Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Out-of-the-Box Security - Needs Work?
12-06-2017, 12:37 AM, (This post was last modified: 12-06-2017, 12:45 AM by VortecCPI.)
#13
RE: Out-of-the-Box Security - Contract
(12-06-2017, 12:33 AM)falkoner Wrote: Personally I would be against this. Take GL transactions as an example. I have worked in and managed many accounts departments over more than 35 years, and it is very common to have entering of Payments and Receipts done by different members of staff, likewise with journals and statement matching. One token for all these options would mean all those users had access to all the transactions.

Collections of tokens should represent a job role within the company. We have created some common roles, and allocated tokens to these roles to match an "average company", though I am not sure such a thing exists. Where we have come unstuck, is as you point out, that a number of scripts have the wrong token attached to it. But if that were corrected I would still believe we were on the right lines.

As I said before whenever I am doing a new implementation for somebody I sit down and create a custom ACL for that company. No two of these are the same, though I often use an existing one as a starting point. This isn't a trivial exercise for a company with more than a handful of employees, but as I tell my customers, that is why they need to pay an expert to help them Smile This does mean that I tend to ignore any oddities in the default, when perhaps I should be fixing it.

Tim

Tim,

After more thought and seeing it all laid out I agree with you. User context and rights often has little to do with Module/Section page layouts, just as DB schema often does not coincide with real-world objects. In our case we don't need a lot to get started as our business is run by owners and divided between Procurement/Production and Accounting (AP+AR). We may not even let our salesman owner have access to webERP, though it would be nice if the ACL was tight. He spends all his time in SuiteCRM, which is where he belongs. We may end up updating SuiteCRM from webERP once the integrations are under way.

Again I am out of my comfort zone because I just don't have intimate knowledge of all the page names and how they play and relate in context to Tokens and Roles.

I think the Tokens out of the box are good, as are the Roles, but we just need to get them tightened up.

Thank you for all your help and insight into this issue.

Paul
https://www.linkedin.com/in/eclipsepaulbecker
Reply


Messages In This Thread
RE: Out-of-the-Box Security - Contract - by phil - 12-05-2017, 05:11 AM
RE: Out-of-the-Box Security - Contract - by VortecCPI - 12-06-2017, 12:37 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)