Ideas for Acumatica

Feedback processing: We do not reply to all messages, but we do read them, analyze them, and work to improve Acumatica based on the feedback we receive. Ideas and comments may not appear immediately. Some legitimate ideas are flagged as spam and will be added when we review the spam folders.
Content: This portal is for product ideas and feedback only. If you need customer service assistance, contact your Acumatica Support Partner, submit a support case, or get assistance from community resources: LinkedIn Group or StackOverflow
No Reliance: Information is maintained on a best-efforts basis and may be changed without notice. Acumatica cannot guarantee the accuracy of the information provided or guarantee completion of features/ideas described on this portal.

User Security Default Access - Not Set

Currently, when you create a new Screen, ARM Report, Report Designer Report, Generic Inquiry, etc., all User Roles get Access Rights of Not Set. This is fine.


What is not fine is that when all User Roles have Access Rights of Not Set (which is the default behavior), then EVERYONE gets access.  This is totally unexpected and dangerous.


You have to explicitly define security for at least one User Role on a screen to something other than Not Set for Acumatica to remove permissions for all User Roles that have Access Rights of Not Set. Confusing? Yes!


It would be better (in my opinion) if, when all User Roles have Access Rights of Not Set, then nobody gets access. That would be the default behavior and what people expect when they create a new Screen, ARM Report, Report Designer Report, Generic Inquiry, etc.


Let's take the Access Rights by Screen (SM201020) screen as an example. I might have just created a brand-new report called Trial Balance Summary. By default, all User Roles get Access Rights of Not Set like this:



The problem is that I just inadvertently gave all Acumatica users access to my new Trial Balance Summary report. Even worse, I might not have even realized it. Oops!


It would be so much better (in my opinion) no Acumatica users got access to my new Trial Balance Summary report by default.

  • Tim Rodman
  • Sep 5 2019
  • Future consideration
  • Attach files
  • Colin MacMillan commented
    18 Jun 10:26

    Agree with J Whiting suggestion. Probably most straightforward way to deal with this issue.

  • Terri Powell commented
    17 Feb 02:38

    This is much needed to prevent the accidental visibility to sensitive data. Like contributions/donations!

  • Jeff Waldron commented
    30 Jan 13:03

    Not sure why this is even an "idea" and not a major security risk that needs patched yesterday!

  • Vladimir Panchenko commented
    29 Jan 22:31

    Good point. We'll think about making such a change in future versions.

  • Nut Y commented
    09 Jan 08:12

    i am in. 

  • Nut Y commented
    09 Jan 08:12

    i am in. 

  • Seth Kuhn commented
    October 24, 2019 15:47

    I would also add, that giving everyone access by default can create issues "down-the-road," when you go in and add even one restriction to a screen that has everything "Not Set"...then everyone else loses access. That sysadmin trying to simply restrict one person or user role might not know everyone who should have access, but has now taken everyone else's access away. Another reason that it's better to require that access be granted, in the beginning, helps prevent future issues.

  • Michael Robinson commented
    October 11, 2019 04:04

    When it was explained that "not set" defaulted to "allow" I couldn't believe it.

  • J Whiting commented
    September 30, 2019 16:00

    100% agreed.


    Adding to this - users with the Administrator role should default to "Granted"/"Delete" access on all new features and reports. This matches the industry standard of admins having system-wide access. It also avoids the problem potentially introduced above of admins creating a feature, then being locked out of it until they manually change the permissions.

  • Joel Gress commented
    September 09, 2019 12:41

    100% Agreed.  When I create a new object (report, query, etc.) users should not have access until I grant it.