No, you have repeatedly totally missed the topic’s point with your obsession with what the tick box currently does rather then what it should be doing…
Yes, but they had no choice to do anything else which is the very valid point that this topic is about.
The programme “FAILS” to provide / extend the same selection restriction to the Cash Account Summary as it does to the Cash Account.
If you re-read the topic s l o w l y you will understand that the cash account summary (as currently selectable) is allowing backdoor entry to a cash account which the user hasn’t been given permission.
User B only has permissions to Cash Account “b”.
When User B goes to Reports > Cash Summary Report they can see all Cash Account Reports.
If User B selects Cash Account “a” report, they can drill down on the report’s totals and Edit / View transactions within Cash Account “a” which they have no permissions for.
While the permissions are currently controlling the front door they aren’t protecting the backdoor.
If restricted users can gain access to areas which they don’t have permissions isn’t a bug, I’ll be buggered. Or as @compuit put it "As things stand if (access) can be exploited by a user it is a “bug”.
Let me be perfectly clear, @Brucanna. I am not missing any point at all. @San_Thida_Myo_Latt did not fully explain the concern until post #11. In post #12, I explained the program would not allow the level of selectivity desired. After you categorized the topic as a bug, I expressed my opinion that it might be considered more of an idea, since the program works as designed. In post #17, I acknowledged that users might wish for better control and elaborated on what full access implies. I am and was fully aware that the current design creates something of a “back door.” I did not defend it; I only explained it.
Call it what you like, the program’s behavior is not due to erroneous code syntax, mis-referenced variables, bad data calls, incorrect handling of database contents, calculation errors, or any other mistake of that type that a programmer would consider a bug. It simply lacks the level of sophisticated permission structure some users would appreciate. But the structure that is there works exactly as it was intended and designed. Subsequent additions to the program might have made the design inadequate for some users’ needs. But that is no more a bug than your wish for production orders with multiple finished inventory items is a bug. That’s an idea that will make the program better. So is this.
Yes you are:
Firstly in post #1@San_Thida_Myo_Latt clearly stated the topic’s issue with these points:
(1) “User had limited access to specific cashbook”
(2) “at cash account summary report (the) user can see other cashbook”
The context of those two points never changed, it just that you didn’t understand the full issue until after an expand illustration was provided in post #11, and this is highlighted by your comment in post #10 “nothing is wrong”.
It is widely understood that user permissions aren’t perfect and that is recognised in my opening statement in post #13 “The problem here is that Manager lacks consistency in that it initially allows selection of restrictions, but fails to continue that restriction selection process through to other choices”. Note the “lacks consistency”.
The very valid point that @San_Thida_Myo_Latt was drawing to the attention of the developers was this, that while Manager allows the administrator to create user restricted permissions at one level, the administrator can’t extend those same user restricted permissions to other levels, therefore the user can circumnavigate the administrator.
You repeatedly stated that the programme is working as intended. Then perhaps you would like to explain to the Auditors, we placed restrictions on User B limiting them to Cash Account (b), but because the programme was working as intended User B was able to access Cash Account (a) and corrupt the transactions. This highlights the pointlessness of your “working as indented” assertion.
But the biggest point you are missing is this, the Manager Forum is in part an opportunity for Users to convey directly to the developers their observations and experiences from their day to day use, as in this topic. When Users are communicating these observations and experiences in a factual and substantiated way, they are talking to the developers - NOT YOU, therefore it is not an opportunity for you to question and belittle their contribution because of your limited “personal perspective”.
Furthermore, I made this topic a bug because it added to the already known failings of the permissions, fixing a permission failing is not a “new” idea.
To add to this I would say, @lubos himself is very much aware of the need to improve the permission function in Manager. For example, a limited user given permission to Customers Tab but not given permission to the Sales invoices Tab can still edit, clone, etc a sales invoice right inside the Customers Tab. So hold your fire people.
I have tested the improvement and it works perfectly, I have been chasing for this for a long time, well done @lubos we are grateful. There is more room for improvement in user restrictions though. We will provide you with more ideas soon
We have just updated to Ver 19.11.11 and I revisited permissions and what I see is a huge improvement, big thank you. Tomorrow morning the crew will test and I will too update with feedback here. Very happy memorized links are shutdown if permission is not allowed for a particular user.
The user restrictions worked exactly as expected and the ability to disable the delete function caused an upheaval in the team but I smiled quietly with satisfaction - A pristine job.
I think something isn’t right as programmed. Please enlighten me.
I found that if particular Cash Account named "A’’ and Receipts and payments is enabled for a user with access to Customer then he can still see all Bank Account transactions and other Cash Account transaction. Is it supposed to work this way?
@raj, your question is not clear. To know whether things are working correctly, you need to describe all permissions of the user. All you have said is that “A” and the Receipts & Payments tab are enabled and that the user has access to the Customers tab (at least, I think that is what you mean). What else is the user allowed access to? What level of restrictions on everything? Show a screen shot of the user setup.
@raJ, if you give user access to customers tab then user will be able to see ledger for customer which will include all transactions that make up the balance. Do you have actually use case when this hurts? Nothing is written in the stone, user permissions are being constantly calibrated so if something needs to change, it’s important to explain how current implementation is not suitable to you.
Reading between the lines I think what @raJ is saying is this.
User has been given access to Cash Account “A” and Customer tab
If the user drills down on Customer “B” and they have both Cash Account “A” and Bank Account “C” transactions then the user can “see” (their word) those Bank Account “C” transactions.
“Seeing” the Bank Account “C” transactions being listed shouldn’t be an issue, however, if they can access (edit mode) those Bank Account “C” transactions then the permissions are being circumnavigated. This is what @raJ needs to clarify.
Yeah, currently you cannot edit transactions in a bank account you are restricted from. In order to show correct customer balances, all transactions related to that customer has to show in the customer’s ledger.
.