Ideas for Acumatica

Feedback processing: We do not reply to all messages, but we do read them, analyze them, and work to improve Acumatica based on the feedback we receive. Ideas and comments may not appear immediately. Some legitimate ideas are flagged as spam and will be added when we review the spam folders.
Content: This portal is for product ideas and feedback only. If you need customer service assistance, contact your Acumatica Support Partner, submit a support case, or get assistance from community resources: LinkedIn Group or StackOverflow
No Reliance: Information is maintained on a best-efforts basis and may be changed without notice. Acumatica cannot guarantee the accuracy of the information provided or guarantee completion of features/ideas described on this portal.

User Security Default Access - Not Set

Currently, when you create a new Screen, ARM Report, Report Designer Report, Generic Inquiry, etc., all User Roles get Access Rights of Not Set. This is fine.

 

What is not fine is that when all User Roles have Access Rights of Not Set (which is the default behavior), then EVERYONE gets access.  This is totally unexpected and dangerous.

 

You have to explicitly define security for at least one User Role on a screen to something other than Not Set for Acumatica to remove permissions for all User Roles that have Access Rights of Not Set. Confusing? Yes!

 

It would be better (in my opinion) if, when all User Roles have Access Rights of Not Set, then nobody gets access. That would be the default behavior and what people expect when they create a new Screen, ARM Report, Report Designer Report, Generic Inquiry, etc.

 

Let's take the Access Rights by Screen (SM201020) screen as an example. I might have just created a brand-new report called Trial Balance Summary. By default, all User Roles get Access Rights of Not Set like this:

 

 

The problem is that I just inadvertently gave all Acumatica users access to my new Trial Balance Summary report. Even worse, I might not have even realized it. Oops!

 

It would be so much better (in my opinion) no Acumatica users got access to my new Trial Balance Summary report by default.

  • Tim Rodman
  • Sep 5 2019
  • Future consideration
  • Attach files
  • Terri Powell commented
    17 Feb 02:38am

    This is much needed to prevent the accidental visibility to sensitive data. Like contributions/donations!

  • Jeff Waldron commented
    30 Jan 01:03pm

    Not sure why this is even an "idea" and not a major security risk that needs patched yesterday!

  • Vladimir Panchenko commented
    29 Jan 10:31pm

    Good point. We'll think about making such a change in future versions.

  • Nut Y commented
    9 Jan 08:12am

    i am in. 

  • Nut Y commented
    9 Jan 08:12am

    i am in. 

  • Seth Kuhn commented
    24 Oct, 2019 03:47pm

    I would also add, that giving everyone access by default can create issues "down-the-road," when you go in and add even one restriction to a screen that has everything "Not Set"...then everyone else loses access. That sysadmin trying to simply restrict one person or user role might not know everyone who should have access, but has now taken everyone else's access away. Another reason that it's better to require that access be granted, in the beginning, helps prevent future issues.

  • Michael Robinson commented
    11 Oct, 2019 04:04am

    When it was explained that "not set" defaulted to "allow" I couldn't believe it.

  • J Whiting commented
    30 Sep, 2019 04:00pm

    100% agreed.

     

    Adding to this - users with the Administrator role should default to "Granted"/"Delete" access on all new features and reports. This matches the industry standard of admins having system-wide access. It also avoids the problem potentially introduced above of admins creating a feature, then being locked out of it until they manually change the permissions.

  • Joel Gress commented
    9 Sep, 2019 12:41pm

    100% Agreed.  When I create a new object (report, query, etc.) users should not have access until I grant it.