The differences in security features between QuickBooks and Enterprise Solutions, its more powerful relative, are significant. Those are apparent from the opening window to manage users, which in QuickBooks is the User List, and in Enterprise Solutions is the Users and Roles window.
For this comparison, we’ll compare QuickBooks 2009 to Enterprise Solutions 9.0. QuickBooks 2010 and Enterprise Solutions 10.0 haven’t changed the security model from the 2009 series of products.
In QuickBooks Premier 2009, managing users is on the Company->Set Up Users and Passwords->Set Up Users… menu. In Enterprise Solutions, this functionality is on the Company->Users->Set Up Users and Roles menu.
Here’s the opening screen:
QuickBooks Premier 2009
Enterprise Solutions 9.0
At the highest level, QuickBooks supports 3 broad access levels:
- All areas of QuickBooks
- Selected areas of QuickBooks
- Accountant access, which blocks access to customer credit card numbers
Here’s the window to specify the broad access level. We’ll focus on controlling access to selected areas of QuickBooks.
Once Selected areas of QuickBooks is chosen as the access level, the type of access (either No Access, Full Access, or Selective Access) can be controlled in 9 areas of QuickBooks:
- Sales and Accounts Receivable
- Purchases and Accounts Payable
- Checking and Credit Cards
- Time Tracking
- Sensitive Accounting Activities
- Sensitive Financial Reporting
- Changing or Deleting Transactions
Screenshots of these 9 areas are shown at the bottom of this article.
By comparison, Enterprise Solutions adopts a different approach to access. User access is controlled by managing the access of a role and assigning one or more roles to that user. Enterprise Solutions supports 15 pre-defined roles:
- Accounts Payable
- Accounts Receivable
- External Accountant
- Full Access
- Payroll Manager
- Payroll Processor
- Time Tracking
- View Only
These pre-defined roles can be treated like access templates. They can be duplicated to create a new role, and that new role can be edited to create a different level of access.
Each role in Enterprise Solutions can be given 1 of 3 main access levels (none, full, or partial) to 11 different areas/activities. These 11 areas/activities are further broken down into 116 sub-areas/activities. In the example above, the access of the Finance role can be managed across 7 sub-areas/activities. The Finance role has been given Full access to Asset Accounts, but no access to the company’s General Journal. Under the Banking area/activity, a role could be given access to the company’s checking account, but not its savings account.
Users can be assigned to any of the 15 pre-defined roles or new roles created from those templates. Adding a new user with appropriate access only requires assigning that user to an Available Role. Changing a user’s access is as simple as changing the Assigned Roles.
Assigning access through managed roles is referred to as granular access. It’s far more powerful and flexible than the 9 broad access levels in QuickBooks Premier. Granular security is more appropriate for the mid-market businesses targeted by Enterprise Solutions and the up to 30 simultaneous users it supports. Likewise, the access control in broad functional areas offered by QuickBooks is suitable for the small business market it serves.
9 Selective Access Areas of QuickBooks Premier 2009