You are browsing the documentation for version 4.2 of OroCommerce, OroCRM and OroPlatform, which is no longer maintained. Security Support ends in January 2024. Read version 5.0 (the latest LTS version) of the Oro documentation to get the updated information.
See our Release Process documentation for more information on the currently supported and upcoming releases.
OroSecurityBundle extends Symfony security capabilities to enable a role-based ACL security system in the Oro applications.
The bundle enables developers to set up access restrictions for entities and non-entity related actions using the DOC-block annotations and the YAML configuration files. It also provides UI for application administrators to configure the entity-specific permissions for particular user roles based on the entity ownership.
Read more in the following topics below:
- Introduction to Security in Oro Applications
- Access Levels and Ownership Illustration
- OroSecurityBundle Features
- Custom and Configurable Permissions