0
Hello Team,
This is either a loop-hole or a design issue needing attention.
Issue: Invoice records marked as paid and in "read-only" mode - it is possible to re-open such records with a simple click-to-view the read only record.
How: a Business rule, defined to update the status reason (custom value or otherwise), gets triggered upon launch of the form (click to view the record), and even as the status reason updates, system automatically re-activates the record by updating the Status to 'Active' - possibly because there is a internal validation for permissible status reasons for a records to be in "Paid" (closed) status.
Problem / Expected behavior: A record classified as "Read Only" is NOT expected to be available for change -neither manually nor by any process or business rule - else the very function of 'Read Only' is void. Besides, in good accounting practices, Invoices are not meant to be edited, once settled - if there were an error, a reversing transaction is expected to be raised as correction. Leaving this behavior in its current shape and form can expose system to fraudulent manipulation of records - such as editing amount fields for invoices already deemed as settled and paid.
Suggestion: Once a record is 'Read Only' it must be protected from any further update - manual or process/ business rule based.
Regards,
Sudhir
This is either a loop-hole or a design issue needing attention.
Issue: Invoice records marked as paid and in "read-only" mode - it is possible to re-open such records with a simple click-to-view the read only record.
How: a Business rule, defined to update the status reason (custom value or otherwise), gets triggered upon launch of the form (click to view the record), and even as the status reason updates, system automatically re-activates the record by updating the Status to 'Active' - possibly because there is a internal validation for permissible status reasons for a records to be in "Paid" (closed) status.
Problem / Expected behavior: A record classified as "Read Only" is NOT expected to be available for change -neither manually nor by any process or business rule - else the very function of 'Read Only' is void. Besides, in good accounting practices, Invoices are not meant to be edited, once settled - if there were an error, a reversing transaction is expected to be raised as correction. Leaving this behavior in its current shape and form can expose system to fraudulent manipulation of records - such as editing amount fields for invoices already deemed as settled and paid.
Suggestion: Once a record is 'Read Only' it must be protected from any further update - manual or process/ business rule based.
Regards,
Sudhir
STATUS DETAILS
Needs Votes