New Privilege Control for Add Master Profile

Posted 6 months ago by Helpdesksupport

Post a topic
Deferred
H
Helpdesksupport

We are proposing an update to the privilege control system to introduce a new or extended privilege for the “Add Master Profile” functionality. This update is necessary to address several critical security risks, including:

  • Unauthorized changes to guest data

  • Potential for fraudulent billing manipulation

  • Missing or inaccurate audit trails

Current Issues Observed:

  • Users are able to modify the master guest profile even if they don’t have the “Change Guest Profile” privilege assigned, leading to unauthorized updates.

  • When selecting Add Master Profile during booking, users can input new details, and the Save button becomes enabled, even without the necessary privilege.

  • Clicking Save does not create a new profile; instead, it overwrites the existing master guest profile.

  • The audit trail incorrectly logs the action as Add Guest Profile as a New Guest Added, without showing the details of the old or new guest.

1 Votes


1 Comments

C

Community Lead posted 18 days ago Admin

Hello,

Thank you for sharing this detailed suggestion and highlighting the potential security and audit concerns.


We truly appreciate the effort taken to explain the scenario and the impact around guest data integrity, billing accuracy, and audit trail consistency.


We have reviewed the request regarding enhancement to the “Add Master Profile” privilege control and understand the importance of strengthening access control and improving audit transparency.


At this moment, we do not have immediate plans to implement this change. However, we have noted your feedback and shared it with our Product team for future evaluation as part of our ongoing security and permission framework enhancements.


If this enhancement is taken up in future releases, we will certainly keep you updated through the community.


Thank you once again for your valuable input and for helping us improve the platform.


Kind regards,
YCS Community Lead

0 Votes

Login to post a comment