Method:Classic General Q&A

Re: Editing "Customizer" role to restrict access to sensitive data

Method_Ted — Thu, 19 Apr 2012 21:05:51 GMT

@smohyee

smohyee:
Please clarify one more thing for me: In step 8 there's the option, "This user only has access to specific existing tables". If I were to remove access to a table, would I still be able to view/edit the table fields (since no record data is provided in the table editing screen), and would I be able to add records to the table even though I can't read the records?

If your access is removed to a table in Step 8 of the Customize setting then you will not have the ability to view and edit the table fields. However, that does not limit you to add / edit / remove records in those fields of that table.

I hope this is helpful

Re: Editing "Customizer" role to restrict access to sensitive data

smohyee — Thu, 19 Apr 2012 16:52:00 GMT

Please clarify one more thing for me: In step 8 there's the option, "This user only has access to specific existing tables". If I were to remove access to a table, would I still be able to view/edit the table fields (since no record data is provided in the table editing screen), and would I be able to add records to the table even though I can't read the records?

I ask that last part because I may want to add things like Method-related flag fields to restricted tables for purposes of customization, and then edit existing records by changing those flag values.

Thanks Ted!

Re: Editing "Customizer" role to restrict access to sensitive data

Method_Ted — Thu, 19 Apr 2012 15:51:55 GMT

@smohyee

Thank you for the clarification.

To place restrictions to a user's account can be found in Customize > Users. To accomplish the setting that you are describing then please take a look at Step 7, 8 and 9 (of 10)

If you are going to limit which tables a user can access then they will not have the ability open and retrieve values from those table during customization.

In Step 8, there is an option for "This user is allowed to connect to Method API". If this is not granted the user will not be able to connect to Method using the API which will limit them from using the Import/Export tool (I think it also stops them from using the Outlook Plug-in) so be cautious if you going to to disable this function.

Re: Editing "Customizer" role to restrict access to sensitive data

smohyee — Wed, 18 Apr 2012 22:54:41 GMT

Well, to be more accurate about my current situation, it's not that I'm going to be designing screens to access privilegd information.. it's that I need to be restricted from being able to create such screens.

Here's the situation: Method apparently requires the synching Quickbooks account to have access to "Sensitive Financial Reports" in order to be able to successfully upload the Sales Income and COGS accounts that are associated with our items (right now, only some of them upload their names with no info, while some 200+ accounts have been assigned 'temp' names).

The problem is that if a inaccesible Quickbooks account with appropriate privileges was set up to synch with Method, I as the current Method Admin (and the sole designer) would still have access to all priviliged data in Method. I could export it from tables, or create screens to view it, etc. I have no intention of doing that, but of course it's important to have barriers in place as a matter of good business.

What's my best option for limiting my access to that priviliged data without crippling my ability as the sole Method designer?

Re: Editing "Customizer" role to restrict access to sensitive data

Method_Ted — Wed, 18 Apr 2012 21:53:25 GMT

@smohyee

I am not sure if there is a nice, clean way to achieve your goal with this task

If you want the ability to customize screens and not actually see the data in the runtime screens will require a lot of awkward customization and still might not be 100% fool proof.

You can consider :

1) You, as the customizer, take direction and instruction on the customization from the owner and have him test out the screen results

2) Have two Method accounts where one is used for design work with fake data (if needed) and the other to be live. Changes can be made on the test site and copied into the live account if needed. This would ensure that the customizer will not see any sensitive data. The downside of this situation is paying for an extra license on the development account

Please let me know if I can be of further assistance.

Editing "Customizer" role to restrict access to sensitive data

smohyee — Wed, 18 Apr 2012 18:02:02 GMT

I've watched the webinar on assigning roles, and I have a followup question:

As the sole customizer of Method, it is important that I have access to every screen, every tab link, every table, etc. However, as I am not the owner of the company, I need to be restricted from access to sensitive financial information. So, for example, I want to be able to edit a Profit/Loss report screen as the Customizer, and at the same time not be able to view actual data on that screen.

Is it possible for me to restrict the Customizer role from access to table data, while still being able to see and edit the fields themselves?

Edit: Also, will I be able to enable these restrictions on myself as the sole Method account holder? I think I remember Admin role being required for at least one user. Could I just assign it to "Method Support", then ask you guys to assign it back to another account when we get that set up?