Allow restricting security for plug-ins
Security for access to Plug-Ins. As a hosted user, I have no way to restrict my user's access to Plug-Ins. This is a huge liability.
-
Guest
- Mar 17 2015
-
Remove access to PLUG-IN module thru security measures.
Merged We would like to have the ability to limit access to the Plug-In modules (Both RE & FE) thru system security.1
-
Permissions for PlugIns
Merged Create security permissions to stop all users from viewing plugins3
-
Plug-Ins should be limited to Supervisor and Admin personnel only
Merged Some of the Plug-Ins have too much power and since all users currently have access to it, there is a chance that data could be deleted, etc. that shouldn't be - either unintentionally or maliciously.0
-
Prevent users from having access to plugins
Merged Many plugins are Admin level features, but for some crazy reason, everyone can see them and run them. There is no security control over these plugins.1
-
Restrict access to Plug-Ins module of RE
Merged We would like to restrict access to some (or all) of our installed plug-ins from a group of our RE users. We don’t want all to have the ability to use some of the installed plug-ins—use w/o us knowing could be harmful to our database (i.e. delete ...0
-
Allow security settings to block access to Plug-Ins
Merged Some of the functionality in plug-ins has the ability to make administrative level changes to the database. I have users that I don't want to be able to access plug-ins. For instance I do not want anyone but me to un-post gifts but I have users th...0
Related ideas
my suggestion is each plug-in links should be assigned by group users.
This is a huge problem!
There is no way at all to hide this from security groups. I don't even want my users being able to be poking around in there.
This is also an issue for non-hosted users. Given that Plug-Ins include things like "Unpost Gifts" and "Delete Phones" this is definitely an area I'd like to lock down and limit access to even viewing. This seems like a pretty big security hole.
I agree completely. Plug-Ins are a serious Security loophole. We just had an issue where a very well-meaning user was directed by BB Support to fix a small problem using the Unpost Gifts Plug-in. Unfortunately, she inadvertently unposted several hundred thousand gifts. This User was in a security group that could not make global changes... and yet she was able to do so via the Plug-In.
We are trying to create a view-only access group and restrict only to records view level, but not being able to restrict the plug-ins and the ability to run them is a huge problem for us as well. I do not understand why we can't do this and why Blackbaud won't address it.
I would vote for this a thousand times if I could. I don't want our users in Plug-Ins!