Ideas for Acumatica

Important! Please note that we do not reply to all messages, but we do read them, analyze them, and work to improve Acumatica based on the feedback we receive.
This portal is for product ideas and feedback only. If you need customer service assistance, please contact your Acumatica Support Partner or submit a support case.  You can also get assistance from community resources:  LinkedIn Group or StackOverflow
No Reliance: Information is maintained on a best-efforts basis and may be changed without notice. Acumatica cannot guarantee the accuracy of the information provided or guarantee completion of features/ideas described on this portal. 

User Security Default Access - Not Set

Currently, when you create a new Screen, ARM Report, Report Designer Report, Generic Inquiry, etc., all User Roles get Access Rights of Not Set. This is fine.

 

What is not fine is that when all User Roles have Access Rights of Not Set (which is the default behavior), then EVERYONE gets access.  This is totally unexpected and dangerous.

 

You have to explicitly define security for at least one User Role on a screen to something other than Not Set for Acumatica to remove permissions for all User Roles that have Access Rights of Not Set. Confusing? Yes!

 

It would be better (in my opinion) if, when all User Roles have Access Rights of Not Set, then nobody gets access. That would be the default behavior and what people expect when they create a new Screen, ARM Report, Report Designer Report, Generic Inquiry, etc.

 

Let's take the Access Rights by Screen (SM201020) screen as an example. I might have just created a brand-new report called Trial Balance Summary. By default, all User Roles get Access Rights of Not Set like this:

 

 

The problem is that I just inadvertently gave all Acumatica users access to my new Trial Balance Summary report. Even worse, I might not have even realized it. Oops!

 

It would be so much better (in my opinion) no Acumatica users got access to my new Trial Balance Summary report by default.

  • Tim Rodman
  • Sep 5 2019
  • Attach files
  • Joel Gress commented
    09 Sep 12:41

    100% Agreed.  When I create a new object (report, query, etc.) users should not have access until I grant it.

  • J Whiting commented
    30 Sep 16:00

    100% agreed.

     

    Adding to this - users with the Administrator role should default to "Granted"/"Delete" access on all new features and reports. This matches the industry standard of admins having system-wide access. It also avoids the problem potentially introduced above of admins creating a feature, then being locked out of it until they manually change the permissions.

  • Michael Robinson commented
    11 Oct 04:04

    When it was explained that "not set" defaulted to "allow" I couldn't believe it.

  • Seth Kuhn commented
    24 Oct 15:47

    I would also add, that giving everyone access by default can create issues "down-the-road," when you go in and add even one restriction to a screen that has everything "Not Set"...then everyone else loses access. That sysadmin trying to simply restrict one person or user role might not know everyone who should have access, but has now taken everyone else's access away. Another reason that it's better to require that access be granted, in the beginning, helps prevent future issues.