...
A new design is being proposed, but it is not finalized. Anyone who is interested is welcome to comment, critique, and add suggestions.
Security-Aware Artifacts Introduction
The current OFBiz security implementation uses indirect security control - where permission services are used to control access to OFBiz artifacts. Permission services are small scripts that evaluate user permissions, determine if a user is related to a piece in data in some way, and other tasks. In the end, the script returns an access-granted or access-denied result (hasPermission) that is used to control access to the artifact(s) managed by the script.
...