MYOB Security

Question

I have found a gap in MYOB permissions which is troubling.

In inventory you need permission to move items from one warehouse to another. This works well - if you don't have permission the link is greyed out. Here's the problem - you can get around it.
I have staff who have "read only" ticked in their user profiles under Locations and move items not ticked at all. They can however go to Items Register > Search for an item and click on the individual item > click on the tab called locations > click on the move items (bottom left ) and without the above permissions move items around to to other warehouses. I have tested.

Any ideas on how I can protect this activity? The people who have Read Only in inventory need to be able to read but not move any items.

princess_r · Answer

HI Louisev_v4,
&nbsp;
Thank you for your post.
&nbsp;
I see that you're interested in restricting a user's access to certain locations to prevent them from moving items. When you mention that you set the location role to read-only, could you please confirm if this adjustment was applied both in the Inventory option screen of Manager Roles and immediately upon creation in Manage Users?
&nbsp;

This action should effectively limit the user's access to read-only for all the roles and permissions that have been selected.
&nbsp;
If my response has answered your inquiry, please click "Accept as Solution" to help other users find this information.
&nbsp;
Cheers,
Princess

louisev_v4 · Answer

HI&nbsp; - not sure I understand your question but I created these roles&nbsp; quite sometime ago.&nbsp; Nothing has changed but I wasn't aware you could go around the permissions .The issue is simply I can restrict Move Items under the Inventory Page in the dashboard - that's been working well.&nbsp; My operations manager was helping a staff member who has this restriction.&nbsp; They were looking at the item profile in Items register &gt;Tab Locations&nbsp; (we have multi warehouses) where the Move items at the bottom is not greyed out and can be accessed by the same person who can't do it from the dashboard.&nbsp;&nbsp;&nbsp;

doreen_p · Answer

Hi Louisev_v4,
&nbsp;
If there are staff that should not have access to move items, it should be read only on their end instead. With that, I would recommend checking the roles and customising them; it is worth checking. For example, a user with an inventory management role has the ability to move items even though they're showing as read only on their end. If you click on 'Manage Roles' from the user access window, you will see that there are more access options under Inventory Management that you can customise. I have attached a screenshot below for your reference.
&nbsp;

&nbsp;
If there are other roles ticked such as Cards, Banking, Inventory Management, Payroll, Purchases, Sales and Time Billing, ensure that Locations and Move Items are unticked.
&nbsp;
Feel free to post again anytime if you require further assistance.&nbsp;&nbsp;If my response has answered your inquiry, please click&nbsp;"Accept as Solution"&nbsp;to assist other users in finding this information.
&nbsp;
Best regards,
Doreen

louisev_v4 · Answer

Hi&nbsp;I think the point is being missed.&nbsp; The "move items" in their profile is not ticked.&nbsp; The inventory is read only.&nbsp; It works from the dashboard perfectly. They can't do a thing&nbsp; It is only when they go to the profile of the item then the location tab - the Move Item function works. We have tested in these profiles.&nbsp; I am not sure how I can explain this any differently.&nbsp;&nbsp;

princess_r · Answer

Hi Louisev_v4,
&nbsp;
I understand your concern about the "move items" function. It's clear that despite the access settings, users can still modify the item location via the item register. I've also run a similar test and can confirm your findings. Even when the 'move items' function is disabled due to access settings, they can still change the location through the item register. It seems that the only way to limit this is by setting their access to 'read only' from the manage users screen. However, I understand that this may not be the most suitable solution for you.
&nbsp;
Feel free to let me know if you need further assistance.
&nbsp;
Cheers,
Princess

Forum Discussion

MYOB Security

7 Replies

Related content

Security Breaches

Session Security Audit report

MYOB Advanced security update 2023.1.3 release

Emails -Security check: MYOB business settings have changed

Payroll security - not quite secure

Customised Journal Security Audit report

Journal Security Audit Report - incorrect user ID

SECURITY CERTIFICATE ISSUES?