Contributors mailing list archives

contributors@odoo-community.org

Avatar

Re: Migration auth_admin_passkey to 11.0 and 12.0

by
Agent ERP GmbH, Georg Notter
- 26/06/2019 04:50:46
Good Morning guys!!!


Actually,

The admin Can just change the write_uid or create_uid Then You have the same result!

Check this PR

It Can be done from anywhere with admin rights!

GDPR?


Mit freundlichen Grüßen

We look forward to see you. Best Regards

Dipl. Ing. (Fh) Georg Notter

Agent ERP GmbH

www.agenterp.com

Am 26.06.2019 um 03:57 schrieb Rafael Blasco <rafael.blasco@tecnativa.com>:

Hello Sylvain,

 

You must demostraste Compliance .

 

This should mean that any user/employee sign you in a contract that any human with the Odoo admin access can  make any action in Odoo with you name. Who will sign that? If employee doesn’t’ sign it is illegal if employee sign it… is legal? You could do anything without any track/trace :-\

 

In any case, making the module is fair, installing in production is dangerous. Installing it in a test environment….

 

Complicate!

 

:-D

 

Regards,

Rafael

 

 

 

De: Sylvain LE GAL [mailto:sylvain.legal@grap.coop]
Enviado el: viernes, 21 de junio de 2019 11:12
Para: Contribut
ors <contributors@odoo-community.org>
Asunto: Re: Migration auth_admin_passkey to 11.0 and 12.0

 

Hi,

 

could you precise what is the problem(s) regarding the GDPR ?

Regarding the full access that is granted by this module, It is given to the admin user only, that has by design, access to all the database. (ACL bypassed).

 

 

Kind regards.

 

Sylvain LE GAL - Twitter

GRAP - Service informatique (Groupement Régional Alimentaire de Proximité)

Site Web | FramaSphere | Facebook
3 Grande rue des Feuillants, 69001 Lyon
Bureau : (+33) 09.72.32.33.17 - Astreinte : (+33) 06.81.85.61.43

Member of the OCA (Odoo Community Association)

 

 

Le jeu. 20 juin 2019 à 15:17, Florian Kantelberg <florian.kantelberg@initos.com> a écrit :

Hi,

I would propose an OTP like process for the auth_admin_passkey and a change in the login process for the admin. It would be GDPR conform if the user has to generate an OTP first and give that to the admin who wants to access his account. The admin therefore needs his own password + the OTP from the user to login as a different user. The otp can have a lifetime as well.

I can try to migrate the module with the mentioned changes in the next days if there are no further concerns.

Regards.

Am 17.06.19 um 09:17 schrieb Davide Corio:

Hi,

I believe that the module itself is not a risk, using it the wrong way might be.

 

That module remains really useful during the development phase.

 

 

On Fri, Jun 14, 2019 at 3:52 PM Pedro M. Baeza (Tecnativa) <pedro.baeza@tecnativa.com> wrote:

Yes, server-auth is the good host. I think nobody has migrated yet because of the risks of vulnerating GDPR.

 

Regards.

_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe


 

--

Davide Corio

Odoo Solution Architect

Mobile: +39 340 810 6954

-- 
Mit freundlichen Grüßen
 
Florian Kantelberg
Softwareentwickler
 
initOS GmbH
An der Eisenbahn 1
21224 Rosengarten
 
Tel.: +49 (0) 4105 5615644
Fax: +49 (0) 4105 5615610
 
Email: florian.kantelberg@initos.com
Internet: http://www.initos.com
 
Geschäftsführung:
Dr.-Ing. Frederik Kramer & Dipl.-Ing. (FH) Torsten Francke
 
Sitz der Gesellschaft: Rosengarten – Klecken
Amtsgericht: Tostedt, HRB 205226
USt-IdNr: DE 815580155
Steuer-Nr: 15/200/53247

_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe

<GDPR_infographic_UK.PDF>

Reference