Access Control

Field

Description

Resource Group

Indicates the Resource Group that needs associated with the selected Security Role.

Security Role ID

Indicates the Security Role to be associated with the selected Resource Group. Enter ANY in this field if all users should have access to all resources that belong to the selected Resource Group.

Organizational Security

The type of organization security associated with access to a resource with organizational chart of account codes. Valid values are:

• Foreign – Users can only perform the assigned actions on resources belonging to either their home security organization or to the specified foreign organizations.

• Home – Users can only perform the assigned actions resources belonging to their home security organization.

• None – Users can perform the assigned actions on all resources.

• Exclude Foreign – Users can perform the assigned actions on all resources, with the exception of those belonging to the specified foreign organizations.

Data Field Security

If field security has been set up, this check box must be checked in order for the system to verify the field security rules. If field security and this is un-checked, field security is ignored for this Security Role and Resource Group combination

UI Field Security

An indication that will activate UI Field Security for the given combination of resource group and security role.

Use Role’s Override Level

An indication to use the assigned override level for the user role instead of the override level assigned to the user. There is one exception: for users in the ADMN role, the override level from the User Information record is always used. To arrive at the Access Control record that grants the user the privilege to override, a User’s security roles, sorted by Precedence, along with Resource Group ID are used for lookup.

Approval Level 1 to 15

A series of check boxes to choose the approval levels for the selected combination of resource group and security role. Grant All and Remove All buttons serve as data entry tools.

Actions

An extensive group of check boxes are the actions that can be performed by the selected combination of resource group and security role. It is important to note that the Actions section contains actions that are allowed only for certain resource types, for example, “Page Open” is an action that is only applicable for a page/tab/widget resource. Grant All and Remove All buttons serve as data entry tools.

Note, there is no harm when an action that does not apply to an application resource within a resource group.

In a table that follows the related pages, are illustrations that indicate which actions are valid for the different application resource types. Note that very rarely would all of these actions be enabled for a resource type. These illustrations only indicate possible settings.

Special Notes:

• Indirect Authority – This action only applies to table records when that table is a child of a parent table where the parent has an Organizational Security Type value of Indirect. The Indirect Authority action must be authorized on at least one of the logical child records (in addition to the organizational security and field security checks).

• Scan is the only inquiry action because saves on inquiries are redirected to saves of the data objects that define the query object. Therefore, the underlying data objects secure all other actions.

Data entry is facilitated by Grant All and Remove All buttons.

Application Actions

These check boxes are an extensive list of the custom actions that should be granted for the resource group and security role combination. These actions are defined on the Transaction Custom Action Definition page and appear as check boxes on Access Control. When in doubt what an action represents, please see that definition page.

Application Actions appear on specific transactions and pages as buttons and actions available from various menu points. Most application actions only appear on a specific transaction or page. This means that these actions are not generic.

In order to understand what Application Actions to enable or disable, the administrator must know what transaction or page is assigned to the resource Group. In order to prevent a scenario where Application Actions are disabled by mistake, it is recommended that all be enabled by using the Grant All button. This makes configuration easier to maintain because the administrator would only need to disable an action (that is, clear the check box) when such scenarios have been identified.