Access Control

The Access Control (SCRACS) page provides the mapping of resource groups to security roles, and to define the allowed actions. Apart from defining authorized actions, it also allows the setup organizational and field security for a role/resource group combination. If field security has been set up, the Data Field Security Indicator check box must be checked in order for the system to verify the field security rules.

Field InformationField Information

Field

Description

Resource Group

Indicates the Resource Group that needs associated with the selected Security Role.

Security Role ID

Indicates the Security Role to be associated with the selected Resource Group. Enter ANY in this field if all users should have access to all resources that belong to the selected Resource Group.

Organizational Security

The type of organization security associated with access to a resource with organizational chart of account codes. Valid values are:

  • Foreign – Users can only perform the assigned actions on resources belonging to either their home security organization or to the specified foreign organizations.

  • Home – Users can only perform the assigned actions resources belonging to their home security organization.

  • None – Users can perform the assigned actions on all resources.

  • Exclude Foreign – Users can perform the assigned actions on all resources, with the exception of those belonging to the specified foreign organizations.

Data Field Security

If field security has been set up, this check box must be checked in order for the system to verify the field security rules. If field security and this is un-checked, field security is ignored for this Security Role and Resource Group combination

UI Field Security

An indication that will activate UI Field Security for the given combination of resource group and security role.

Use Role’s Override Level

An indication to use the assigned override level for the user role instead of the override level assigned to the user. There is one exception: for users in the ADMN role, the override level from the User Information record is always used. To arrive at the Access Control record that grants the user the privilege to override, a User’s security roles, sorted by Precedence, along with Resource Group ID are used for lookup.

Approval Level 1 to 15

A series of check boxes to choose the approval levels for the selected combination of resource group and security role. Grant All and Remove All buttons serve as data entry tools.

Actions

An extensive group of check boxes are the actions that can be performed by the selected combination of resource group and security role. It is important to note that the Actions section contains actions that are allowed only for certain resource types, for example, “Page Open” is an action that is only applicable for a page/tab/widget resource. Grant All and Remove All buttons serve as data entry tools.

Note, there is no harm when an action that does not apply to an application resource within a resource group.

In a table that follows the related pages, are illustrations that indicate which actions are valid for the different application resource types. Note that very rarely would all of these actions be enabled for a resource type. These illustrations only indicate possible settings.

Special Notes:

  • Indirect Authority – This action only applies to table records when that table is a child of a parent table where the parent has an Organizational Security Type value of Indirect. The Indirect Authority action must be authorized on at least one of the logical child records (in addition to the organizational security and field security checks).

  • Scan is the only inquiry action because saves on inquiries are redirected to saves of the data objects that define the query object. Therefore, the underlying data objects secure all other actions.

Data entry is facilitated by Grant All and Remove All buttons.

Application Actions

These check boxes are an extensive list of the custom actions that should be granted for the resource group and security role combination. These actions are defined on the Transaction Custom Action Definition page and appear as check boxes on Access Control. When in doubt what an action represents, please see that definition page.

Application Actions appear on specific transactions and pages as buttons and actions available from various menu points. Most application actions only appear on a specific transaction or page. This means that these actions are not generic.

In order to understand what Application Actions to enable or disable, the administrator must know what transaction or page is assigned to the resource Group. In order to prevent a scenario where Application Actions are disabled by mistake, it is recommended that all be enabled by using the Grant All button. This makes configuration easier to maintain because the administrator would only need to disable an action (that is, clear the check box) when such scenarios have been identified.

Related PagesRelated Pages

Below is a table that relates each action to the system resource(s) that it can apply.

Action

Type

Transaction

Page /Tab /Widget

Reference Table / Inquiry

Batch Job

Schedule

Yes

Yes

Deactivate

Yes

Activate

Yes

Archive

Yes

Archive History

Yes

Unarchive

Yes

Unarchive Preview

Yes

Open

Yes

Save

Yes

Yes

Yes

Edit

Yes

Yes

Insert Line

Yes

Yes

Delete Line

Yes

Yes

Attach

Yes

Yes

Yes

New

Yes

Copy

Yes

Discard

Yes

Yes

Validate

Yes

Submit

Yes

Yes

Import

Yes

Export

Yes

Print

Yes

Scan

Yes

Approve

Yes

Yes

Reject

Yes

Unapprove

Yes

Reassign

Yes

Send Message

Yes

Reject All

Yes

Recall

Yes

Bypass Approvals

Yes

Mark for Processing

Yes

Hold Transaction

Yes

Apply Overrides

Yes

Remove Overrides

Yes

Page Open

Yes

Indirect Authority

Yes

Delete Att. View Att

Yes

Add Comments

Yes

Download Transaction

Yes

Kill Job

Yes

Restart Job

Yes

View Completed Jobs

Yes

View Pending Jobs

Yes

View Others' Jobs

Yes

View Job Log

Yes

View Job Report

Yes

Verify Job Running

Yes

Change Worklist Priority

Yes

Bypass Prior Approvals

Yes

Collaborate

Yes

Recall from Workflow

Yes

Administer Alerts

Yes