[Feature Request] Detailed Staff Permission and access - PCI Requirements

Started by UCG_Keith, May 18, 2013, 12:28:01 PM

Detailed Staff Permission and access - PCI Requirements

Yes
5 (100%)
No
0 (0%)

Total Members Voted: 5

Print
Go Down Pages1
User actions

UCG_Keith

May 18, 2013, 12:28:01 PM Last Edit: May 19, 2013, 11:24:24 PM by Lawrence
Hostbill is in need of a staff access module or the ability to restrict from view and access of certain areas of the admin portal.  For example:

My Level Techs cannot have access to any password, yet would have the ability to reset passwords. This should include Client passwords and service password.

Support Group should not have any access to any financial information. Including company and client information.

I would also like to see the ability to assign specific users or groups specific clients. not allowing them to have access to a full list of clients.

Currently HB has a pretty good role/permission for the client side, I don't see why or how difficult it would be to incorporate into the admin side.  It is a pci compliance nightmare to keep records and justify why all users has full access to an entire platform with very little restrictive control.

I would be will to work with others to write the code to get this requirement moving forward.

Cheers
Keith

John

#1
May 19, 2013, 07:22:00 AM
I do agree with this! It is a nightmare for us to keep track of who accessed what.
John McCarthy
inertianetworks.com
john@inertianetworks.com

nibb

#2
June 07, 2013, 06:32:32 PM
Actually Hostbill has good Staff permissions levels. This was also one of the reasons I went with hostbill.

Do you want a tech staff to watch all the profits the company does? I don´t. They should not have access to financial data like that. This was not really possible in my other software, so I just did not gave them access which makes the point of something like this useless.

Now, I think it would not be hard to make Hostbill PCI fully compatible in this regard, since it already has pretty good permissions levels.

About passwords, I don't think even the admin can view passwords, they should be encoded, you can change them but not view them.

Being to able to have a log of user staffs activity would also be great to track back their footsteps on the system.

Patrick

#3
June 07, 2013, 10:25:55 PM
Quote from: nibb on June 07, 2013, 06:32:32 PM
Actually Hostbill has good Staff permissions levels. This was also one of the reasons I went with hostbill.

Do you want a tech staff to watch all the profits the company does? I don´t. They should not have access to financial data like that. This was not really possible in my other software, so I just did not gave them access which makes the point of something like this useless.

Now, I think it would not be hard to make Hostbill PCI fully compatible in this regard, since it already has pretty good permissions levels.

About passwords, I don't think even the admin can view passwords, they should be encoded, you can change them but not view them.

Being to able to have a log of user staffs activity would also be great to track back their footsteps on the system.

There are still permission issues that cause PCI compliance issues.  Yes it offers decent permission levels but not enough.  Please read carefully what Keith has said.
Patrick - Forum Rules
Insanity: doing the same thing over and over again and expecting different results. - Albert Einstein
Print
Go Up Pages1
User actions