[Vtigercrm-developers] important: no restrictions used in emailed reports
Alex Hall
ahall at autodist.com
Tue Jun 19 18:03:31 GMT 2018
Hello all,
We have all our sales reps, and their manager, on Vtiger. We have
restrictions for different groups, so reps can't see other reps' data, but
managers can. This works, even in reports. The problem is reports that get
emailed.
We just found that a sales rep had set up a scheduled report. When the
email came to him, the attached report contained details for EVERY account,
not just the ones he has permission to view. Essentially, he was able to
see full sales data on every organization owned by every other rep in the
company, something only a manager should be able to do. This seems to be
the case for any emailed report; the generator doesn't consider the user,
so no group or user restrictions apply to the data gathered.
Obviously, this is a huge problem. Its severity leads me to believe that we
must have overlooked something during installation/setup. Can anyone tell
me what we did wrong, and how we can get Vtiger to honor the security
settings we have in place when it generates scheduled reports? Thanks.
--
Alex Hall
Automatic Distributors, IT department
ahall at autodist.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20180619/a36e7f6b/attachment.html>
More information about the vtigercrm-developers
mailing list