I just realised this and have to draw your attention to it.
The current user permission is seriously flawed.
I tested with a procurement officer user who is supposed to have access only to create Suppliers and purchase orders and noticed the flaw.
The procurement officer is able to generate a spend money transaction even though he has no bank or cash access by duplicating the spend money transaction he is allowed to view.
He is also able to edit and update records Purchase Invoices transactions already showing in the Supplier’s records even though he doesn’t have any permission to do so.
Same applies to Customers, and employees, a user having no access to pay slips can still duplicate or edit pay slips from the employees tab. I haven’t taken my time to check everything, but I believe you know the right places to check.
I believe the permissions should be specific to the tabs and not generalized. I may want my Procurement officer to be able to View, Create, and Update and delete things under suppliers and purchase orders but only need him to see Purchase invoices and not be able to do anything to it.
So in the table below I have elaborated on the permission controls procedure that will solve the current permission control weakness.
I have come across similar complaints before; I just don’t remember the user or the topic title.
I dont know If you have already talked about improving it or there is a way out