中文|English

2BizBox ERP

View unanswered posts | View active topics It is currently Sun Oct 22, 2017 8:10 pm



Reply to topic  [ 5 posts ] 
 SECURITY CONCERN - User: "Base Roll" (Public Permissions) 
Author Message
Registered User

Joined: Tue Aug 21, 2012 5:57 am
Posts: 168
Location: Long Island, NY
Post SECURITY CONCERN - User: "Base Roll" (Public Permissions)
Hi Everyone,

Not sure if you realize this, but it seems "Base Roll / Public Permissions" allow User to "view"

Chart of Accounts, Company Settings, Company Accounting Settings (in part), and many of the settings under the "General" tab of the "Control Panel. Seems they can even "modify" System User Groups through this area

Shouldn't this level of User be restricted from the "Control Panel" completely?

Just thought you might take a look when time permits.

Regards,

Doug


Mon Nov 16, 2015 9:26 am
Profile
2BizBox Team
2BizBox Team

Joined: Thu Apr 26, 2012 8:00 pm
Posts: 312
Post Re: SECURITY CONCERN - User: "Base Roll" (Public Permissions)
This is base role. We give view permissions to base role without changing anything. What do you think it should be ?


Tue Nov 17, 2015 12:45 am
Profile
Registered User

Joined: Tue Aug 21, 2012 5:57 am
Posts: 168
Location: Long Island, NY
Post Re: SECURITY CONCERN - User: "Base Roll" (Public Permissions)
Hi Gloria

It just struck me as very inappropriate for a User with the most limited system access to view all this information, and I personally feel this access should be restricted for a "Base Roll" User - or at least give the System Administrator the option to override what I believe are default system privileges?

If there is in fact a way for the System Administrator to revise the "Public Permissions" Folder that I am somehow missing, it would be most appreciated if you could please advise how to do so.

Thanks and regards,

Doug


Tue Nov 17, 2015 4:20 am
Profile
Registered User

Joined: Tue Aug 21, 2012 5:57 am
Posts: 168
Location: Long Island, NY
Post Re: SECURITY CONCERN - User: "Base Roll" (Public Permissions)
URGENT REQUEST!

Further to my original post, it seems that a "Base Role User" can also "Update" and "Delete" both "Users" and "User Groups" in the "User Group Management" section of the system.

I really hope someone can take a look at this (Public Permissions) as soon as possible and fix this obvious problem - and while doing so, please also restrict a "Base Roll User" from accessing the "Control Panel", where they can "view" potentially sensitive information (my original request)

It would be most appreciated!

Thanks and regards,

Doug


Thu Mar 09, 2017 3:24 am
Profile
Registered User

Joined: Tue Mar 22, 2011 6:48 am
Posts: 93
Post Re: SECURITY CONCERN - User: "Base Roll" (Public Permissions)
what happen the download link is not working why company stop releasing and updating the ERP can anyone have the copy to share me version 4.5.1


Sat Aug 19, 2017 1:00 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 5 posts ] 

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.

© 2BizBox All rights reserved