Question on admin permissions
Question on permissions. We're a tenant with some of our other offices on a single instance of Acumatica. We upgraded last month to 2019R2. Is it possible (and pretty straightforward) for us to get full admin privileges for just our tenant without affecting any other tenants on the same instance? We originally understood that it was extremely difficult to carve that out, but now have new information that it is just a few checkboxes on the user screen?
Security is done by Tenant. So, if your username and password are the same in multiple Tenants then you can easily toggle between the Tenants.
Even the admin user works that way. As long as the admin user password is different between Tenants then the admin user can't toggle between Tenants.
Customization Projects are a different story. If you are publishing Customization Projects in multiple Tenants then you can easily step on each others toes.
Sorry Dan, I steered you wrong. I thought I was sure about this, but I just tested again in a recent environment and there is a security risk to be aware of.
If there is at least one user that has the same Username/Password in multiple Tenants, then that user has access to multiple Tenants.
If another user only has access to one Tenant, but they have access to use the LOG IN AS USER button on the Users (SM201010) screen, then they can login as one of the users with access to multiple Tenants, then switch to another Tenant as that user.
I thought for sure that I had tried this workaround in a previous Acumatica version and it somehow stopped me from switching Tenants after logging in as another user with access to multiple Tenants, but I must be remembering incorrectly.
So, as long as all Usernames/Passwords are different between Tenants then you're safe. Otherwise, there is a security loophole.