Sapiens.BI helps you produce effective reports with charts in a fast and easy way. It is a SugarCRM BI plug-in with powerful reporting capabilities, ease of use, elegant design, and a quick and easy setup. This Reporting Tool is easy to use, there is no need for technical knowledge or SQL. The Sapiens.BI tool comes with over 100 pre-built reports.
#2615 - Rights Issue.
One security Alarming issue regarding reports. i have created report and added users module in it. One user has only right to view the report. He can add multiple fields from fields tab. And he also can add user hash from users table. I think user's module fields should be only personal info fields not all fields. **This is major security con of this plugin. ** please review this
-
"We have been using it for about a month and it is by far the best available reporting tool for SugarCRM. It is worth spending the time to learn how to use it. "
Read More Reviews
- Most Recent Love from Users
jpbievenour- EpconLP
- jason
8 years ago
Hello Sair,
This shouldn't be so. If users have permission 'Can View' (and do not have permission 'Can Edit') under 'Sharing & Scheduling tab, nothing would change for them, if they click button Preview, Save or Save as; even if they did change the fields, they can not see and can not Save those changes.
The only exception is admin users, we do not get limited.
We just re-tested the latest published version on this, maybe you have to check. But if we are mistaking, please let us know.
Thank you!
Best Regards, IT Sapiens Team
8 years ago
but user's hash should not be add able from fields tab. There should be limited information which user can add from fields. what you say?
8 years ago
admin user can control permissions to the report: if report is editable, then all fields of related modules can be added to the reports; if user has read only permissions to the report, ha can not add any of the fields.
Best Regards, IT Sapiens Team
8 years ago
I understood your point. But i am talking about a different point. Let's suppose
i created a report which also have related users module and shared with one user. I want to allow this user to just change filters of report, for that's reason i allowed user to edit the report Now user can also change fields of report and see users hash and other things too. which i think should be restricted.
I think you should secure this plugin by restricting fields of users module. i don't think so that anyone needs user hash field in report.
Thanks
8 years ago
Thank you for the feedback! In a PRO version we have added functionality which allows to give permission to certain filters for read-only report users.
Best Regards, IT Sapiens Team