User : Each user can be connected to one or more security roles.
Roles:The content of a role is what defines access in the application for the user. Each role contains duties.
Duty:This is a container for set of tasks that the role can execute and each duty consists of privileges.
Privileges:Each privilege is the container for a set of menu items. The exact access level
(no access, read, update, create, correct, delete) is configuration on each menu item for each privilege
and this configuration determines the actual access given to the role and its user.
Menu:- menu items, the privileges and security roles can also contain access to forms, tables and entities.
Create New Role :- 1. Role – 2. Duty – 3. Privilege -- 4. Menu
Privileges and Duties shows the access level granted:
Create/ Edit / Update – Refer to access that allows edit and creation of new records.
View / Inquire – Refer to view access granted (No Edit Rights).
Process – Refers to the functions in periodic area of each module.
Maintain – Refers to access that allows edit, creation of new records as well as deletion of records.
Generate – Refers for reports / inquiries area – allows generation of reports or inquiries.
Create Role
Go to System administration > security > security configuration > roles: click Create new. Type in the name of the role and click OK.
Create Duty
Go to System administration > security > security configuration > roles > select your role where you want to add a new duty > click Duties > create new and add reference.
Create Privilege
Go to System administration > security > security configuration > roles
> select the role you want to add the privilege in > select the duty you want to add the privilege in > click Create new and add reference.
Select your privilege > click on the references to add the relevant reference (for example display menu items) > click add references > select the menu item and the specific properties it should have.
Access Level :- Unset, Grant, and Deny.
Grant :- Grant means that the user has the ability to this access level for this object.
Deny :- Deny means that the user is explicitly being denied this access.
Unset :- Unset means you are not granting nor denying access to the object.
so if another role, duty, or privilege grants access to the object then the user will have access.
Note :- Deny access type overrides any Grants assigned to the user for this object from any role, duty, or privilege.
Publish Roles and Duty
Go to: System administration > security > security configuration > Unpublished objects
Select the security changes you want to publish and click ‘Publish selection’ or click on publish all.
Assign Roles to User
After create roles you can add to user to check how's it is working.
Go to: System administration > Users>Users select the user which you want to assign role
No comments:
Post a Comment