Tips on Using File Attachment Security for Quickbooks
Quickbooks has offered the ability to “store” a document within a set of books for a few years now, and for free since the 2012 release.
This allows users to have an attached invoice or receipts easily accessible from individual entries. However, there are some implications that IT administrators and accountants should be aware of that we haven’t seen discussed before.
The files aren’t stored inside the actual database for the set of books – this could cause the database to inflate to unmanageable levels! Such as slow opens, long backups, etc..
Instead, the files are stored outside of the individual books in a separate folder. A link is created within the Quickbooks file that points to that file, so that when it is accessed, Quickbooks uses the regular Windows “file open” to show the attached document on screen.
Historically, Quickbooks has created separate folders for each set of books in your main directory, but with the attached documents, a central folder is created (named “attach”) with subfolders underneath for each set of books.
For example, if you had a “quickbooks” main folder with Books1 and Books2 within, there will be an “attach” folder in the quickbooks folder with “Books1” and “Books2” subfolders for each.
These folders are created when the first document is attached, so there may not be a folder for every set of books.
There are two main implications for how the attached files operate that administrators should consider.
First, from Intuit’s FAQ on attached documents, (link – http://support.quickbooks.intuit.com/support/articles/INF12895) these files are not included as part of the in-program backups.
If your organization is using attached files and all you are doing is manual Quickbooks backups, you are potentially missing a good part of your data. The “attach” folder needs to be manually copied at the very least, if not added to an automated backup program (which we advocate for as a best practice).
Second, while the Intuit FAQ sates that “A user will only see the attachments for the Quickbooks items and transactions they have the permissions to see,” this is true only within Quickbooks.
Since Quickbooks is using the windows file system to store and present documents, ultimately the windows permissions come into play – Quickbooks does not have the ability to change permissions on these folders at this time.
If an administrator has granted access to a main quickbooks folder that separate books are stored within, the users will typically have access to everything within that “attach” folder.
So, even if you restrict access to the quickbooks file, the windows storage doesn’t know that and needs security set up separately for the attach folder.
Note: This would only come into play if a user were manually browsing file in Windows Explorer.
However it might be a valid security concern depending on the documents that were attached to a set of books, given that that original file name is kept and the viewer could quickly search based on that.
The solution for this would be to also set security permissions for the individual book sub-folders underneath the main “attach” folder in windows.