Every registered user should be allowed to see the Dashboard. The Dashboard may be empty if the user has no permissions to see anything else. Just as it is on a new installation with no information yet. Empty should not mean a blank page, but one helping to get started, learn more, how to request permissions, whatever the case may be. On 1 May 2013 10:28, Gary Martin wrote: > On 01/05/13 01:42, Olemis Lang wrote: > >> On 4/30/13, Anze Staric wrote: >> >>> Both product list and global dashboard currently require PRODUCT_VIEW >>> permission in global context and are therefore not visible to >>> anonymous users. >>> >>> Are there any unwanted consequences if we grant this permission to all >>> users (in global env) during the upgrade? >>> >>> Please do not do that . It's annoying when upgrades hijack the >> decisions made by admins + users ... especially when it comes to >> security & permissions which might compromise the stability , >> confidentiality policies , ... of certain environments . >> >> > Olemis is right in principle. We should never be setting user permissions > on an upgrade. > > I am not convinced that PRODUCT_VIEW is the correct permission for showing > this page as a whole. Although in a sense it is still messing with > decisions on permissions, we could change it to TICKET_VIEW. If it is not > already in place we also need to make sure that we are able to determine > which products a user should have access to along with respecting the > permissions of anything within each product that might get displayed. > > Cheers, > Gary > -- Joe Dreimann | *User Experience Designer* | WANdisco @jdreimann * * *Join one of our free daily demo sessions on* *Scaling Subversion for the Enterprise * THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE PRIVILEGED. If this message was misdirected, WANdisco, Inc. and its subsidiaries, ("WANdisco") does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of WANdisco, unless the author is authorized by WANdisco to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by WANdisco. Although WANdisco operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed.