A comment posted on an earlier blog post about setting user permissions got me to thinking.

You can set up user permissions on a module by module basis, and you can specify whether a user can have entry/edit privileges or printing privileges, or both, for any given module.

But you apparently can’t completely lock a user out of a module. They can still open up the center and see data there — albeit on a limited scale.

For example, if you do not give a user permission for sales and A/R functions, they cannot see invoices or sales receipts or other customer transactions. But they can go into the Customer Center and see the list of customers. They can see the customers’ phone numbers and addresses.

quickbooks screen shot for user permissions
You can't see transactions, but you can still see customer data

In the case of employees, you can see not only employee names and addresses, but you can also open attached documents for employees even if you’re not supposed to have access to any payroll privileges.

Why is that? The blog commenter wanted a workaround for this and I had none to give. I suggested that they submit some online feedback within the QuickBooks Help menu about that — perhaps Intuit will implement a more rigorous permission scheme into a future version.

Does anyone else have a good workaround in the meantime?

Please follow and like us:

7 thoughts on “Why Can’t I Lock a User Out of That?

  1. I dunno, Woody. I just tried it in Enterprise 12 and the same thing happened — I set up a user with only A/P privileges, but that user can still see employee and customer names and addresses…

    Even if Enterprise could eliminate this problem, it doesn’t seem reasonable to me to make users upgrade just for that one thing. Locking users out of Centers for which they do not have user privileges just seems like common sense, don’t you think?

    Thanks for the comment.

  2. Hi Shannon

    I’m in Australia and we do QuickBooks here. Just love the program.

    Been reading this blog [and the previous blog on the issue].

    We also point users to the Enterprise edition of QB’s. The user set in that version is very sensitive and best part is it comes with user roles that can be tailored to individual employee.

    I take the point that employees may be able to see client details. To get a list out any other way than export is a pain. There are other ways I know but…??

    A couple of years ago I had a client that had lost control of her business to certain staff. We upgraded her to Enterprise and wrestled control back. I was hammered for several weeks by staff members “who need to do” processes that they shouldn’t have been doing. So then they learned to live with their restrictions.

    There are holes in all systems. China has breached your military enterprise and your guys have tapped into Iran. So what’s new on the security front 🙂

    Love the blog and the news letters.


  3. Hi Jeff, thanks for the kind words and your observations. I haven’t experimented with ES Australian edition, but glad to hear that it worked out well for your client in that situation.

  4. Hi,
    I am not an active user but a problem solver for a company. I am going to attempt finding help on a specific issue. The owner would like to restrict a user from accessing the payroll acount for just one company. Please let me know if you need more information.



  5. Hi Kat,

    Well, user restrictions are set up on a company by company basis. That is, each set of books in QuickBooks has its own list of users, and those users have access privileges by module. So that shouldn’t be a problem if I’m understanding you.

    Thanks for the questions.

  6. Pingback: How to Protect the Viewing of Customer Credit Card Numbers « QuickBooks and Your Business

Leave a reply

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>