I have set up a user with all rights except change/delete transactions. What is your opinion on the security of this? Does it later pose a problem if there is a posting error? How fail safe is this? It is my understanding that this user now is the same as Admin, just without the ability to change or delete transactions. Is this correct?
I agree with you that there is some danger in allowing your staff permission to change transactions at will.
However, I think that you have picked up on a downfall of limiting access as well. Every time they make a keying mistake, you or one of the other administrators will have to log in and correct it...if your staff member did not catch the mistake in a single session.
It is kind of weird that this restriction works this way. Your staff member can change or delete transactions at will that they created in a single session. Once the session is closed (They logged off) they will no longer be allowed to edit or delete transactions.
You probably noticed in setting up the user permissions that you can allow editing and deleting of transactions in the current period while simultaneously denying the staff member permission to edit or delete prior period information. I would definitely use this restriction...as you know the danger of editing prior periods.
Basically, I believe that you have it right. The user you have set up is essentially an administrator. There could be problem in correcting errors, but only after a session is closed. You may still find this to be a good restriction to protect your data.