iOS app security
The iOS app is great, and the updates to viewing tickets is also very nice. But it is a huge security hole giving all our staff full access to our client list outside the office to view, copy, steal, etc. It would be nice to see this a feature that could be turned off or no by person, not but group but for each person.
For example, some techs need that app, our in-house techs never need that app.
It would also be very nice if this app could be blocked by time of date even for those that do have access. For example, only available 8-5.
This is related to doing the same with RSr, we would like very much to have better control over locking access down.
Tim Nyberg
shared this idea
-
Tim Nyberg
commented
see also similar thread "More control over Remote access, limit access"
-
Tim Nyberg
commented
Just a comment which I'll also post in the general security feedback - This falls into basic Enterprise Risk Management (ERM). The risk here is Employee accessing unauthorized information.
The Control – Create password protected barriers. Limit access to need-to-know employees. These are super basic functions of a CEO of even a small business. We can't have people getting access to customer lists, closed invoices, monthly invoice information etc. In the case of the apps it not only needs NOT to be available to some people at all but also needs several of the features to have access control by the people who do such as not seeing invoices that are not from tickets assigned to them at all, not to be able to see the entire customer list, just the client info for tickets assigned to them, not to see closed invoices. All a tech needs to see on-site for example are tickets and invoices for those tickets that are assigned to them, nothing more. -
Tim Nyberg
commented
I added this to another comment as well about security.
Comcast has many areas that are IPV6 only where IPV4 can’t be used for any level of security. We need some level of security by user, not just a global thing. Different users have different roles, some need access to the data outside the shop and for those users we don't want them to ever have access outside the shop. This is such a huge security hole which allows staff to copy out data or customer info at their convenience.
-
Tim Nyberg
commented
Just a few added thoughts. This data stays on the phone, what we need to know with confidence is that when a staff member is no longer with your our company...any data on the phone will be remotely removed.
There would also be a lot of value in being able to choose what could be seen on the iOS app for each user. For example.
See Only "My" tickets
See open tickets
See only "My" open invoices
Client list not visible at all to iOS users unless such permissions are granted or global admin.our general setup would be See only "My" open invoices, no access to client list at all, no viewing of any other data. The only real use right now for us is taking Credit card payments and the only thing a tech needs for that is access to their own open invoices.
Again..to stress the ability to have no access times, days, etc.
For example our techs do not need access at night or on the weekends or on days off etc.Also the ability to turn off or on any access to the iOS app at all. Some staff just don't need to be tempted by having access. And since all they need is their own user name and password we currently have no control over what they have access at all.
Thanks