Users - Implementation
Prerequisite
Activity codes
The following activity codes (sorted by type) may have an impact on the way the function operates :
Dependent activity codes
These codes are never entered in folder management, because their value is calculated :
FHRPA (Presence of HCM or HRA), PBDPO (Payment balance declaration).
Functional
ABI : Business intelligence
AD5 : Federal ID code
ARCH : Archiving
AYT : Safe X3 WAS
CPT : Accounting folder
EDIX3 : Paperless document exchange
EORI : EORI identification
LEG : Multi-legislation management
PJM : Project management
REX : REX Customs System
VII : International transfers
WRH : Warehouse management
Sizing
ANA : No. of analytical dimensions
AUB : No. of roles per user
BPA : Number of BP addresses
PJMGR : PJM grids
Localization
KFR : French localization
KSW : Swiss localization
KUS : Localization USA
General parameters
The following general parameters may change the way the function is working :
Supervisor
ADMUSR (defined at level Folder) : Super user
AUZFCT (defined at level User) : Model of authorized profiles
Authorizations
This function is object managed. The creation, modification, anddeletion operations can be activated or deactivated for a given user.Filters by rolescan also be associated with this function.
A filter by access code is performed, based on the field named ACSUSR. If an acess code is given, the inquiry and modification rights are granted according tothe reading and writing rights associated with the code of the current user in their function profile.
The following options can be activated or deactivated for each user :
Modify access codes
Password cancellation
Authorizations and safety rules
Tables to be completed
The following tables are used by the function. Their content must be updated if necessary :
Table | Table description |
|---|---|
APROFIL [APF] | User profile |
AFCTFCT [AFT] | |
AMENUSER [AMU] | User profile menu |
APRINTER [AIM] |
Local menus
The following parameterizable local menus are used by the function. Their content must be updated if necessary :
Local menu number 22 : Printer Type
Local menu number 50 : Manager Type
Miscellaneous prerequisite
A user having the profile defined by the ADMUSR parameter (ADMIN by default) is an administrator, that is to say that they have all the access rights, and in particular those without restrictions to user records.
User management is a function controlled by user authorizations, but it can be delegated to users other than an administrator, on the condition that the following precautions are complied with :
- It is possible to allow these users to only modify an existing record and not create one, or on the contrary to only authorize the creation of new users without having the possibility to modify existing records.
- It is possible - and advisable - to not check the box All access codes for these users, and also to prohibit the right to the modification of the information linked to the management of access codes (this is the A option associated with the user management). This does not stop the ability to create users with specific access rules, because it is possible to define default values for these rules in the management of the function profile.
- It is possible - and advisable - to define (using the AUZFCT parameter in the SUP chapter) the restrictive templates in function profiles for the records that this user has the right to view and to modify. Thus, if DIV* is entered in the field, only the display, creation or modification of a user having a function profile starting with DIV is authorized. This restriction only makes sense of course if in addition, the user has not got access to the profile function (if not, the user could modify the privileges associated with the management of all profiles, including those that he/she has the right to apply to the users).
- It is possible to only authorize a user to enter users not having the right to connect (the right to connect being given by another user after checking, triggered for example by Workflow following the creation of the user). This is achieved by defining an access code and applying it to the USRCONNECT field in the AUS1 screen. In this way, only the persons having access to this access code in modification mode can authorize a user to connect to the system.
- When there is no user, the modification of the parameters associated with the users is limited : only those parameters that the user him/herself has the right to modify can be modified, if they have access to the personalization function in the exploitation menu. Thus it is recommended that a user having the right to create new users be able to give the correct parameter values and define the suitable default values at folder level. If this is not possible, the simplest way is to require that the user only proceeds using creation by duplication, from users that already exist.
Tables used
The following tables are implemented by the function :
Table | Table description |
|---|---|
ABANK [ABN] | |
ABLOB [ABB] | Special folders |
ACCCOD [ACS] | |
ACCES [ACC] | Access by user |
ADOPAR [ADP] | |
ADOVAL [ADW] | Parameter values |
ADOVALAUS [ADU] | User parameter values |
ADOVALGRP [ADG] | |
AFCTFCT [AFT] | |
AOBJET [AOB] | |
APRINTER [AIM] | |
AROLE [ARL] | |
ATABDIV [ADI] | |
ATABZON [ATZ] | Field dictionary |
ATEXTE [ATX] | Dictionary messages |
ATEXTRA [AXX] | Texts to translate |
ATYPE [ATY] | |
AUSRBPR [AUB] | BP users |
AUTILIS [AUS] | Users |
AWRKPAR [AWA] | |
BID [BID] | Bank ID statement |
BPADDRESS [BPA] | Addresses |
POSCOD [POS] | |
TABCOUNTRY [TCY] |
This function updates tables shared by all the folders, located in the supervisor. These tables are the following :
Table | Table description |
|---|---|
ADOSSIER [ADS] |