02-24-2009 03:33 PM
Hi,
I am seeing a strange issue. Please let me know if anyone is able to reproduce it.
We set up our database such that each user has access to contact records based on ACT team membership. We also set up new record creation options to create limited access contact records. However, if the layout a user is using (while creating the new record) doesn't contain the Access Level field then the new record created is set to public access. If the same user creates a record on a layout that has the Access Level field, then the new record created has the correct limited access. This happens regardless of the user role (Admins or Standard users).
FYI - We have removed the Access Level field from all layouts except the Admin layout so that users do not change access levels (either on purpose or on error). I know that the users have access to all layouts and can go change Access Level if they really wanted to.
Thanks,
Sudha
02-25-2009 04:43 AM - edited 02-25-2009 07:53 AM
You may have discovered a real problem here, because I've just reproduced the exact same situation.
I loaded the default ACT 1024x768 layout, and then removed the Contact Info Tab which contained the "contact access" fields.
Then I set the StartUp Preferences to be that all new contacts were to be created with Limited Access.
Except when I created a new "Test" contact, it was created with Public Access.
When I created a second Test contact with my normal layout, it had Limited Access.
Now in my case I was using an RDB file, but that should not make a difference.
I am not certain which ACT! version Sudha is using, but I am using ACT 11.1.
I agree with Sudha, this is "strange". More importantly, though, this a troubling security loophole that easily allows a user, simply by editing a contact layout, to strip away all record creation security, forcing all new contacts to be created with public access.
A little alarming.
Kq\
02-25-2009 06:00 AM
Hello,
I have duplicated the issue you described and have reported it as an issue for further research. I will provide an update if the status changes or if an alternative workaround to this issue is identified. I apologize for any inconvenience this issue may cause.
02-25-2009 07:54 AM
02-25-2009 08:52 AM - edited 02-25-2009 09:07 AM
Thank you Kquigley and David.
We are using ACT! by Sage Premium 2009 (11.0) Version 11.0.0.367 (On Client machines).