Missing User Reports
Have you ever generated a QuickBooks Audit Trail report and discovered that there are blanks in the field “Last modified by”, or in some version of QuickBooks the field contains something like “Unknown User”?
The headline figure of this article illustrates two different transaction journals for the same transaction, there is only one difference' in the top report the ‘Last modified by’ field contains the name “J D Smith” circled in Green, and in the bottom report the ‘Last modified field’ contains nothing, the name is missing, circled in Red.
So how could this happen, how could a report one minute show a name and the same report later show no name? Well, the Data Detective has seen plenty of these cases and has always found the exact same cause in every situation…..someone ‘deleted’ the User account from QuickBooks.
This is a fundamental mistake of the QuickBooks program, security structure and ‘audit trail’ features. It is also a common mistake that QuickBooks Administrators make. The ability to delete a ‘User Account’ is a critical problem from both a programatic and user standpoint, yet Intuit has not taken steps to correct this critical problem, nor even educate QB Administrators that they should not use the delete feature for User Accounts.
Think about it this way, if you create an Account in your chart of accounts and you ‘ever’ use that account, even once, QuickBooks does not permit you to ‘delete’ that account. You can make the account inactive but you can not delete it. Why is that? From a data integrity standpoint it would mean that all data which had used that account would suddenly have lost it’s account association and your financial records would be immediately out-of-balance. From a data security standpoint, the forensic integrity of the audit trail would be lost since references to the prior account would be non-existent.
QuickBooks takes this “can’t delete used list elements” approach with every major list in QuickBooks with the exception of the “User list”. For some odd reason QuickBooks allows Administrators to ‘delete’ a User from the User list and as a consequence ‘the database as a whole’. As a result data integrity is lost, every record formerly associated with a specific user is now associated with ‘nobody’, and from a forensic standpoint the value of an ‘audit trail’ which once contained references to which user did what, has been trashed. In a sense QuickBooks has lost the ‘chain of custody’ of the user-transactional foundation.
So what should you do if you should NOT delete users, and a user should no longer have access. Well I train my clients to perform the following:
- Remove all Security rights for that user, in Pro/Premier this means setting all permissions to No. In Enterprise it means removing all ‘roles’ from the user’s account.
- Now ‘change’ the User account password to something only the Administrator knows. In this way the User could not access the file even if they gained access to a log-in.
Accomplishing these 2 steps preserves the User account, and maintains the integrity of the data, and forensic-continuity of the Audit Trail. In addition it precludes your ever having to call out the Data Detective for a case of the ‘missing user’. Thus making this ‘solution’ elementary My Dear Watson.