Administration > Security > Roles > Role Access Control Maintenance

Role Access Control Maintenance

You use the Role Access Control Maintenance program to define access to key fields such as Banks, Accounts Payable branches, Accounts Receivable branches, Warehouses, etc., for specific roles.

These settings are applied to the operators assigned to the role. This enables you to restrict operator access to specific warehouses, branches, banks, etc.

You access the Role Access Control Maintenance program by selecting the Browse icon at the Access control option in the Role Management program.

If you do not use roles, then these access restrictions can be assigned to individual operators (see Operator Maintenance).

Role Access Control Maintenance

Field Description
Configuration  
Copy From Another Configuration Select this to copy the Access control settings from another operator or another role to the currently displayed role (see Copy Selected Configuration).
Save Select this icon to save the details you entered or changed.
Save and Close Select this icon to save the details you entered or changed and to return to the previous screen.
Role Indicate the role for which you want to maintain access control settings.
Organogram Select this to use the Organogram program to view and manipulate the hierarchy of roles (organorgam) for your organization.

Copy Selected Configuration

This screen is displayed when you select the Copy From Another Configuration option from the Configuration menu.

This enables you to copy the Access control settings from another operator or from another operator role to the currently displayed role.

If you selected the option: Access control by company within role (Role Management - Global Configuration), then you can copy the Access control settings from a role in a different SYSPRO company.

Field Description
Copy Configuration Select this to copy the Access control settings for the operator or role currently highlighted in the listview to the currently displayed role.

When you select this option, you are prompted to confirm the copy. When you confirm the copy, the current program Access control settings for the role/operator are replaced by the Access control configuration for the role you highlighted in the listview.

Close Select this to return to the previous screen.
Type Access control can be defined by operator (Operator Maintenance) or by operator role (Role Access Control Maintenance). This indicates whether the code displayed in the listview is an operator or an operator role.
Code This indicates the code of the operator or operator role.
Company This indicates the code of the SYSPRO company in which the role exists.

This is only displayed if you selected the option: Access control by company within role (Role Management - Global Configuration).

Where this column is blank, it indicates that the role is defined in the current company.

Name This indicates the description defined against the operator or the operator role.

Access Control

Field Description
Access control This column displays the key fields for which you can configure operator role access.
Warehouse Select this to configure the level of warehouse access for the role.
[Note]

The Warehouse to use field on the inventory record is not validated for security purposes.

AR Branch Select this to configure the level of Accounts Receivable branch information access for the role.

The access level defined here also applies to customer and account information within the SYSPRO Contact Management System.

If you are editing your own A/R branch restrictions, you are only able to select those branches to which you have access.

AP Branch Select this to configure the level of Accounts Payable branch information access for the role.

The access level defined here also applies to supplier information within the SYSPRO Contact Management System.

[Note]

No filtering/validation is performed on supplier codes on stock records (e.g. the supplier code stored on the stock record is not used to validate the A/P branch on the supplier record), or on any stock report where the supplier code is used.

Bank Select this to configure the level of Bank information access for the role.
[Note]

Filtering of transactions will be based on the bank field as stored on the transaction only, and only if the Filter on reports and browses option has been selected.

Job Classification Select this to configure the level of access the operator(s) in the role will be given to jobs, based on the job classification.
[Note]

The facility to restrict access to jobs based on the job classification does not apply to jobs where the job classification is blank.

You can force the entry of a job classification when capturing a job. This is achieved by selecting the WIP Setup option: Job classification required.

The following restrictions apply to operators belonging to a role which is denied access to a job classification:

  • they cannot add, maintain or cancel jobs assigned that classification
  • they cannot change or cancel order lines attached to jobs assigned that classification
  • they cannot cancel orders for jobs assigned that classification.
  • they cannot attach hierarchical order lines to jobs assigned that classification.
Account type Select this to configure access control to specific account types within the Contact Management System.

All programs and business objects that access Contact Management account types will honor these access security privileges.

When defining a list of account types, you can configure a maximum of 20 account types to be allowed/disallowed per role.

[Note]

Denying an operator access to an Account type prevents the operator from accessing that Account type. However, the security does not cascade down from the Account security. This means that the operator can still access Contact information for an Account. For example when using the search facility in Contact Management Query, the contacts for the denied Account will be listed.

One reason is that a contact can be linked to multiple Accounts, Customers and Suppliers. In this case the access control for the organization is handled by Customer, Supplier and Account and the access control against a Contact is handled at the Contact level.

If you want to restrict operators from viewing contacts for an account, you should use one or more of the Contact security settings (e.g. Contact property, classification, type, category or territory) to prevent access to the Contact information.

Contact property Select this to configure access control to specific contact properties within the Contact Management System.

All programs and business objects that access Contact Management contact properties will honor these access security privileges.

When defining a list of account types, you can configure a maximum of 20 account types to be allowed/disallowed per role.

Contact classification Select this to configure access control to specific contact classes within the Contact Management System.

All programs and business objects that access Contact Management contact classes will honor these access security privileges.

When defining a list of account types, you can configure a maximum of 20 contact classes to be allowed/disallowed per role.

Contact type Select this to configure access control to specific contact types within the Contact Management System.

All programs and business objects that access Contact Management contact types will honor these access security privileges.

When defining a list of account types, you can configure a maximum of 20 contact types to be allowed/disallowed per role.

Contact category Select this to configure access control to specific contact categories within the Contact Management System.

All programs and business objects that access Contact Management contact categories will honor these access security privileges.

When defining a list of account types, you can configure a maximum of 20 contact categories to be allowed/disallowed per role.

Contact territory Select this to configure access control to specific contact territories within the Contact Management System.

All programs and business objects that access Contact Management contact territories will honor these access security privileges.

When defining a list of account types, you can configure a maximum of 20 contact territories to be allowed/disallowed per role.

Access type This indicates the level of access granted to the role for the key field.
All Select this to grant the role access to all values for the key field.
None Select this to deny the role access to all values for the key field.
Allowed List Select this to define a list of values for the key field to which the role has access.
Denied List Select this to define a list of values for the key field to which the role does not have access.
List  
Configure List Select this to define the list of values for the key field to which the role has access or is denied access. This option is only enabled if you selected the option Allowed List or Denied List at the Access type field.
Filter reports and browses Select this if you want to prevent the role from viewing the data for the key field in browses or reports.
[Note]
  • No filtering/validation is performed on supplier codes on stock records (e.g. the supplier code stored on the stock record is not used to validate the Accounts Payable branch on the supplier record), or on any stock report where the supplier code is used.

  • Filtering of transactions are based on the bank field as stored on the transaction only, and only if the Filter on reports and browses option is selected.

Role Security Access

The Configure List option for a key field enables you to define the list of values for the key field to which the operator role has access or is denied access.

You can sort the displayed values in the Available List and Denied List listviews according to any column within the listview by positioning the mouse pointer on the heading of the column you want to sort and clicking the primary mouse button (e.g. typically the left mouse button). In addition, you can toggle the listview to sort the data in ascending or descending sequence by merely clicking the mouse pointer in the heading column.

Field Description
File  
Accept and Close Select this to accept the changes you made and to return to the previous screen. You need to select the Save function to save the changes against the role you are maintaining.
Cancel Any Changes Select this to ignore any changes you made and to return to the previous screen.
Available List This list indicates the key field values to which the role currently has access.
Assign Selected Select this to move the currently highlighted key field values in the Available List to the Denied List for the role.

Once you have saved this setting, the role will be denied access to these key field values.

Assign All Select this to move all key field values in the Available List to the Denied List.

Once you have saved this setting, the role will be denied access to all key field values.

Denied List This list indicates the key field values to which the role currently does not have access.
Remove Selected Select this to move the currently highlighted key field values in the Denied List to the Available List for the operator.

Once you have saved this setting, the role will be allowed access to these key field values.

Remove All Select this to move all key field values in the Denied List to the Available List for the role.

Once you have saved this setting, the role will be allowed access to all these key field values.

Access Control Options Using the Mouse Pointer

When you highlight a line in the Access Control listview and typically click your right mouse button, the following option is displayed:

Field Description
Copy To Other Roles Select this to use the Role Management Global Changes program to copy the currently highlighted access control configuration(s) from the current role to other roles.
[Note]

The highlighted access control setting for the currently displayed role is copied to the selected roles from the Role Management Global Changes program only if those roles do not have access set to All for the selected setting.

For example:

Role X currently has access to All warehouses.

Role Z has access to Warehouses N, S,and E only.

If you copy the Warehouse access control settings from Role Z to Roles X, then no changes are made to Role X (i.e. Role X will still have access to All warehouses).

In other words, any role that has an access setting configured as All will not be overwritten by copying that setting from another role.