03-03-2009 03:14 AM
I am using Act Workgroups 8, is there any way of recording a customers bank details by entering it once onto the system and then not being visible again unless permissions allow to?
If not, any ideas on how I can go around this? Is there any specialist software?
Thanks in advance,
03-03-2009 03:55 AM
Field level security was introduced with ACT 2008 (V10).
Available perrmissions are as follows:
- no read
- read & write
I am not aware of a "write, no read" permission, which is like what you describe, and I certainly don't recall any such field level functionality in the version you're using.
06-09-2009 01:19 PM
What "No Read" option in ACT 10?
There is none.
If there were, it would be fantastic. If a field could be limited to being seen by administrators, we could use ACT for storing credit card numbers on a secure server. Then only those users with admin status could see the numbers.
That would have been an excellent option. As the program works now, it does not comply with US security standards for storing personal data.
06-09-2009 01:30 PM
06-09-2009 01:43 PM
Too bad. We're a small company with only 4 users and the price point was considerably higher just to add that feature.
That would have been a valuable feature to offer with the standard ACT.
We have an addon for Act 6 which hides fields from any users but administrators. So basically, with that addon, ACT 6.0 is more secure than ACT 10.
06-09-2009 02:00 PM
The additional security is one of the main features of the premium version of the ACT! program.
In my 11 years in ACT! tech support, I never heard on a security addon like you referred to. Because there was no field level security capabilities built into ACT! 3-6, I would guess that I could defeat any security scheme very quickly. There were a couple of different field security schemes that I knew of, including the one I did using macros and field triggers, and all those could be defeated, including mine though it was one of the best.
If field level security is important, then you should consider moving to the premium version at your next upgrade.
06-09-2009 02:32 PM
For just that one feature, paying the additional money isn't worth it. We'll never have ten users which is the obvious advantage of premium and the one valid reason to price it much higher. We are also a service company so don't use any of the opportunity/sales features. It's just a fancy contact manager for us and one to which we can add the 800+ fields we use for our customer data. We install/service aquariums and much data is required per record.
Been with ACT since version 2. The addon was built for us for $50.00; vendor is no longer around. It was relatively easy with a FoxPro database. What it did was create a hidden tab within which we could place any field we created. If you aren't an administrator, you can't see the tab. Not the most secure as FoxPro databases are easily hacked but it keeps unauthorized employees from being able to see credit card numbers.
Any security feature can be disabled especially if someone can access the raw data in MS SQL. They can't on our server without knowing a domain admin password.
We have 4 users who enter/manage data in ACT and we have 15 employees who can access the data if someone leaves ACT open on a workstation.
I'm only worried about the employees, not the users, so we can lock the program using a 3rd party password solution or simply lock the user workstations with a hotkey. Problem there is a user needs to remember to close ACT, lock their workstation or lock the program, or we have to lock workstations after only 5 minutes of inactivity which is a pain.
Should still be possible to write an addon which limits field read ability based on logon priviledge. We're only talking about three fields, the CC#, the expiration date and the CVV code.
Thanks for your help.
06-12-2009 12:01 PM
Actually, the hidden tab feature of that add-on is exactly what we have for Act 6.0 now, without the field protection features. Creating a tab with only credit card information which can only be seen by certain users is excatly what we have and what we need.