Announcement

Collapse
No announcement yet.

Security concerns - again

Collapse
X
 
  • Filter
  • Time
Clear All
new posts

    Security concerns - again

    We are planning on going into an accelerated growth mode with some newly found investment capitol, and are concerned there is no per account security with the CommitCRM desktop client. As security needs become more important every day with proactive controlled access to which employees have access to which user accounts, it seems this basic feature is still missing. Are there any solid plans for future releases to enhance the security for accounts on a group or individual level? It seems an oversight to allow full access to all accounts for any new hire added to CommitCRM. We work with highly confidential information concerning login information for medical offices and legal offices. Security best practices dictate that we have better control over who has access to what accounts, and having only been with CommitCRM for a year we are finding ourselves at a decision point in regards to enhancements in this area. Competitors have feature available, and limiting our staff to web access only to control the security is not a viable option.

    Re: Security concerns - again

    RangerMSP includes many options to select which privileges each user/employee have (here) - e.g. what they can and cannot do within a RangerMSP session. In addition, when working with external staff (e.g. subcontractors) you can allow them access to the system via the Web interface and limit their activity to specific account or accounts you want to provide them with access to.

    When considering this with the many other things on our list I would say that at this point we do not have any near future plans to invest many resources in adding new features to further limit internal employees. However, we will probably continue to increase the various employee privileges options you have control over (please the link above) just like we have with almost any recent release.

    Thank you for asking.

    Comment


      Re: Security concerns - again

      We want to limit access when using the client as well. Is this possible?

      Comment


        Re: Security concerns - again

        The Web interface supports this and you can select exactly which account/s the user (usually a subcontractor) can see/manage. The Windows client that runs on your local network does not support this option, however, it does support (so is the Web interface) many different user privileges settings.

        Comment


          Re: Security concerns - again

          No offense but the web interface is 25% of what the client is. Nobody wants to use that unless they have to.

          We use it now for our subs, because we have to, but we still have to spend time going in and making entries they cant with the web interface.

          Instead of saving time, it costs time.

          Comment


            Re: Security concerns - again

            No offense taken, while the Windows client does offer more - the Web interface is far from offering only 25%... but lets leave this aside. The additional features offered by the Windows client are usually advanced ones, usually not intended for the non-privileged employees you are referring to here (though I can think of some exceptions). In any case, thanks for your feedback. As stated above we currently do not have plans to support limiting accounts within the Windows client application. It is supported for the Web interface. We may revisit this in the future. Thanks again.

            Comment


              Re: Security concerns - again

              For consideration, an easy way to add it in a future release would be to
              "Limit Access to Records Where Field _________ Contains ____________"

              On Logging into Commit, the filter automatically applied, and the restricted employee could only see those records..... easy enough????

              I am sure many CommitCRM owners with more than a few employees would find this a highly valuable improvement. It potentially could be a strong selling point for CommitCRM to add this option to the feature list. I almost passed on CommitCRM because of this one missing feature, but the price of the product for the value provided won me over.... I feel good about my purchase, but it would not be worth the savings the client information I've worked so hard to acquire over the years were breached by a new employee.....

              Comment


                Re: Security concerns - again

                Would also be useful to restrict certain tabs or fields. We don't have a need to restrict employees access to certain clients but would definitely benefit from being able to keep certain employees from the notes tab or a custom tab used for client passwords and such.

                Comment

                Working...
                X