logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
ray22901031  
#1 Posted : Friday, October 2, 2020 1:04:20 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Are there any plans to revisit the admin security section of Ablecommerce. My understanding is that this hasn't been enhanced in quite a long time. In fact it's rather weak compared to even the basic of what other shopping carts can offer.

The admin groups which are provided today are pretty much useless, and the edit button only provides the ability to change names. It would be nice if there was a detail checklist of what admin's can do and not do.

Examples:

Can edit products?
Can export products?
Can view products?
Can delete products?

I think you guys know that this particular portion of the shopping cart lacks options and is way behind the times.

Many thanks for your consideration, I do believe this will benefit a tremendous amount of people that are interested in website security.

Thanks

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

ray22901031  
#2 Posted : Thursday, October 29, 2020 12:17:28 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Would love to hear a response from tech support to see if an upgrade to the built-in admin security is in the works anytime soon, many thanks.
Katie S  
#3 Posted : Thursday, October 29, 2020 12:59:36 PM(UTC)
Katie S

Rank: Advanced Member

Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 472

Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
Hello Ray,

Here is a direct link to the Merchant Guide which has a breakdown of the admin groups and page accessibility.

http://help.ablecommerce.../Admins/Admin_Groups.htm

If you have something specific you would like to see improved, then by all means make your suggestions. We generally like to have a more direct feature request, if you don't mind. About 99% of our development work revolves around requests by customers and bug reports. It's rare that we would change something that we thought was working fine. But still, I'm interested to know what we can improve.

Thank you,

Katie
Thanks for your support!

Katie
Secure eCommerce Software and Hosting
ray22901031  
#4 Posted : Thursday, October 29, 2020 1:04:24 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
Hi Katie,

The admin groups are extremely weak, take for example I need to have an admin group that only has to deal with orders and customers, but not give my users the ability to export, delete or modify products.

Not only is the existing system weak it is also full of bugs which gives the user the ability to do something which has been restricted. This has to do because of the HTML breadcrumb trails which they can now use to get into other parts of the system with they are not supposed to be in.

I can assure you if you look at other carts, what ablecommerce offers is very weak, I know this hasn't been touched in a while, and if this is something that you're open to I can definitely provide extreme details, but only if you're open to it.

Edited by user Thursday, October 29, 2020 1:05:03 PM(UTC)  | Reason: Not specified

Katie S  
#5 Posted : Thursday, October 29, 2020 1:48:28 PM(UTC)
Katie S

Rank: Advanced Member

Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 472

Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
I opened up a new issue report so we can investigate the breadcrumbs and retest the admin groups with respect to the features that are accessible. Once we have identified any bugs, then we'll have them fixed in the next version.

Thanks
Katie
Thanks for your support!

Katie
Secure eCommerce Software and Hosting
ray22901031  
#6 Posted : Thursday, October 29, 2020 1:53:56 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
I appreciate your response to this however it still does not solve the original issue. It looks like I'm going to have to hire a developer for this.

Just so you are aware how serious this is, why would you give anybody, except an owner, the ability to export orders, customers, or anything else, to be able to give it to a competitor if they are an upset employee.

What's even worse, they have the ability to modify and delete products, customers, and orders. This is not very good in the event your ever audited by either state or federal.

Again this is a very weak part of the system and I wish more serious attention was devoted to this particular area that hasn't been touched in years.

Many thanks for your input.
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.