Forums Cached Customization Reporting SuiteAnalytics Connect (ODBC)

This topic contains 4 replies, has 0 voices, and was last updated by Cindy Sloan 16 years, 5 months ago.

  • Author
    Posts
  • June 10, 2008 at 5:06 pm #8343

    mshuman

    We just discovered that the ODBC is showing data when the users have NO permission to allow them access to it. They are not able to see it in the UI, but they can see it in the ODBC. This is sensitive information that only a couple of people should have access to, but I can’t stop them from seeing it.

    Isn’t the ODBC supposed to take the role of the user into account so that they are only privileged to see that which they can see in the UI? I submitted a case, but it was turned into an Enhancement Request. Shouldn’t this be a clear high priority defect?!
    This is a cached copy. Click here to see the original post.

  • June 10, 2008 at 11:05 pm #8344

    mhuffman

    Unfortunately, ODBC access to NetSuite data has never supported the same level of granularity for permissions as the NetSuite application UI. Our technical writing team is updating the documentation to make this limitation more clear.

    Note that ODBC access may be limited to specific custom roles via the ‘Advanced Analytics’ permission.

  • June 11, 2008 at 9:01 am #8345

    mshuman

    RE: Users able to see ODBC View prohibited in UI

    Thanks for the reply Malin. We’ll have to rethink our use of ODBC if there is no way to stop a user from seeing everything.

  • June 15, 2008 at 4:44 pm #8346

    JMUnderwood

    RE: Users able to see ODBC View prohibited in UI

    Originally posted by mhuffman

    Unfortunately, ODBC access to NetSuite data has never supported the same level of granularity for permissions as the NetSuite application UI. Our technical writing team is updating the documentation to make this limitation more clear.

    Note that ODBC access may be limited to specific custom roles via the ‘Advanced Analytics’ permission.

    Malin,

    I can’t find anything in the online Help about “ODBC permissions”. So does any role that has the ‘Advanced Analytics’ permission have full view of ALL ODBC data?

  • June 16, 2008 at 1:56 pm #8347

    Cindy Sloan

    RE: Users able to see ODBC View prohibited in UI

    Hi,

    Here’s my understanding based on the info I’ve gotten so far:

    The following permissions are enforced for enterprise views: all Transactions permissions, and Lists permissions for employees, customers, partners, vendors, and accounting registers. Enforcement of these permissions means that users have the same level of access in ODBC views to employee, customer, partner, vendor, types of transaction, and types of register records as they do in the NetSuite user interface.

    Other permissions are not enforced for enterprise views, including those based on classes, departments, locations, and custom records. This lack of enforcement means that users with the Advanced Analytics permission may be able to access records through ODBC that they cannot access in the user interface.

    I am still in the process of obtaining Product Management and Development review of this text before I add it to the documentation.

    Thanks,

    Cindy Sloan

    Technical Writer

  • Author
    Posts

You must be logged in to reply to this topic.