I just realized even restricted users who don’t even have access to bank accounts are now able to receive or pay into all bank accounts in the system.
Please this needs to be corrected
I can reproduce this in 21.4.60
Notice the user hasn’t been granted access to the bank and the cash account tabs but can access all the bank accounts and cash accounts.
If users are authorised to use the Receipts and Payments tab then they must have access to at least one bank or cash account or else they will not be able to enter the transaction
The question is whether they can access the bank and cash accounts themselves or only select them for receipts and payments.
In my case the user has been granted his cssh account. Just woke up this morning and I realize he can see and post transactions into all the company bank accounts too.
Autocomplete box fixed in the latest version (21.4.61)
Exactly what was fixed, @lubos? Are you saying the dropdown list will only include cash/bank accounts authorized for the user? That is how I am interpreting your statement.
@Tut I can confirm it has been fixed
Yes, but exactly what was fixed? Two people have now said it is fixed, but I am still not clear what was fixed.
@Tut this was merely autocomplete box so it doesn’t offer restricted user to select bank accounts which they don’t have access to.
Actually, I have a restricted User who has access to only one Cash A/c, but he can still access one bank A/c while the others remain restricted.
These are two transactions I can access from a restricted User account, one transaction belong to the cash account which he has access to while the other one belongs to bank account which he is supposed to have no access to (of course other transactions for the same bank are accessible by him as well).
You can see the same user Permissions.
Every time changes made to user permissions brings disaster to my business’s workflow.
I have too many bank and cash accounts which are managed by a large number of employees. These random and sudden changes force me to manually check each employee’s permission and put on/put back permissions. So as you can see, any changes made in user permissions within the software directly affects me badly.
Good thing about this particular update is, all default accounts which were given access to each employee’s ID got automatically deselected. Meaning none of the employee had access at all unlike the last update.
I would only request the developers to try maintain user’s default selection in user permission prior making changes to the system. It would help us reduce risk and avoid unnecessary tasks in every updates.