Why can a security group see transactions with donation strategies outside of their permissions?

There are some instances where multiple security rights (sticky codes) can be marked on a transaction, both on the transaction itself and on a donation strategy such as a Fund, Campaign, or Approach.
Normally, the user in Group A would not be able to see any transactions with a Fund that doesn't belong to their security group. However, since an admin user created a scenario where there is a mixture of security rights on a single transaction, this makes the transaction-level security trump all other security rights (such as the Fund).

Depending on the end goal of the situation, there are a couple resolutions:
  1. If Group A should have access to see and add transactions with that Fund, the Group A security right should be added to the Fund's settings.
  2. If Group A should not have access to see that transaction, the transaction-level security should be changed to match the Fund's security rights.

Steps to Duplicate

  1. The Fund "New Building" has a security right setting for Group B.
  2. A user in Group A should only see transactions marked with that security right.Therefore, they cannot create new transactions or query on the Fund "New Building" since it's outside of their security.
  3. An admin user creates a transaction that is coded for Group A but chooses the Fund "New Building" They can do this because admins can see all items regardless of their security rights.
  4. The user in Group A can see the transaction.

Was this article helpful?