.org has permanently moved to wiki.erp5.org !

Current status of ERP5 community websites:

  • www.erp5.org should redirect to wiki.erp5.org automaticcaly.
  • wiki.erp5.org is the place where fresh news and documentation are published.
  • cps.erp5.org is the old erp5 community website.

Note: if you created content in this ancient portal, please migrate it to the wiki. The old website will stay online as long as all contents are not mograted to the wiki.

ERP5 Security Model

Howto manage the security under ERP5 :

An ERP must be able to interact with many different users inside a company. You probably don't want that your workers can see and modify your sales.

Do we need to set a different permission for every object inside the Document folder (for Person, Telephone, Organisation, ....) ? It's one possibility but this is very awfull to manage after.

I should look how a Topic is managed by default under Zope. So I can have some clue about how to manage our documents under ERP5.

I should also read http://www.erp5.org/Members/jp/structure.stx/view, so I can create some kind of "type of document", for each type will correspond at least one document.

Many documents types :

We can find in a ERP many differents types of document. You should have a look to this document wich describes the ERP5 Content Management structure.

So he have some kind of "types" of documents, this means that several differents documents can fit in a kind of category. For example, we can join together all documents concerning people. This includes : Person, GeographicAddress, Telephone... It's even more complicated, because we can also assign a telephone number to an Organisation.

Roles :

The best way to handle the security his to defines several roles. A roles corresponds to the job of an employee in a company. So we can have : Sales Managers, Workers, Director... For each function, for example addPerson, we will defines the default list of roles allowed to access it. Since there's a huge list of different documents, we should when it's possible to group them. Of course, it's easy to modify our choices inside the Zope management interface.

Groups :

We can store many informations related to the coordinate of people and companies. It could be very useful if anyone could access to it. Anyone should also be able to create a new contact inside his personnal folder, then he can submit it, so this contact can be seen by everyone. But everyone should not be able to modify every organisations or telephone... so we must have some specifics right for that, we need a manager of coordinates, this is what he can modify : 

    Coordinate :
      Organisation
      Telephone
      Fax
      Address
      Person
      Email

Some basics operations are authorized to everyone in his own folder, theses operations are listed below : 

    Content :
      Folder
      MailMessage
      Document
      File
      Image

Financial informations are really sensible. Would you like that anyone can change his own PaySheet ? Probably not. So we must allow only to a few people to change a PaySheet. It's the same thing for the view of a PaySheet, it's better if every employee can see only his PaySheet. It's the same thing for a bank account, your clients probably don't want that you let everyone looking their personnal informations, so it's necessary to restrict the view of a Bank Account. This is what we can access with the Finance right : 

    Finance :
      Bank Account
      Sales Opportunity
      Paysheet

Following a product :

Let's imagine the production of a product. First of all, we have the contact with a client.

Client and employee manager :

A list of contacts with many companies is managed by the client manager. He should update the contact, so the list his useful at any time. So the client manager can enter the coordinates of clients. There's at least to thing to modify : a Person and his Organisation. So the client Manager needs both the right on view and modify the "Coordinate". With this list a commercial can search some sales opportunities...

With the same right, we should be able to manage informations about the employees of our company. We can enter for example the skills of every employee, so after we can manage the ressources of our company.

Commercial :

A commercial can called by phone some clients who might be interested to buy something. So he can enter store some Sales Opportunities. He can also discuss about the price, so he needs the Finance right. By the same time, he need to see with some engineers if the company can produce and at wich price.

Engineering :

With a "engineering" permission, we can design a new product. We can assembly several components, and define the conception. For that we need informations from the production.

Production :

The production manager have to know the skill of people, wich is defined by the employee manager.

With the production right, we can define what was manufactured in the factory.

Then the production manager should be able to see the current inventory.

Inventory :

This is used for the stock that we have from our suppliers. It can also be used for the products proposed by suppliers, without having them in our stock.

Initialization :

As you can see with the RAD (Rapid Application Developpment) documentation, all accessors and constructors of our documents are generated automatically. Of course, we want to keep the very nice things called RAD, (we don't want at all our application becomes SAD, for Slow Application Developpment ;) ). So we need to generate automatically the security settings.

The best way to handle it is to set an attribute to the document. We can create an attribute permission_type. So for the Person document, we can add this line : 

    permission_type = 'Coordinate'

Specific to Coramy :

Content : 

    Folder
    MailMessage
    Document
    File
    Image

Reporting : 

    Topic

System :: Category Account

Finance : 

    Bank Account
    Sales Opportunity
    Paysheet

Engineering : 

    Modele
    VarianteModele
    Vetement
    Nomenclature

People : 

    Organisation
    Telephone
    Fax
    Address
    Person
    Email
    skills of people

Production : 

    ... To be determined

Inventory : 

    Tissu
    VarianteTissu
    Gamme
    VarianteGamme
    Composant
    VarianteComposant
    Coloris


(c) 2001-2004 ERP5 Foundation
www.erp5.org
All Content Published Under Free Licenses
Powered by ERP5 Open Source ERP, Zope, CPS and Nexedi