[11.0][auth_admin_passkey] #GDPR Is auth_admin_passkey an ilegal module? Should OCA have such a module? about server-auth HOT 3 CLOSED

No feedback, so closing. Don't put that module if you think is not legal. Legal thing depends on your country, not on the code.

from server-auth.

@rafaelbn !
continuing the migration of modules to v12, I took a look on this issue you wrote.

I think it's a good point.
I developped the module auth_admin_passkey as an "admin" feature, to have the possiblity to log in the erp, to see what my users are seing. In fact, some bug, trouble, ACL limitation etc... depends on the context.
I think that this module is usefull regarding this aspect.

In the other hand, for the time being, it grants this power to the ERP admin user. I think that we could change that, and create a new key in the openerp.cfg config file, named passkey_password = xxxx.

1. I assume that somobody that has access to that file, has access also to the server, so to the database. So, he can read all the datas, and can change create_uid / write_uid. (In fact admin sys has all the power).

2. If an ERP admin user try to install this module, but if he doesn't have access to that file, it will not be possible for him to use this feature.

I'm not sure if I'm clear.

are you agree with such design ? I see it as more "GDPR spirit".

from server-auth.

I agree with such design @legalsylvain 👍

from server-auth.