Ability to access "History" for restricted user

Is there a capability to access “History”, “Attachments” and “Backup” for a custom user using cloud edition?
I cannot find an option through establishing the user permissions.

1 Like

You will not find that capability, because it does not exist. If a custom user could access those features, they could bypass permissions. None of those is filtered by user. So anyone who can see the History file, for example, could undo transactions they are not permitted to view, create, or edit.

Have you tried the history button on individual invoices or transactions

There is only an option at the bottom (for example, in a Purchase Invoice) for “History”


which gives this message

Unfortunately, I cannot find how to adjust the respective user permissions.
Given that Tut said this capability doesnot exist, then why this message?

Is there any case to add these options in future?
As regards “History” and considering that it can be filtered by user (already provided), why not to provide only permission to undo an action only from the respective user?
(I understand that it may be technically complicated to be built, but I am just wondering -
I believe that for a custom user the ability to see both his/her actions through history and the others actions is rational, otherwise how he/she can understand who made any changes to his/her existing entries e.g. administrator or other user with permission?).
In addition, regarding “Backup”, I do not believe that it could bypass permissions. Backup may be needed to executed by a custom user (for example, to work temporarily offline and after that to update the cloud database). Of course, this user may ask administrator to create a backup file, however I think that creating that independently would be beneficial as an option.

Although you may think this is logical it is not.

For example assume you created an invoice and an admin user then made a change to that invoice. If you would “undo” the creation of your invoice, how should manager know what to do? The invoice no longer exists and therefore the changes by the admin would not be related to anything.

You are right. This is the reason why I said that it may be complicated.
However, in this case, it would be very beneficial for a custom user only to view the history (by default without any right to make changes). I do not believe that there are any constraints for this requirement (at least from the technical side).

I agree with this. Added to ideas. There should be definitely option for this.

It will be best, in my opinion, to restrict user access to the general History tab and only allow them to view the history of the items (Documents) to which they have been given access.

3 Likes

Nice!
What about your approach concerning “Backup”?

The problem with allowing custom users access to any form of backup is that backups are copies of the entire database and include transactions, subsidiary ledger setups (like customers), settings—everything. Trying to provide partial access based on a complicated list of permissions seems intractable. And why does a custom user, with restricted permissions, need access to a backup of the business data file in the first place? What are they supposed to do with it?

As I have justified; for example, a custom user may need to work temporarily offline and update afterwards the cloud database.
I do not believe that providing partial access to the backup file drives to a different status; the database will be the same (the same permissions/restrictions), so the user will have the same accessibility as before.
In any case, as I said, if it is intractable and is not deemed benefecial, I can leave it. Any custom user may seek a backup from the administrator if needed…

A user who has a manager business file can load it into Manager desktop where multiple users are not supported.

If you want to protect fine grained user permission you must first secure gross access. Loosing gross access (to your entire business file) means you have also lost all fine grained control.

2 Likes

@evans please note, if a restricted user get a copy of backup file and load it in desktop edition, there will be no restriction at all, he/she will have the administrator’s permission to access and modify anything he/she want. there will be nothing to talk about restricted user anymore.(just my understanding)

4 Likes