06-06-2010 05:43 PM
Hi, I'm currently pulling my hair out at this particular issue.
I am assisting my client with pinning down user access among other things. We have 2 main admins, myself and my client, then we have standard users with permissions removed so that records can't be deleted, only added. Also, our main database is 15000 records and climbing.
What we're trying to achieve is my client having overall access to everything on the 'master' database (local admin access is fine here...), and 2 remote databases linking to the master (already set up and installed on their respective machines).
One remote database where users can view all files, add records, not delete and can view all histories, (sorted by way of 'everything' sync set) and
a second limited remote database where users can view only records they created (this bit is done by way of sync set rules using 'record creator'), can view histories, not delete contacts but can add new ones.
My problem is that the standard users on the second remote database (with reduced permissions) can lookup the contact name of the main admin or even myself and see the histories, emails, attachments for contacts that they don't exist in their remote contact list! This defeats the point of cutting their access in the first place!
I have tried making the admins 'limited' but the options for changing those are greyed out, even while logged in as either admin...
The histories need to be present so that the first team using the first remote database can view what they need to, so we can't make those private.
I know we can make a lookup query that allows me to select records 'not' created by the 2nd team, but is there a way to limit who views the history to the admins and the first remote team?
Craig @ Techspress
06-06-2010 06:37 PM
I have just tried to exlude certain users (since they appear as 'contacts' in the remote database) from being included as a contact in the sync set , but this hasn't worked either. The database has ignored my extra requirement, I presume because it wants all users to be accessible.
Any help on this would be gratefully received...
Craig @ Techspress
06-07-2010 02:12 PM
Unfortunately, there are no current options that will allow the exclusion of User records from remotes or options for setting security levels (Private/Limited Access) on them.
06-07-2010 04:35 PM - last edited on 06-07-2010 05:01 PM by ghollister
Well, thats all good and well, but Act! is a very expensive program and fails epicly on what is considered basic security. Why on earth would staff who develop sales and contact orientated software be under the misguided belief that sales colleages 'should' have access to each others histories to pilfer at their hearts desire, or that the CEO of Megacorp PLC wants the weekend summer temp to have access to invoices and emails that is meant for directors only? This is pretty poor guys. Rather than telling me that it wont work, perhaps use some of the 2.5 million customers annual subscription fee to fix the incredibly obvious flaws that after further searching, have been at the center of complaints for over a year. Dare I say that at the moment, Google, is starting to look comparative. After setting up a database with permissions, restrictions, remotes for overseas (sending 700mb+ remote files by the dozen to Dubai via file transfer whenever Act! falls on it's backside is becoming tiresome too), sync sets, email linking, to find that I have to have multiple databases instead to limit the history abuse, which in turn means loads more remotes and reconfiguring... I'm sure you see where I'm going with this. I do apologise for coming across a little but I'd rather say it how it is that beat around the bush. Regards Techspress
[Edit: Content removed. Violation of Community guidelines]
06-07-2010 04:57 PM
I understand your concern regarding the user records, but it is neccessary for the contact records that the users are associated with to be publicly accessible. Knowing this, there is a workaround that can be used. Have your users create standard contact records (non-user) for themselves and use those for the emails, history, notes, etc instead of the user-associated records. That way their information can have controlled access and be excluded from a sync set. Once you have created these records you can go to Tools/Copy Move Contact Data to transfer the existing data from the user records to the standard contact record. You can also rename the user contact records so there will not be duplicates in the database.
Note: Effective 6/1/13, Sage no longers provides support for the Act! software. This is now provided by Swiftpage.
06-07-2010 05:45 PM
06-07-2010 07:53 PM
The history is matched on email address. The only way to accomplish this would be to place the accurate email address on the second (duplicate) record and nothing on the main contact record.
I do have an concern with your overall database design. You will burn twice as many licenses as necessary and you will only prevent accidential database misues, not malicious database misuse.
These might be better accomplished with properly configured database security, proper training and an ACT useage policy appropriate for your organization.
06-08-2010 03:59 AM
Hi, thanks for your response, there are a couple of things I would like to clarify first...
You mention that the history is matched on email address, does this mean that the contact record for each 'user' means nothing? Leaving an email address out of the 'user' contact record and adding that users valid email address to a second record means the secondary contact record recieves all the user history?? i.e. records being deleted, admin changes being made to teams etc?
You also mention that you are concerned with the overall database design... I am struggling to see how there is a problem with the design of it but I am always open to ideas and suggestions.
Master-Database - 15000 contacts - 2 admins, internal team set as standard users (reduced permissions) use Act! for Web Premium portal on local network
Remote-Database - 15000 contacts with 'everything' sync set with standard users (reduced permissions) - Office 1 - Local network access
Remote-Database - 3000 contacts with 'limited' sync set (via record creator lookup) with standard users (reduced permissions) - Office 2 - Local network access
Remote-Database - 3000 contacts with 'limited' sync set (via record creator lookup) with 'limited' sync set with standard user (reduced permissions) - External - Rep 1
Remote-Database - 3000 contacts with 'limited' sync set (via record creator lookup) with 'limited' sync set with standard user (reduced permissions) - External - Rep 2
Remote-Database - 3000 contacts with 'limited' sync set (via record creator lookup) with 'limited' sync set with standard user (reduced permissions) - External - Rep 3
Remote-Database - 3000 contacts with 'limited' sync set (via record creator lookup) with 'limited' sync set with standard user (reduced permissions) - External - Rep 4
Having limited the various users, how would the user cause malicious damage? I thought that's what the restrictions were for? You also mentioned the burning of the licences than would be required... please explain?
Again, any foresight would be great. I've been a user of Act! for just over a month and pretty much starting everything from scratch with an open mind.
Many regards and thanks for the assist.
06-08-2010 06:26 AM
As far as outlook is concerned when trying to match an email to a record, it looks for email address match. It you have the same email address on two records, it will attach to both records.
Your latest email helps clarfiy greatly, thanks. I misunderstood to think you were creating a database with full permissions and another databae with restricteed permissions that users would switch between.
From your descriptions, I do believe you are approaching the tack in what seems like the best way possible.
The concern over malicious damage stems from this. If a user can see a record, they can change a record. Since all user "My Records" are public. this could lead to a security concern.
I"m sending you a private message also. Please check your icon at the top of this screen.,
06-08-2010 09:19 AM
Thanks very much for the prompt response.
I've replied to your PM, hopefully hash out a few niggles :-)
Question regarding the history, I understand that emails etc can be moved to a secondary contact, but what about the administration changes i.e. deletion of records etc? Are these included?