Read only role has access to save in budgets and banks.

4Site

Support Request System

View Patch #50.001.035

Description

Patch ID:

Date Implemented:

Patch Title:

Patch Type:

Request IDs:

Bug

Enhancement

Other

01853 - Security issues - some bank and acct options available to Read Only

Symptoms:

Solution:

In General: Test if the current login user (role) has Read-Only access, and if so, disable the appropriate command buttons and menu options.
The following controls were disabled for the read-only role:

In Accounts app:
- on form acMain:  disable File menu option "Year End Closure..."

In Accounts app, Equipment app, disable:
- on form budFind: command buttons "New Budget". "Delete Budget" "Copy from Another Budget", "Apply Budget"
- on form budDef   command buttons "Save and Go", "Save and Stay", "Delete"

- also in budDef.Form_Unload():
if changes made to budget, test whether current user   (role) is read-only and if so inform of insufficient permissions to save changes, and ask if OK to close form.

In Equipment app:
- remove code that disables the Equipment Budgets and Cost Centre Budgets menu options for read-only access, since the Read-only role should be allowed to view budgets - The Create,  Save, Delete budget functions are now restricted to the Read-only
role by disabling buttons on the appropriate forms
(i.e. budFind, budDef)

In Bank app, disable:
- on form bkMain   disable File menu option "New Bank", and
command button "New Bank",
- on form bkBank   disable command button "Save"

Browse Patches Find a Patch Return to Request System Menu

View a printer friendly version of this page