Data Security in Tally Prime
Data Security overview in Tally PRIME
Account data is very sensitive. That’s why the Accounts Data Security is a very Important issue.
unauthorized person should not be able to view or access Data, copy or back up data from the computer.
Where many users are working and accessing the system, it is necessary to define the access rights of each user for secrecy and security, like, define who can see which report, operation on Data entry, edit or can delete, and other action rights
Unauthorised person should not be able to physically copy the data from the computer system and take it out or delete the data from the system. This issue is more Important in small organizations with single user systems, where security aspect is often lax and ignored. In large RDBMS based systems, a large database remains under the control of the system administrator.
Here we discuss about the data Security features available in Tally PRIME, and its limitations, and how the security features may be breached.
Physical Data Security in Tally PRIME
Tally’s Single User Silver Edition, normally system is used by small organisation, or the first user of Tally. The data of each company of Tally remains in a separate Tally Data folder, identified by a Company Data Serial Number. The Tally Data folder is visible to all. By copying it (eg in pen drive) its data can be seen in other computer where tally is installed. In single user version, you can set an administrative password for each company. However, the security features are too weak and a knowledgeable person can easily break it and change the Adminstrative password.
In multi user LAN, the physical security is a bit better, because LAN administrator can control data files. It is not easy to copy it physically or delete the data folder.
In Tally Server, very expensive and used by large organizations, Physical Data security of large ERP-like system is available.
User Access Security in Tally PRIME
Data Access Rights Security involves authorisation of User Rights, defining permissions and restriction of rights of each user, where multiple users are working with the system.
Tally offers quite flexible, yet complex methods to set up user rights and passwords at the granular level, for all data input and updation process, viewing of reports and other related control and administrative tasks.
In Tally, the process of setting up different rights to the users of different responsibilities according to their responsibility is quite complex. User does not easily understand the way to set up user right include / exclude options. To set up Security Rights, the Administrator will have to experiment a lot to ensure that the rights are set correctly.
The security features are focused mostly on viewing output reports, rather than on input data entry or updation. Often there are excessive control features on Reports, while very Important data entry /updation actions are ignored. For example, a user may be able to enter Invoice without order, or exceeding orders, create Invoice without Delivery Notes or Orders, controlling users actions at such granular level is often ignored, though such issues are very Important from business control point of view,
Documents published by Tally provides also do not provide adequate guidelines with real life examples and case study of setting such complex and minute security features in system.
Audit Trail in Tally ERP 9
Tally audit report shows user identity of each operation on Masters and Voucher data, like entry, edit or delete. However, Tally does not keep the original copy of Altered records in the system. The edited data is overwritten on the original data. So, original data is lost. For example, if the amount of ₹ 10000 in Voucher is changed to ₹ 15000, then it cannot be known what was the data before editing. Similarly, original deleted record is also no more traceable after deletion.
The original version of all edited and deleted records should be available to the Auditor / Owner so that if there is any wrongdoing, it can be checked completely and Accounts records can be rectified properly.
As per government directive on Audit Log in 2022, some optional audit log features are introduced, in recent release of Tally. However, implementation of such features was deferred soon after introduction of Audit log features.
Breaking Password of Tally PRIME
We have explained the feature of username creation in Tally, for data security. Having set the Administrator User Name & password, and created User names and Password ), Tally Company cannot be opened without entering the correct username password combination.
However, through apparently, this system seems to provide data security that an unauthorized person cannot view or update (modify / delete / enter) masters or transactions, this security features seems to prevent only lay users, who are not technically proficient. An experienced person may Breach the User Password .
Tally creates various control files where Tally software is installed. User created data for each Company is stored in data folders with Company Numbers. Such data may not be understand by laymen, but a person with technical knowledge can easily interpret, change contents or replace the data files with manipulated contents.
Tally stores the key control info (including Password) in these files. So, the password security features are quite weak, which may be easily manipulated. In the Internet, you will find many documents / videos how Tally password can be removed / modified.