In version 25.3.12.2185 Manager, controls over access to master files appear broken.
Even when a user is not granted access to the Suppliers tab, they can still access supplier records when generating documents such as payments, receipts and invoice
Similarly, users can access all bank accounts in transactions, even if they have not been granted permission to access bank accounts.
Currently, when users are granted access to the Bank and Cash Accounts tab but no specific bank account is selected, they can still see the list of all bank and cash accounts, which should not happen. These same users can also use all existing bank accounts in transactions. However, if an admin assigns a specific bank account to such a user, only that particular account becomes visible and usable, which is the expected behaviour.
Something is broken. Users should only be able to see and use bank accounts if they have been explicitly granted access to the Bank and Cash Accounts tab and assigned specific bank accounts.
Additionally, when a specific bank account is selected under permission settings (after checking the Bank and Cash Accounts box), and later the “Bank and Cash Accounts” box is unchecked without clearing the selected account, the user still retains access to that bank account. Access to the supplier list should be restricted to users with view permission for the Supplier tab.
Similarly, Inventory, Fixed Assets and Customers should not be accessible to restricted users unless explicit access has been granted.
These issues compromise the integrity of the internal control system and require urgent attention.
If all the bank accounts granted to a user are deleted, the user will automatically gain access to all accounts because, by default, when no specific accounts are assigned, all accounts become visible. This is a loophole. The correct behavior should be that if no accounts are explicitly assigned, the user should see no accounts at all. In other words, users must only see accounts that are specifically granted to them, and if none are granted, they should see nothing.
I don’t believe this has always been the case, unless I somehow overlooked this loophole. Think about it: why should a user be able to access the supplier list and create transactions that can affect supplier balances in the system if they have NOT been granted access to Suppliers? It doesn’t make sense for users to perform actions on modules/master records and accounts they haven’t been explicitly authorized to access.
The term I should have used is “list,” not “records.” However, allowing a restricted user to initiate transactions that affect a customer’s or supplier’s balance without the required permissions is, in effect, equivalent to granting access to that customer’s or supplier’s records. What’s even more troubling is that a user can apply payments to invoices without having access to the invoices tab, the suppliers involved, or even the bank account used for the transaction. Surely, that is cause for concern.
My issue is this: suppose in the setup you suggested that I’ve given a user full access to Sales Invoices but no access to Customers, what exactly does that achieve?
If a user has full access to invoices, they also need at least view access to the Customer tab to work effectively. Their role typically goes beyond creating invoices as they may need to reconcile accounts, follow up on outstanding balances, or verify deliveries, all of which require access to customer information. Transaction makers always need at least view list access to master records.
So your question is impractical.
This is why I believe that although Manager accounting software permission design is the best I’ve seen, the permission tree (permissions interface) could still be improved. Presenting the modules in a grouped structure (parent and subsidiary modules) would make it more intuitive. For instance, “Customers” could serve as a parent module, and when selected, a sub-menu would appear with related permission options such as “Sales Invoices,” “Credit Notes,” and others, similar to how tabs are organized in the activation menu.
I dont think permissions settings are broken but what you want is another layer of restriction which should apply to lines and individual fields of transaction forms. You want a user to interact with certain accounts/items only. Thats upto developer if he wants to implement something like this or not. But the current issue you raised, i dont consider this a bug.
In this case all accounts and items should be empty because the user hasnt been granted access to any other tab. I think that’s what you want.
I’ve known it to work this way in the past, and I’m currently trying to find a post where @lubos may have announced any changes — if such changes were made intentionally.
I strongly believe that users should be able to see only the bank or cash accounts they are permitted to work with. Therefore, they should be explicitly granted access to those accounts in the Cash & Bank tab before they appear for use in transactions. Access to payments and receipts should not automatically expose all bank and cash accounts if permission hasn’t been granted yet.
This doesnt not happen. If you delete an account the Reference Id for that account still remains in the permissions so it doesnt automatically gives you permission to all accounts.
I think this is how it is still working. Just difference with what you suggested is that if you want a user to access all accounts you dont have to select any bank or cash account. Anyway i find it better this way. If i am giving someone access to payments or receipts i have to give them access to certain cash or bank account too which they can manage. So i would need to select at least one account for that user or if i want to give them access to all accounts i will not select any specific cash or bank account just check the tab.
But all this second layer of permissions were only for Bank and Cash accounts not for other tabs. Like you mentioned in your previous posts about the Suppliers.
The user permissions still need fine tuning such as if you select a Bank account in form defaults. Then restricted users will get that bank account on Payment or receipt form even if they are not allowed to interact with that account.
There is still room for improvements like placing certain filters within each tab for certain users. Placing filter lines and other fields on transactions form i dont know if that would be possible or not. Only @lubos can comment on that.
I never liked the way restricting bank accounts is implemented. I did it because it was very important for some businesses to be able to give users access to certain bank accounts only. But it’s not the right solution. There are some surprising mechanics, which is not good.
As for user permissions in general, currently, it’s implemented by selecting what screens users can see, can’t see, and what they can do on these screens. Yes, it needs to be improved. Some users want to further restrict what columns can be seen.
What @Abeiku is proposing is also logical, and I don’t see it as a replacement for what we currently have. I see it more as another layer. For example, if you restrict access to certain customers on the data layer, then Manager can still show you their invoices, but the customer name will say [Redacted].
This way, we keep it still somewhat visual. We won’t imply that if you don’t have access to customers, you can’t see anything that the customer could be possibly linked to. Customers can be linked to many things.
Anyway, this is not a bug, more like a feature request to extend user permissions by some kind of data layer. And I think the ability to select which bank accounts a user can access belongs to this “data layer.”
