Happy Business Starts Here

Re: Prevent User Access to a Specific Area

Prevent User Access to a Specific Area



We are trying to prevent certain users from accessing certain areas, even for View Only purposes, such as Billing or Payments.  However, we have been told that this currently is not possible.  


it would be nice if this was possible.





1 Comment

2 options for different objectives, hopefully this helps.


1. Data Access Control



This requires some consideration of how all users and all Accounts (or Products) will be assigned initially, when created and then when maintained for the control to be practically effective in an ongoing operation.  So, "solve process before technology".


The restricted user now loses access to all Reporting.  Basically, the control does follow the transaction, so the restricted user can only follow the transaction data through the UI that aligns to their access, but this restriction attribute is not visible from Reporting, so that remains all or nothing; the default must be nothing.  The net result is any restricted user loses access to Reporting. 


The work around is to create a 2nd user id for the user (or just to a selected Super User/Manager), giving them the highest node of access so they can get Reporting, but for all other functions of that 2nd user id, give them the No Access role described below. 


Overall, as I outline below, this manages the risk of data maintenance but leaves the data visibility problem.


2. Create a No Access role

A different option is just to manage the Role, remembering this will limit the risk of maintenance to the data but you also need to restrict other functions like Reporting to limit viewing of data.


As a Platform Admin, go to Manage User Roles

Select the function you want to manage from "View Role List of:"  for example, select Payments

Select button "Add new role"

Call the role something obvious, for example "Z-Payments - No Access"

Uncheck all the allowed options, so the role is essentially empty, Save.

Go to Manage Users, select the user and then Edit

Update that user for that function to the newly created "Z-Payments No Access" option.  Save.


My conclusion is that one can manage the risks for internal access and manage some controls like separation of duties, but these options are not effective for data security.


This situation improves somewhat in a multi entity structure, where a user cannot see across to another entity at all, but the overall problem would still remain within each entity.