Security settings, deleting transactions in R6?

[bugman]

The security info in the Merchant Guide is a little... skimpy.

Is there some document that DETAILS security settings (i.e. permissions) that each of the standard User Groups can & cannot perform?

From what I see in the merchant guide it appears that one can DELETE transactions - including payments? This seems a little sketchy. What's to keep an employee from selling some merchandise, collecting the money, then deleting the record of the sale & payment? SURELY that cannot be done, right?

Is there a place to set specific permissions for the pre-configured User Groups (like... "cannot delete payments!"), or for new groups that are created?

Any direction as to resources that would help me in this area would be much appreciated!

Thanks,

bugman

[Katie]

Hello,

I'm sorry the merchant guide doesn't have a more detailed explanation of the main security groups. If you can find the \Admin\ folder on the server, then within each sub-category (eg. \Orders\) there is a web.config file. Open this file and you can view the admin groups that have access to the features that are within this section.

Code: Select all

<configuration>
  <system.web>
    <authorization>
      <allow roles="System,Admin,Junior Admin,Manage Orders" />
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

The security is not as granular as allowing admins to do specific tasks like deleting a transaction or deleting an order, although I'm sure it could be customized on a file by file basis, but there is nothing in the interface that allows for such a thing.

[bugman]

Hmm... interesting.

So far there are lots of things I love about AC, but... the lack of granular security settings isn't one of them. :-\

Let's hope that will be improved in a future release...?

For now, I'll just focus on the GOOD things!

Thanks for the help Katie!