Let’s suppose that we have a restricted user with the following permissions
User Permissions:
Limited Access
Permitted Actions:
View, Create
on:
Sales Quotes
Sales Orders
Inventory Items
When the user check the inventory items, he can drill down for an item for example in the column “Qty to deliver”.
Then he can reach the invoice for a specific customer, who has bought this item, and see, edit the invoice
I don’t really consider this a bug. To be honest, not sure yet how to move forward with user permissions without over-complicating it.
For example, there has been another request recently where restricted user shouldn’t see any cash accounts or bank accounts but they should be able to create new cash transactions to receive money from customers… so go figure.
Yes you are right, the security issue is not an easy issue.
Thank you anyway