• Skip to primary navigation
  • Skip to main content

QBGarage.com

The QuickBooks Specialists

  • Home
  • Blog
  • KnowledgeBase
  • Company
  • Show Search
Hide Search
You are here: Home / Archives for access & security

access & security

How Does QuickBooks Attached Documents Handle Security?

Chief Mechanic · March 19, 2011 ·

QuickBooks Attached Documents Manage Users
QuickBooks Attached Documents addresses the need for security by providing 4 levels of application permissions across 8 areas of QuickBooks functionality under an account overseen by a single user.

Users log into Intuit’s secure servers using an email address and password. While we’re on the subject of security, there’s one small drawback: the password is not case-sensitive and is therefore not considered a strong password.

A QuickBooks Attached Documents subscription is managed by a Company Administrator, the sole pre-defined role supported by the service. A user with the role of Company Administrator can:

  • Edit the business profile
  • Add other Attached Documents subscriptions
  • Update the current subscription

Here’s a screenshot of the screen to add a new user, which shows the range of security settings. After a user is added, security settings can be modified by clicking on the Manage Users button in the upper right of the browser screen, followed by editing a specific user. You can only manage users from a browser-based interface, not from within QuickBooks itself. The Setup and Manage Users menu selection will only open browser access to Attached Documents.

Quickbooks Attached Documents Add User

The service supports 4 levels of application permissions:

  • Administrator: can perform all functions and manage users
  • Full Access: can perform all functions but cannot manage users
  • View Only: can view any attachment in any area but cannot add new attachments and cannot modify or delete existing documents
  • Custom Access: controlled access across 8 functional areas

Necessarily, the user with the role of Company Administrator must have Administrator application permissions, but other users can have Administrator application permissions as well. While those users will have powerful capabilities, they won’t have the powers specific to the role of Company Administrator, such as editing the company profile.

The Custom Access permission is used to control access to documents in functional areas of QuickBooks. Custom Access supports 8 functional areas:

  1. Sales and Accounts Receivable
  2. Purchases and Accounts Payable
  3. Checking and Credit Cards
  4. Time Tracking
  5. Payroll and Employees
  6. Inventory
  7. Sensitive Accounting Activities
  8. Company Documents

Within these 8 areas, there are 4 capabilities:

  • Add: this is a global permission; if a user can add an attached document, he can add it to any area
  • View: this permission allows a user to look at but not modify or delete a document
  • Modify: this permission necessarily includes the View permission
  • Delete: this permission is only available to a user with Modify permissions in the same area

Users assigned a Custom Access level can make use of their capabilities (i. e., Add, View, Modify, or Delete) on lists and transactions associated with that area of accounting. A user can be assigned to more than one area, a necessity in a small firm that still wants to set some restrictions on document access.

Before examining how Custom Access applies in specific areas, it’s important to understand how access to files in the Document Inbox is controlled. Any user with View permission in any area can see all unattached documents in the Document Inbox. Custom Access can’t take affect until after a document is attached and put into a specific area. Therefore, for documents requiring controlled access, care must be taken to start the upload process by attaching them from within QuickBooks. If you elect to upload a document to the Document Inbox and attach it later, it is viewable by any user with View permissions until it is attached to a list item or transaction.

8 Functional Areas

Let’s review which lists and transactions are associated with specific areas. Note that a list or transaction type can appear in more than 1 area. For example, the Other Names list appears in both the Sales and Accounts Receivable and the Purchases and Accounts Payable areas.

Sales and Accounts Receivable: Customers, Other Names, Fixed Asset Item List, Estimates, Sales Orders, Invoices, Sales Receipts, Credit Memos, and Payments.

Purchases and Accounts Payable: Vendors, Other Names, Fixed Asset Items, Bills, Bill Credits, Bill Payments, Credit Card charges, Credit Card credits, and Purchase Orders. Note that Checks – which represent a different transaction type – cannot be seen unless the user has View permissions in the area of Checking and Credit Cards.

Checking and Credit Cards: Vendors, Other Names, Fixed Asset Items, Checks, Deposits, Credit Card charges, and Credit Card credits. Note that users with View permission can see documents attached to transactions in bank or credit card accounts but cannot see documents attached to the bank or credit card accounts themselves. Note also that Transfers are not included in this area.

Time Tracking: Other Names and Timers.

Payroll and Employees: Employees, Other Names, Paychecks, Payroll Liability Checks, Liability Adjustments, and Year-To-Date Adjustments.

Inventory: Items, Vendors, Other Names, Fixed Asset Items, Bills, Bill Credits, Bill Payments, Purchase Orders, Item Receipts, Inventory Adjustments, and Build Assemblies.

Sensitive Accounting Activities: Accounts, Journal entries, and Transfers. Note that users with View permission can see documents attached to general ledger Accounts, but to also see documents attached to transactions in a particular area, View permission for that area is required. For example, to view a document attached to a Check, a user must have View permissions in the Checking and Credit Cards area.

Company Documents: Documents attached to the company file itself via the Company Information window.

This last area is not an accounting function similar to managing A/R or A/P. Instead, it includes more general corporate documents that are connected to accounting and recordkeeping. Documents here include those attached to the Company Information via the Company->Company Information… menu selection. A screenshot of this point of attachment is shown below. Examples of documents that might be attached here include corporate organization documents such as articles of incorporation, bylaws, or meeting minutes.

QuickBooks Attached Documents Company File

A few examples of how applying security in QuickBooks Attached Documents will illustrate the power and flexibility of this security model. First, consider the need to upload bank statements but to restrict access to selected individuals. Bank statements attached to the Account are only viewable by users with access to Sensitive Accounting Activities, so the specific bank account to which the statement applies is the best point of attachment. We don’t recommend bank statements be attached to other list entities, such as Other Names, because documents attached to those lists are accessible to other areas.

Next, consider the need to upload payroll tax forms. If every user requiring access to the payroll tax forms will also have access to the Sensitive Accounting Activities area, one good point of attachment might be the liability account to which the tax form relates. Another approach might be to treat these forms as Company Documents, and attach them to the Company Information. A workable but slightly less desirable method would be to create employees representing the tax agency as placeholders and attach tax forms to the relevant placeholder employee. However, even though a tax form is often accompanied by a payment to a Vendor, we don’t recommend attaching a tax form to a Vendor because documents attached to that list item would be accessible to other areas, such as Purchase and Accounts Payable.

Both of these examples illustrate an important concept in making use of security in Attached Documents. Start by attaching a document to an area with the greatest restrictions and only attach it to other areas as required. If you attach a document to areas that include lists or transaction types that overlap, you may end up making the document available to a wider audience than you originally intended.

Vote This Post DownVote This Post Up (-1 rating, 3 votes)
Loading...

What’s the Difference Between Security In QuickBooks Versus Enterprise Solutions?

Chief Mechanic · September 11, 2010 ·

The differences in security features between QuickBooks and Enterprise Solutions, its more powerful relative, are significant.  Those are apparent from the opening window to manage users, which in QuickBooks is the User List, and in Enterprise Solutions is the Users and Roles window.

For this comparison, we’ll compare QuickBooks 2009 to Enterprise Solutions 9.0. QuickBooks 2010 and Enterprise Solutions 10.0 haven’t changed the security model from the 2009 series of products.

In QuickBooks Premier 2009, managing users is on the Company->Set Up Users and Passwords->Set Up Users… menu.  In Enterprise Solutions, this functionality is on the Company->Users->Set Up Users and Roles menu.

Here’s the opening screen:

QuickBooks Premier 2009

QuickBooks Premier 2009 User List

Enterprise Solutions 9.0

QuickBooks Enterprise Solutions 9.0 Users and Roles

At the highest level, QuickBooks supports 3 broad access levels:

  • All areas of QuickBooks
  • Selected areas of QuickBooks
  • Accountant access, which blocks access to customer credit card numbers

Here’s the window to specify the broad access level.  We’ll focus on controlling access to selected areas of QuickBooks.

QuickBooks Premier 2009 User Access

Once Selected areas of QuickBooks is chosen as the access level, the type of access (either No Access, Full Access, or Selective Access) can be controlled in 9 areas of QuickBooks:

  1. Sales and Accounts Receivable
  2. Purchases and Accounts Payable
  3. Checking and Credit Cards
  4. Inventory
  5. Time Tracking
  6. Payroll
  7. Sensitive Accounting Activities
  8. Sensitive Financial Reporting
  9. Changing or Deleting Transactions

Screenshots of these 9 areas are shown at the bottom of this article.

By comparison, Enterprise Solutions adopts a different approach to access.  User access is controlled by managing the access of a role and assigning one or more roles to that user.  Enterprise Solutions supports 15 pre-defined roles:

  1. Accountant
  2. Accounts Payable
  3. Accounts Receivable
  4. Admin
  5. Banking
  6. External Accountant
  7. Finance
  8. Full Access
  9. Inventory
  10. Payroll Manager
  11. Payroll Processor
  12. Purchasing
  13. Sales
  14. Time Tracking
  15. View Only

These pre-defined roles can be treated like access templates.  They can be duplicated to create a new role, and that new role can be edited to create a different level of access.

QuickBooks Enterprise Solutions 9.0 Edit Role

Each role in Enterprise Solutions can be given 1 of 3 main access levels (none, full, or partial) to 11 different areas/activities.  These 11 areas/activities are further broken down into 116 sub-areas/activities.  In the example above, the access of the Finance role can be managed across 7 sub-areas/activities.  The Finance role has been given Full access to Asset Accounts, but no access to the company’s General Journal.  Under the Banking area/activity, a role could be given access to the company’s checking account, but not its savings account.

Users can be assigned to any of the 15 pre-defined roles or new roles created from those templates.  Adding a new user with appropriate access only requires assigning that user to an Available Role.  Changing a user’s access is as simple as changing the Assigned Roles.

QuickBooks Enterprise Solutions 9.0 New User

Assigning access through managed roles is referred to as granular access.  It’s far more powerful and flexible than the 9 broad access levels in QuickBooks Premier.  Granular security is more appropriate for the mid-market businesses targeted by Enterprise Solutions and the up to 30 simultaneous users it supports.  Likewise, the access control in broad functional areas offered by QuickBooks is suitable for the small business market it serves.

9 Selective Access Areas of QuickBooks Premier 2009

QuickBooks Premier 2009 User Access Sales
QuickBooks Premier 2009 User Access Purchases
QuickBooks Premier 2009 User Access Checking
QuickBooks Premier 2009 User Access Inventory
QuickBooks Premier 2009 User Access Time Tracking
QuickBooks Premier 2009 User Access Payroll
QuickBooks Premier 2009 User Access Sensitive Accounting Activities
QuickBooks Premier 2009 User Access Financial Reporting
QuickBooks Premier 2009 User Access Change
QuickBooks Premier 2009 User Access Summary
Vote This Post DownVote This Post Up (+1 rating, 1 votes)
Loading...

Accounting

  • Financial Accounting Standards Board

Developer

  • Intuit Developer Network Forums
  • qbXML Onscreen Reference

Intuit

  • Enterprise Solutions
  • Intuit
  • Intuit Marketplace
  • QuickBooks
  • QuickBooks Online Community

QBGarage.com

Copyright © 2008–2023 QBGarage.com · Privacy · Terms & Conditions · Site Help