End of day - Restircted users can see shipments created by other users
Hi,
Users with restricted rights that should only be able to see shipments created by them, are able to see shipments created by other users in the End Of Day forms. Furthermore they are able to print End of Day form for shipments they did not create. End of day form has shipments details from all orders and not just theirs. This is a security concern and defeats the whole purpose of having the option of having a user not see other users shipments
This seems to be a bug. Kindly fix.
Thanks!
david russo unbeatsale
shared this idea
1 comment
-
London Pool and Hot Tub Depot
commented
Our store has 3 shipping locations with 3 users, one master user for head office, and 2 highly restricted users. The restricted users can only see orders assigned to them and shipments created by them, however when they go to process the End of Day report, they can see ALL the orders that were shipped at all locations, and even close our manifest. This is highly concerning not just for the security factor of them seeing our orders, but they could accidentally close our manifest as well. There is a setting to change the view so they can filter the orders by location, but by default "All Locations" is always selected.
My first suggestion is that there needs to be a user management setting that restricts their End of Day access so they can only close shipments created by them. This would be the ideal solution as we would prefer other locations not able to see all the orders.
If that's not possible, it would be beneficial to be able to set their default view so that when they click the End of Day button, they see only orders at their location by default. This would create less chance of error on their part, as they would have to manually change the filter to see and close orders from other locations.