Community
Showing results for 
Search instead for 
Do you mean 
Reply

Continued security issue with users/notes/histories

Nickel Super Contributor
Posts: 2,493
Country: USA

Continued security issue with users/notes/histories

Customers complain every week, and I have lost sales as a result, about emails, notes, histories, etc., between users being visible to everyone.  Could we not have teams set up to include users and exclude reps, as an example, from notes relating to management?  Thanks, Brenda Dixon
Brenda Dixon
ACT! Certified Consultant
Dixon Consulting Solutions
404-405-4116
brenda@dixonconsultingsolutions.com
www.dixonconsultingsolutions.com
www.GoToAssist.com/sb/dixon (FOR SUPPORT)
Moderator
Posts: 4,395
Country: USA

Re: Continued security issue with users/notes/histories

[ Edited ]

Access level is contact based.  This will have to be submitted as a feature request.

 

Message Edited by dlunceford on 08-19-2009 02:37 PM
Platinum Elite Contributor
Posts: 14,384
Country: Australia

Re: Continued security issue with users/notes/histories

Brenda,

 

If you are referring to the Notes/Histories/Emails for User records, I have a plugin that makes all sub-items Private when only linked to user records... it leaves them open when linked to other contacts

 

Would that help?

Nickel Super Contributor
Posts: 2,493
Country: USA

Re: Continued security issue with users/notes/histories

That sounds like a great tool.  How does it work, how much, how do I get it, etc.??  Thanks, Brenda
Brenda Dixon
ACT! Certified Consultant
Dixon Consulting Solutions
404-405-4116
brenda@dixonconsultingsolutions.com
www.dixonconsultingsolutions.com
www.GoToAssist.com/sb/dixon (FOR SUPPORT)
Bronze Elite Contributor
Posts: 2,547
Country: New_Zealand

Re: Continued security issue with users/notes/histories

This is a significant failing in the Access Control List (ACL) design of ACT! and limits the products acceptance. We always advise users of this 'feature' in ACT! user training classes. In my view it is the # 1 thing that needs fixing . I strongly disagree David, it cannot be passed off as if it were a yet to be provided feature. It is a serious ACL design flaw that affects the products acceptance and undermines ACT! as a trusted information store in a workgroup setting.     

Graeme Leo
Xact Software - consultants and developers
Follow us on Twitter and check out our Blog


Platinum Elite Contributor
Posts: 14,384
Country: Australia

Re: Continued security issue with users/notes/histories


dixon7 wrote:
That sounds like a great tool.  How does it work, how much, how do I get it, etc.??  Thanks, Brenda

It's a little plugin in the Plugins folder. Set and forget

We charge a fee for the site, depending on number of users

Contact me via email for prices

If you don't have my email, send via: http://www.glcomputing.com.au/contact.php

Platinum Elite Contributor
Posts: 14,384
Country: Australia

Re: Continued security issue with users/notes/histories


gleo wrote:
This is a significant failing in the Access Control List (ACL) design of ACT! and limits the products acceptance. We always advise users of this 'feature' in ACT! user training classes. In my view it is the # 1 thing that needs fixing . I strongly disagree David, it cannot be passed off as if it were a yet to be provided feature. It is a serious ACL design flaw that affects the products acceptance and undermines ACT! as a trusted information store in a workgroup setting.     

Now ACLs are in Opportunities (2010), might be something looked at for other sub-items... although would need a few controls to automate as users would want to take them time to set access on every note/history

 

Our plugin could be modified with any specific rules... but only Private/Public are options right now.

 

From a security point of view, I'd like to see user records able to be Private/Limited Access (with Admins and Managers always having access)

Bronze Elite Contributor
Posts: 2,547
Country: New_Zealand

Re: Continued security issue with users/notes/histories

It's helpful if a plugin can go some way towards alleviating the problem but it is a stopgap measure. People need at least to be aware that user records (My Records) are mandatory Public and all the correspondence contained within them, by default, Public. Making items Private locks the door to that item to all but the Record Manager. It solves the problem of unconscious attachment of confidential items to public records and the ensuing embarrassment but is counter to a structure of controlled collaboration that a sound access control policy provides for.

 

A guideline for practical control to document access, email etc should be the 'paper office' equivalent of a filing cabinet that management hold the keys for, passing a key to trusted individuals or a senior management team. Inherent in the paper office equivalent is the capability to also withdraw the rights without having to rebuild the office!  If you like a practical and managed Team Privacy.

 

To introduce these changes is complex and expensive to introduce retrospectively in an upgrade. I would think that a structured migration process would need to be designed to deal with the complexity of moving older databases to a more granulated advanced Access Control List (ACL). Not only does the process need to be faultless, business/database owners would need to be educated in the change and make business decisions on how they are going to implement the new ACL. That precious commodity is being asked of clients..."Stop, Listen, Understand, Plan, Proceed"....SLUPP is often in short supply these days...:-) 


The problem for Sage ACT!, the company, is the short version life cycle. Upgrades are too frequent. Upgrade release is dictated by marketing and upgrade cycles need to be longer, NOT every 12 months. Changing the ACL so radically and making it work retrospectively for existing databases would be a huge call on development resources. It would need to be thoroughly tested so as to avoid major problems for existing databases and the bad press that would potentially generate. Many marketing people within the business wouldn't see it as a sexy new feature...It's hard to sell a patch. However enlightened management hopefully would see it as a step to retain customers and indicate to the marketplace that ACT! is a serious contender and looks after it's install base of loyal followers.

 

Bottom line....It needs to be done, putting it off just extends the problem. Please do it.

Graeme Leo
Xact Software - consultants and developers
Follow us on Twitter and check out our Blog