We have a need to give our Internal Audit department the ability to see “who are our users and what access do they have” on our Cuba based system.
By default we use a “deny all” policy and depending on the needs of a specific role add access.
For our IA role I gave access to all sec$ screens and read access to all sec$ entities and it works fine when they open the Users and Access Groups Browse and Edit screens.
When they open the Roles Browse the log files states:
com.haulmont.cuba.web.gui.components.WebAbstractTable - Editable column ‘defaultRole’ is not permitted to read or update
but it opens and shows all Roles.
However, if they then select any role it opens the Edit screen, but no data is shown under screens, entities etc. as shown below:
Can anybody please advise what we need to do further?