Branch on Projects screen not respected by Access Role on Branches screen
I'm not sure why currently the Branch field on the Projects (PM301000) screen doesn't respect the security set by the Access Role field on the Branches (CS102000) screen. It sure seems like a bug to me. But, alas, that's the way it is.
The only workaround that I know of is to use the Project Access (PM102000) screen to define row-level security, but it's not the greatest because you have to maintain it for every new Project created.
This one really burned a client of mine recently because they assumed that the Branch security was restricting access to Projects, when in fact everyone across the 10+ locations could see the Projects for all locations. This was a big confidentiality violation.
I can totally understand why they assumed the Branch security would restrict access.
The Access Role field on the Branches (CS102000) screen controls what Branch data a user can see, including which Warehouses and Cash Accounts.
For example, if you use the SalesDemo data and give the andrews user access to the BRANCH HQ role, but not the BRANCH CAP and BRANCH VA roles, then login as the andrews user, you will see the following in the lookup window on the Warehouses (IN204000) screen:
The VA-RETAIL warehouse isn't listed in the screenshot above because it's restricted by the Access Role on the Companies (CS101500) screen.
The admin user can see the VA-RETAIL warehouse because the admin user has access to all Companies:
The same behavior is experienced with Cash Accounts.
So it doesn't make any sense that we don't have the same behavior on the Projects (PM301000) screen. The andrews user can access the FIXEDP05 Project even though that Project belongs to the SERVICES Company which the andrews user doesn't have access to:
If you'd like to see this "bug" get fixed, you can vote here:
Interested in joining a Local Acumatica User Group? Click here for more info