Hi everyone, I’m not sure if this is a bug or the intended functionality.
I have a user that doesn’t have access to a bank account in the settings. When she accesses the receipts tab, she can’t see the movements from this account which is great! However, when there are “uncategorized receipts which can be categorized using receipt rules”, this user can click on the yellow message and see this uncategorized receipts which correspond to a bank account she doesn’t have access to.
If this is the intended functionality, I can’t understand why this works like this. She is basically seeing transactions from an account she doesn’t have access to.
Thanks in advance!
Di you set the rules for receipts and payments in settings as below:
My question is why are there uncategorized transactions? Someone did not complete a task.
Hi @eko, thank you. She doesn’t have access to Payment and Receipt Rules but still see the transactions when clicking the yellow sign. So I guess it is not related to that.
Hello @Tut, thank you.
There are several reasons why there can be uncategorized transactions. One is while I’m categorizing them, someone could join at the same time and see them. Another one is because I could leave some transactions uncategorized on purpose until I find out more information about them.
In my opinion, if a user doesn’t have access to a bank account, and doesn’t see the transactions in the Payments and/or Receipts Tabs, then that person shouldn’t be able to see the uncategorized transactions of the bank account her/she doesn’t have access to.
I’d appreciate your thoughts!
I have several related thoughts:
- First, Manager is designed to avoid discarding data already entered. That is why there are uncategorized transactions, the Suspense account, and so forth. I am not sure it is possible to design a complex program that can account for all the possibilities that might arise when functional tasks are interrupted or incomplete.
- Second, as a result, it is dangerous to leave tasks in that condition in a multi-user environment. If you abandon a task for any reason, you expose yourself to potentially unpredictable risks.
- Third, your practices are appropriate for a single-user environment. But when there are multiple users, you would be better off to complete the transactions—that is, to categorize them—and return to edit them later, if necessary. You are treating the database as your personal sandbox, but you have allowed others access to it. I’m not sure there is any way to guard against everything they might see while you temporarily turn your back.
Hello @Tut, I understand your comments but I don’t agree. I believe there is a security issue that should be addressed (it should be a simple fix).
If a user doesn’t have access to see the transactions in a bank account, they shouldn’t see them in any part of the system. It really doesn’t matter if a transaction from the bank account that the user doesn’t have access to is categorized as “bank expense”, “cost of good sold”, “suspense” or “uncategorized”. The user shouldn’t see it.
I don’t think this has nothing to do with the fact that I’m interrupting a functional task, but with the fact that a user is seeing transactions from a bank account that he/she doesn’t have access to.
I’ll prepare more screenshots to describe this better.
Hi @Tut, here is a more in depth thought with some screenshots as examples:
I have created a test company with a test user. There are two bank accounts, one Private (only administrator can see) and one Public (test user and administrator can view). This are the settings for the test user:
Admin can see everything:
However, test user can only see the Public Account:
When test user goes to the receipts tab, he can only see the movements from the Public Account either categorized and uncategorized:
But when he clicks on the yellow sign that says there are uncategorized receipts, he suddenly can see the transactions in the Private account that he doesn’t have access to. These transactions haven’t been categorized yet, but they were imported to either the Public or the Private account. In my opinion, this view should be adjusted to show ONLY the uncategorized receipts from the bank accounts that the user has access to. The test user shouldn’t be able to see transactions that were imported in the Private account:
When I click on “edit” in the transaction on the Private account, the test user can actually see it and categorize it, this also shouldn’t be allowed.
I hope this helps explain the situation and where I believe the system could be improved. In one of the views, the user should only see what he has access to, similar to the other views.
Thanks in advance!
While I appreciate your efforts, they were unnecessary. I understood your points from the beginning. My comments stand.
I wish I had a dollar for every claim I have read on the forum that a desired change will be simple. Most are not.
Hi @Tut, I found your arguments a little weak, therefore I thought you were not understanding. In any case, the screenshots could help someone else.
I have a software development background and the change should be a simple one to do. It’s filtering a list according to the user’s permission. This same criteria is used in a similar view within the system, hence it should be even easier.
However, in my views, the issue we are discussing is an important one regardless of how hard/easy it is to implement. The system is allowing someone without authorization on one bank account to see some movements on that account. That could be a major breach if, for example, the salaries of a team are being categorized.
Your arguments are weak in my opinion because if I decide to do my books once a month and import, let’s say 300 transactions, why am I force to categorize them all at once to avoid my other administrative employees see those transactions? Why can’t I do 100 transactions on one day, 100 on the following and 100 on the 3rd day? Why do I have to run the risk of someone seeing what they shouldn’t? The system is clearly providing a tool to limit what some users can see, well, in one particular view it is failing to achieve this which in a way defeats the purpose of having the permissions in the first place.
As an ex software developer, I see this more as an oversight from the developer where he/she didn’t apply the user permissions on one particular view.
Thanks for your comments, but I believe this is a serious matter.
@germanliu what you are saying makes sense. The system should actually hide what the user does not have access to.
Thank you for the message @Panashe_Mlambo ! I’d be interested to listen what others think as well.
@germanliu I agree that this requires attention. It may not be necessary to hide this link, but when the link is triggered a permission check should be done. My concern is that a tech savvy user may notice the url link on a Business where he has access to Uncategorized transactions and then enter this url manually for the business where he does not.
p.s. I would not assume this a simple or easy fix.
An simple fix that comes to mind if there was an intermediate screen after clicking the banner which takes you to a screen like this one:
No balances, no amounts, just counts and user permission can be enforced for each action/link.
Thanks everyone for the feedback.
I’m not sure how the system is developed so it is hard to say However, what we are talking about is a permission check which shouldn’t be a bid deal in my experience. Specially considering that a similar filtering is already being done in another screen.
Anyway, I’m more or less new to manager and love it to be honest. Is there a way we can get the developer/product manager attention to this issue? It would be nice to get it sorted since there is a potential breach of information.
Looking forward to some guidance and thanks everyone again!
The developer reads the forum.
So maybe someone with the privileges can put it into the the ideas category?
Thanks @eko, no idea how to do that!
You cannot do that, @germanliu. Only the developer and moderators can. In this case, @Ealfardan (a moderator) put the topic into ideas; then the developer moved it to bugs.