Setup > Users > Users > Users - Implementation 

Prerequisite

Activity codes

The following activity codes (sorted by type) may have an impact on the way the function operates :

Dependent activity codes

These codes are never entered in folder management, because their value is calculated :

 FHRPA (Presence of HCM or HRA), PBDPO (Payment balance declaration).

Functional

 ABI : Business intelligence

 AD5 : Federal ID code

 ARCH : Archiving

 AYT : Safe X3 WAS

 CPT : Accounting folder

 EDIX3 : Paperless document exchange

 EORI : EORI identification

 LEG : Multi-legislation management

 PJM : Project management

 REX : REX Customs System

 VII : International transfers

 WRH : Warehouse management

Sizing

 ANA : No. of analytical dimensions

 AUB : No. of roles per user

 BPA : Number of BP addresses

 PJMGR : PJM grids

Localization

 KFR : French localization

 KSW : Swiss localization

 KUS : Localization USA

General parameters

The following general parameters may change the way the function is working :

Supervisor

 ADMUSR (defined at level Folder) : Super user

 AUZFCT (defined at level User) : Model of authorized profiles

Authorizations

This function is object managed. The creation, modification, anddeletion operations can be activated or deactivated for a given user.Filters by rolescan also be associated with this function.

A filter by access code is performed, based on the field named ACSUSR. If an acess code is given, the inquiry and modification rights are granted according tothe reading and writing rights associated with the code of the current user in their function profile.

The following options can be activated or deactivated for each user :

 Modify access codes

 Password cancellation

Authorizations and safety rules

Tables to be completed

The following tables are used by the function. Their content must be updated if necessary :

Table

Table description

APROFIL [APF]

User profile

AFCTFCT [AFT]

User function profile

AMENUSER [AMU]

User profile menu

APRINTER [AIM]

Destinations

Local menus

The following parameterizable local menus are used by the function. Their content must be updated if necessary :

 Local menu number 22 : Printer Type

 Local menu number 50 : Manager Type

Miscellaneous prerequisite

A user having the profile defined by the ADMUSR parameter (ADMIN by default) is an administrator, that is to say that they have all the access rights, and in particular those without restrictions to user records.

User management is a function controlled by user authorizations, but it can be delegated to users other than an administrator, on the condition that the following precautions are complied with :

  • It is possible to allow these users to only modify an existing record and not create one, or on the contrary to only authorize the creation of new users without having the possibility to modify existing records.
  • It is possible - and advisable - to not check the box All access codes for these users, and also to prohibit the right to the modification of the information linked to the management of access codes (this is the A option associated with the user management). This does not stop the ability to create users with specific access rules, because it is possible to define default values for these rules in the management of the function profile.
  • It is possible - and advisable - to define (using the AUZFCT parameter in the SUP chapter) the restrictive templates in function profiles for the records that this user has the right to view and to modify. Thus, if DIV* is entered in the field, only the display, creation or modification of a user having a function profile starting with DIV is authorized. This restriction only makes sense of course if in addition, the user has not got access to the profile function (if not, the user could modify the privileges associated with the management of all profiles, including those that he/she has the right to apply to the users).
  • It is possible to only authorize a user to enter users not having the right to connect (the right to connect being given by another user after checking, triggered for example by Workflow following the creation of the user). This is achieved by defining an access code and applying it to the USRCONNECT field in the AUS1 screen. In this way, only the persons having access to this access code in modification mode can authorize a user to connect to the system.
  • When there is no user, the modification of the parameters associated with the users is limited : only those parameters that the user him/herself has the right to modify can be modified, if they have access to the personalization function in the exploitation menu. Thus it is recommended that a user having the right to create new users be able to give the correct parameter values and define the suitable default values at folder level. If this is not possible, the simplest way is to require that the user only proceeds using creation by duplication, from users that already exist.

Tables used

The following tables are implemented by the function :

Table

Table description

ABANK [ABN]

Bank sort codes

ABLOB [ABB]

Special folders

ACCCOD [ACS]

Access codes

ACCES [ACC]

Access by user

ADOPAR [ADP]

Parameters

ADOVAL [ADW]

Parameter values

ADOVALAUS [ADU]

User parameter values

ADOVALGRP [ADG]

Sets of values

AFCTFCT [AFT]

User function profile

AOBJET [AOB]

Basic objects

APRINTER [AIM]

Destinations

AROLE [ARL]

Row level permissions

ATABDIV [ADI]

Miscellaneous tables

ATABZON [ATZ]

Field dictionary

ATEXTE [ATX]

Dictionary messages

ATEXTRA [AXX]

Texts to translate

ATYPE [ATY]

Data types

AUSRBPR [AUB]

BP users

AUTILIS [AUS]

Users

AWRKPAR [AWA]

Workflow rules

BID [BID]

Bank ID statement

BPADDRESS [BPA]

Addresses

POSCOD [POS]

Postal codes

TABCOUNTRY [TCY]

Country table

This function updates tables shared by all the folders, located in the supervisor. These tables are the following :

Table

Table description

ADOSSIER [ADS]

Folder table