© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I consider this is a pure functional bug, hidden by default menu visibility configuration, and leading to a security issue in default installations. I mean security issue in term of internal confidentiality in a company.
There is a HR module, and there is a CRM module. Both correspond to different usecases, différent roles in the company, held by different teams with different permissions. An employee can be a salesman, but also an accountant, an engineer, a technician, a temporary employee, etc. He is not supposed to access any lead, unless explicitly allowed to do so by the Sales team. Ask *any* CEO if he would like *all* his employee to access by default all the upcoming Sales opportunities...
As you told it, the default behaviour is to let all employees access all leads. It really looks like a late and awkward justification of a broken default configuration :
If this is really intended, you should let the Leads and Opportunity menus be visible to everyone, otherwise it is a false impression of security for anyone. I'm curious to discover how many people are aware of this behaviour, may be we should ask on the community list?
If this is not intended, you should definitly close access to the leads when a user is not explicitly allowed.