The purpose of this idea is to outline a security flaw that precludes resellers from setting up Supervisor permissions accurately and needs to be addressed ASAP given how important and imperative proper security restrictions are to any software.
The way the security permissions are designed in TimeWorksPlus, there are four operators you can use to set conditions for Supervisor permissions:
EXAMPLE
=======
Take the following set of Supervisor permissions into account:
Location = "Store 1" AND
Department = "Grocery" or
Department = "Cashier" or
Department = "Deli" OR
Location = "Store 2" AND
Department = "Grocery" or
Department = "Cashier" or
Department = "Deli" (done)
This setup yields the following employees that should be visible to this Supervisor:
(1) Any employee working in Location "Store 1" whose Department is either "Grocery," "Cashier," or "Deli."
(2) Any employee working in Location "Store 2" whose Department is either "Grocery," "Cashier." or "Deli."
However, right now due to the fact that these permissions aren't functioning correctly, both "AND" and "and" are being treated as "and" and both "OR" and "or" are being treated as "or." This renders the ability to create meaningful Supervisor permissions that update themselves impossible.
Because of the bug, TimeWorksPlus is actually looking for this condition to be true, which it could never possibly be, so no employees are visible to the Supervisor:
Any employee who has both Location "Store 1" and "Store 2" concurrently on file (impossible) whose Department is either "Grocery," "Cashier," or "Deli" in "Store 1" and whose Department is either "Grocery," "Cashier," or "Deli" in "Store 2."
An employee can't be coded to more than one location at a time as the field only allows for one value. so the AND/and defect makes this otherwise simple Superrvisor setup an impossibility.
The way the Supervisor permissions function currently contradict the guidance in SwipeClock's own KB and potentiate the opportunity for the already sparse permissioning the system offers to be even more restrictive and potentially cause the client (or prospect) reason to lose confidence in the system's overall capabilities if it can't even permission a Supervisor correctly. Thank you!