Hi everyone, I’m not sure if this is a bug or the intended functionality.
I have a user that doesn’t have access to a bank account in the settings. When she accesses the receipts tab, she can’t see the movements from this account which is great! However, when there are “uncategorized receipts which can be categorized using receipt rules”, this user can click on the yellow message and see this uncategorized receipts which correspond to a bank account she doesn’t have access to.
If this is the intended functionality, I can’t understand why this works like this. She is basically seeing transactions from an account she doesn’t have access to.
Hi @eko, thank you. She doesn’t have access to Payment and Receipt Rules but still see the transactions when clicking the yellow sign. So I guess it is not related to that.
There are several reasons why there can be uncategorized transactions. One is while I’m categorizing them, someone could join at the same time and see them. Another one is because I could leave some transactions uncategorized on purpose until I find out more information about them.
In my opinion, if a user doesn’t have access to a bank account, and doesn’t see the transactions in the Payments and/or Receipts Tabs, then that person shouldn’t be able to see the uncategorized transactions of the bank account her/she doesn’t have access to.
First, Manager is designed to avoid discarding data already entered. That is why there are uncategorized transactions, the Suspense account, and so forth. I am not sure it is possible to design a complex program that can account for all the possibilities that might arise when functional tasks are interrupted or incomplete.
Second, as a result, it is dangerous to leave tasks in that condition in a multi-user environment. If you abandon a task for any reason, you expose yourself to potentially unpredictable risks.
Third, your practices are appropriate for a single-user environment. But when there are multiple users, you would be better off to complete the transactions—that is, to categorize them—and return to edit them later, if necessary. You are treating the database as your personal sandbox, but you have allowed others access to it. I’m not sure there is any way to guard against everything they might see while you temporarily turn your back.
Hello @Tut, I understand your comments but I don’t agree. I believe there is a security issue that should be addressed (it should be a simple fix).
If a user doesn’t have access to see the transactions in a bank account, they shouldn’t see them in any part of the system. It really doesn’t matter if a transaction from the bank account that the user doesn’t have access to is categorized as “bank expense”, “cost of good sold”, “suspense” or “uncategorized”. The user shouldn’t see it.
I don’t think this has nothing to do with the fact that I’m interrupting a functional task, but with the fact that a user is seeing transactions from a bank account that he/she doesn’t have access to.
I’ll prepare more screenshots to describe this better.
Hi @Tut, here is a more in depth thought with some screenshots as examples:
I have created a test company with a test user. There are two bank accounts, one Private (only administrator can see) and one Public (test user and administrator can view). This are the settings for the test user:
But when he clicks on the yellow sign that says there are uncategorized receipts, he suddenly can see the transactions in the Private account that he doesn’t have access to. These transactions haven’t been categorized yet, but they were imported to either the Public or the Private account. In my opinion, this view should be adjusted to show ONLY the uncategorized receipts from the bank accounts that the user has access to. The test user shouldn’t be able to see transactions that were imported in the Private account:
I hope this helps explain the situation and where I believe the system could be improved. In one of the views, the user should only see what he has access to, similar to the other views.
Hi @Tut, I found your arguments a little weak, therefore I thought you were not understanding. In any case, the screenshots could help someone else.
I have a software development background and the change should be a simple one to do. It’s filtering a list according to the user’s permission. This same criteria is used in a similar view within the system, hence it should be even easier.
However, in my views, the issue we are discussing is an important one regardless of how hard/easy it is to implement. The system is allowing someone without authorization on one bank account to see some movements on that account. That could be a major breach if, for example, the salaries of a team are being categorized.
Your arguments are weak in my opinion because if I decide to do my books once a month and import, let’s say 300 transactions, why am I force to categorize them all at once to avoid my other administrative employees see those transactions? Why can’t I do 100 transactions on one day, 100 on the following and 100 on the 3rd day? Why do I have to run the risk of someone seeing what they shouldn’t? The system is clearly providing a tool to limit what some users can see, well, in one particular view it is failing to achieve this which in a way defeats the purpose of having the permissions in the first place.
As an ex software developer, I see this more as an oversight from the developer where he/she didn’t apply the user permissions on one particular view.
Thanks for your comments, but I believe this is a serious matter.
@germanliu I agree that this requires attention. It may not be necessary to hide this link, but when the link is triggered a permission check should be done. My concern is that a tech savvy user may notice the url link on a Business where he has access to Uncategorized transactions and then enter this url manually for the business where he does not.
I’m not sure how the system is developed so it is hard to say However, what we are talking about is a permission check which shouldn’t be a bid deal in my experience. Specially considering that a similar filtering is already being done in another screen.
Anyway, I’m more or less new to manager and love it to be honest. Is there a way we can get the developer/product manager attention to this issue? It would be nice to get it sorted since there is a potential breach of information.
Looking forward to some guidance and thanks everyone again!
You cannot do that, @germanliu. Only the developer and moderators can. In this case, @Ealfardan (a moderator) put the topic into ideas; then the developer moved it to bugs.
However, what we are talking about is a permission check which shouldn’t be a bid deal in my experience. Specially considering that a similar filtering is already being done in another screen.