BackgroundQBO offers an extranet security model that enforces row-level security based on
a user's relationship to a record. This security model is enforced with
{Extranet.*} clauses in statements.
This spec will check statements to
ensure they include {Extranet.*} clauses; statement that do not contain such a
clause may present a security risk by exposing inappropriate data to third
parties.
This ensures that users for Bank/LawFirm A cannot see information that belongs to Bank/LawFirm B, and vice versa.
If a statement does not include an {Extranet.*} clause, it should
be reviewed by a power user with extranet security training to ensure it does
not pose a risk. SpecificationVerifies that all Modules/Statements have {Extranet.*} clauses in place.
|