Good morning guys,
I’m suspicious that the system has a vulnerability flaw regarding permissions, but specifically in the services/products module.
Currently, I have a group of users in my company, called technicians, they only have access to the product registration and cannot view or create services, due to commercial secrecy.
When entering the module, products appear, and services are omitted as configured. However, if I go to the “Price to buy” tab or any other product and click on “show list”, it lists all products and services, even if the user does not have permission to do so.
