New record contact access

support@ecenow.com · ‎02-24-2009

Hi,

I am seeing a strange issue. Please let me know if anyone is able to reproduce it.

We set up our database such that each user has access to contact records based on ACT team membership. We also set up new record creation options to create limited access contact records. However, if the layout a user is using (while creating the new record) doesn't contain the Access Level field then the new record created is set to public access. If the same user creates a record on a layout that has the Access Level field, then the new record created has the correct limited access. This happens regardless of the user role (Admins or Standard users).

FYI - We have removed the Access Level field from all layouts except the Admin layout so that users do not change access levels (either on purpose or on error). I know that the users have access to all layouts and can go change Access Level if they really wanted to.

Thanks,
Sudha

kquigley · ‎02-25-2009

You may have discovered a real problem here, because I've just reproduced the exact same situation.

I loaded the default ACT 1024x768 layout, and then removed the Contact Info Tab which contained the "contact access" fields.

Then I set the StartUp Preferences to be that all new contacts were to be created with Limited Access.

Except when I created a new "Test" contact, it was created with Public Access.

When I created a second Test contact with my normal layout, it had Limited Access.

Now in my case I was using an RDB file, but that should not make a difference.

I am not certain which ACT! version Sudha is using, but I am using ACT 11.1.

I agree with Sudha, this is "strange". More importantly, though, this a troubling security loophole that easily allows a user, simply by editing a contact layout, to strip away all record creation security, forcing all new contacts to be created with public access.

A little alarming.

Kq\

Message Edited by kquigley on 02-25-2009 07:56 AM

Message Edited by kquigley on 02-25-2009 08:02 AM

Message Edited by kquigley on 02-25-2009 10:53 AM

Ken Quigley, BA, MCSE, ACC, APT
Toronto, Ontario
www.keystroke.ca

dlunceford · ‎02-25-2009

Hello,

I have duplicated the issue you described and have reported it as an issue for further research. I will provide an update if the status changes or if an alternative workaround to this issue is identified. I apologize for any inconvenience this issue may cause.

kquigley · ‎02-25-2009

Thanx for the quick response time David. I look forward to your follow-up.

Ken Quigley, BA, MCSE, ACC, APT
Toronto, Ontario
www.keystroke.ca

support@ecenow.com · ‎02-25-2009

Thank you Kquigley and David.

We are using ACT! by Sage Premium 2009 (11.0) Version 11.0.0.367 (On Client machines).

Message Edited by support@ecenow.com on 02-25-2009 09:07 AM

New record contact access

New record contact access

Re: New record contact access

Re: New record contact access

Re: New record contact access

Re: New record contact access