Users can merge agent records without contact information permission

Description

Users are able to merge two agent records without permissions to the entire agent record, causing data loss issues. I was merging two agent records with links to two different repositories. I did not have the permission set to view contact information in one of the repositories so deleted that contact information accidentally when I merged the two records because it didn't display on the merge screen or the preview screen.

Environment

None

Activity

Show:
Christine Di Bella
September 10, 2020, 6:02 PM

Merging agents is already a distinct permission and, like viewing contact details, can be added or removed from the permissions for a user/permission group. A system administrator or other person responsible for managing permissions should work with you to determine under what conditions a user should have one or both of those permissions.

Elizabeth Roke
September 10, 2020, 8:03 PM

Understood. My concern is that it is possible to merge an agent without having the permission to see contact information. If a user with the merge agent permission merges two entities with a contact detail permission in one repository but not the other, there is a possibility that data can/will be overwritten accidentally. I am suggesting that having these permissions function separately from each other may lead to data loss and perhaps should be tied together…i.e. merge permissions should require contact detail permissions since a merge permission necessarily has to edit/touch the contact details.

Assignee

Unassigned

Reporter

Elizabeth Roke

Priority

Minor
Configure