rickbarrette
commented
7 years ago You make very good points. These are issues that I didn't even think about due to only having the single employee at the time of writing this. This will also be added to the todo list
Given the sensitive nature of the content accessed via the plugin, the current permissions schema creates a significant attack surface since non-administrative users and adjacent clients can view all clients QB data (including outside their project scope since there's no mapping yet between projects and clients), their billing, and even create information to push upstream into QBO. Compromise of a single redmine account can turn into an accounting headache pretty quickly.
Propose defining roles and permissions configuration as done by other plugins to require white-listing groups or users to have access to the functionality delineated in read and write access per function, as well as scoping clients to project trees in order to prevent cross-client information leakage. Administrative users or a global accounting group could be configured for access to all things QBO.