I have a project converted from 18.104.22.168 to 2.5. In 2.5 i'm having troubles understanding the new security setup. I have a entity called "Customer" with same attributes like name / street ect. This entity derives (or generalization) of the entity Administration.Account. When I create a new customer with the user MxAdmin the system works perfect. But if I login with a different account the system always gives me a security error that the user isn't allowed to create an entitiy called Customer. I set all the obvious access on the objects... but without any results. My test user can edit accounts but can't create them. Do i miss something or is it simply not possible in 2.5 to create user accounts without having to log in as MxAdmin.
To create a new System.User object the current user needs to have all the user roles of the new users in its grantable roles.
You can define the grantable roles for each user role (see project - security - user roles). With this setting you define what roles a user with this user role can grant to another (e.g. a new) user.
This behaviour did also exist in 2.4, but maybe you have to configure it again because you changed your inheritance structure by inheriting from Administration.Account.
Johan den Haan
Go to Project > Security ( I assume that the security level is set to production and the security is checked).
Is the project status complete ?
Have you added the module role of the role that is allowed to create users to the user role (Second tab)?
When you have done that you go to the first tab (module status) and check for your module all settings?