QuickBooks Enterprise (v19) - Role and User Permission Clarification

by

Unfortunately, certain user roles and permissions within QuickBooks Enterprise provide unrestricted access to view all transactions, including Payroll information, even when users with those roles or permissions have no explicit access to payroll areas. In other words, users can see payroll information even if they don’t have explicit access under the Employees and Payroll permissions. Such unrestricted access lets users view confidential information even though the QuickBooks Administrator may have only granted them access to needed areas without intending for them to have access to what should otherwise be restricted data. 

While the changes to QuickBooks Enterprise (v19) still DO NOT prevent such accessibility, they are intended to help the QuickBooks Administrator identify such roles, permissions and users, so they can potentially edit permissions to restrict such broad access where possible. To clarify which roles provide unrestricted access, the 2019 enhancement makes use of an * (asterisk) character to indicate which user(s) and rolls/permissions afford unrestricted access to all transactions including payroll information.

The illustration below lists three users for the file being demonstrated.  In this case not only does the ‘Admin User’ have unrestricted access, but the ‘Primary User,’ as denoted by the * (asterisk) to the right of their user name, also has unrestricted access. This asterisk designates that roles assigned to this user provide them with "unrestricted access to view all transactions, including payroll information" unless specific roles are removed from the user profile, or permissions are removed from the assigned roles.

The illustration below shows the Role List of the Enterprise Users and Roles feature. Notice the Roles that are listed with an * (asterisk) next to them (at right end). Here, the asterisk designates those roles that give users "unrestricted access to view all transactions, including payroll information" unless specific permissions are removed from those roles.

The illustration below shows the ‘View Only’ role and the various Areas, Activities and permissions granted to this seemingly limited role. Even with this role anyone assigned would have unrestricted access to view all transactions, including payroll information. Note the ** (double asterisk) next to several specific areas within the Reports Area of the Role.

Unfortunately, this new enhancement DOES NOT permit additional granular restriction of such information from roles containing access, all it does is provide the QuickBooks Administrator with an awareness that certain roles and functional areas are granting what may otherwise be undesired information access. In some cases, access rights may be able to be altered to impose the restrictions, but in other cases it will not be possible to grant both needed access and yet restrict access to what should otherwise be confidential information.

Even though QuickBooks Enterprise has been marketed for years on the selling point of having so much more security granularity and access control over the QuickBooks Pro and Premier products, we still don't have true controls over this critical area of information security. Don't be fooled, this new enhancement doesn't accomplish such control. 

While Intuit recently rolled-out a better 'Manage Users' experience in QuickBooks Online that includes an enhancement that allows the Administrator to grant (or deny) users to Payroll information, even for users with 'All access rights,' with a check or uncheck of the recently added 'Payroll access' box within the user profile; QuickBooks Enterprise, with all the 'hyped' granularity of security, doesn't offer the same level of control now available in QBO. 

So, "I'm just not impressed by this QuickBooks Enterprise (v19) feature at all."

Notes & Disclosures:

Graphics or other illustrations used in this article have either been prepared using a pre-release version of QuickBooks Enterprise v19 (2019) software or were furnished and/or adapted from Intuit source content. Be aware that certain aspects of features described or illustrated herein may have changed between the pre-release software version we used, and the release of QuickBooks 2019 desktop product line-up scheduled for September 4, 2018.

This article is intended to serve as a summary of one specific QuickBooks Enterprise v19 (2019) product feature, it is not an in-depth review nor has it been written to provide instruction in the proper use of the software (or feature).

While the writer or editor may express a personal opinion within this article regarding this feature and/or the software, such personal opinion does not constitute a formal endorsement by Insightful Accountant or the publisher.