Permissions Spec


QBO offers an extranet security model that enforces row-level security based on a user's relationship to a record. This security model is enforced with {Extranet.*} clauses in statements.

This spec will check statements to ensure they include {Extranet.*} clauses; statement that do not contain such a clause may present a security risk by exposing inappropriate data to third parties.

This ensures that users for Bank/LawFirm A cannot see information that belongs to Bank/LawFirm B, and vice versa.
If a statement does not include an {Extranet.*} clause, it should be reviewed by a power user with extranet security training to ensure it does not pose a risk.


Verifies that all Modules/Statements have {Extranet.*} clauses in place.