Access to add and change pages is restricted. See: https://cwiki.apache.org/confluence/display/OFBIZ/Wiki+access

Security Administration

Overview: The OFBiz Security services control access to various parts of the application. The security services are based on user login IDs, security permissions, security groups, and roles.

OFBiz follows two general patterns for enforcing security permissions: the "Application Pattern" - which grants user permissions for a particular application area, and the "Role Limited Pattern" - which grants user permissions based upon the user's association with a particular element. Which pattern is used depends upon the application.

There are 3-5 steps needed to implement user security in OFBiz:

  1. Create individual Security Permissions
  2. Create Security Roles
  3. (Optional) Create Security Groups
  4. (Optional) Assemble the roles and individual permissions into Security Groups
  5. Assign User Login IDs to the security groups, roles, or permissions


Most OFBiz applications already have user security settings implemented - but it's good to understand how the individual parts work in order to assign those pre-defined permissions to your OFBiz users.

Security Permissions: Individual security permissions are typically used to grant a specific permission to a particular OFBiz element. For example: the Security Permissions ORDERMGR_CREATE, ORDERMGR_UPDATE, and ORDERMGR_DELETE grant create, update, and delete permission in the Order Manager application as a whole.

Role Limited Permissions:  they provide a mean to associate a user ID with a particular OFBiz element. For example: a user is assigned the ORDERMGR_VIEW permission, and is associated to a particular facility (let's say XYZ Company) with the ORDERMGR_ROLE_UPDATE security role. This combination would allow the user to view orders for all facilities, and update orders for the XYZ Company facility only.

Security Groups: Security Permissions and  Role Limited Permissions can be assembled into Security Groups - making it easier to assign 'batches' of permissions to user login IDs (though the Role Limited Permissions relate to Parties). Most OFBiz applications will have some groups predefined. You can create additional security groups if you wish.

Assigning User Login IDs: Use the Party Manager application to assign security permissions to user login IDs. This application is also used for setting up the Security Permissions, Roles, and Groups. If you need to know more about how to setup permission for a new user to access an application you can refer to this external tutorial

Securing the OFBiz Installation: OFBiz is preloaded with user login IDs and security permissions - which provide 'back doors' for hackers. Be sure to secure your OFBiz deployment before going online - by following How to secure your deployment

Additional Information: The predefined security permissions can be found in the in the *Security*.xml files. Look for these elements: SecurityPermission, SecurityGroup, SecurityGroupPermission, and UserLoginSecurityGroup. In addition, the PDF files attached to this page list default security permissions and groups, in 2004 but still interesting. And and OpenOffice file done 2009 where permissions and groups are wrongly called Roles but are very detailled.

  • No labels