Access rights

In Sage X3 version V12, the access rights are still depending on the function code. In the function dictionary description, the rights can be optionally dependent on the company or the site. The context class supplies a set of methods that handles the access rights in a dedicated context cache.

1. User rights setup

The function profile of each X3 user specifies for every function code whether rights are granted or restricted to some companies or sites. For "object" typed functions, the rights allowed can be: read, write, update, and delete access. A dedicated right can also allow deactivating a record (when a field called ENAFLG is present).

Additionally, rights can be granted on access codes. These access codes are defined in a dictionary, and a user can be granted: read, write, and execution rights on the resources handled by these access codes.

2. Resources to control the rights

Dedicated methods are available in the context to return the access rights granted to the user in different cases:

2.1 Access to function for companies or sites

Different methods are available in ACTX to access to the information related to rights. In every method, the current instance (usually this) must be set as a parameter. If AFLGERR is set to [V]CST_ATRUE, the error class of this is set with the right error. If [V]CST_AFALSE is used, the method returns the value [V]CST_AERROR as error code but does not fill the error class of this.

functionParametersDescription
AGETAFCRIGHT(this,AFUNCTION,AFLGERR)returns if the function is authorized at least on a site or company (can be used for functions that don't have habilitations per company or site).
AGETAFCRIGHTFCY(this,AFONCTION,ACODFCY,AFLGERR)returns if the function is authorized for the given site. It can be used for functions that have global authorizations with an empty site code.
AGETAFCRIGHTCPY(this,AFONCTION,ACODCPY,AFLGERR)returns if the function is authorized for the given company.
AGETAFCRIGHTC(this,AFONCTION,ACODFCY,AFLGERR)on an object-type function, returns if the creation is authorized for the given site. It can be used for functions that have global authorizations with an empty site code.
AGETAFCRIGHTR(this,AFONCTION,ACODFCY,AFLGERR)on an object-type function, returns if the read operation is authorized for the given site. It can be used for functions that have global authorizations with an empty site code.
AGETAFCRIGHTU(this,AFONCTION,ACODFCY,AFLGERR)on an object-type function, returns if the update operation is authorized for the given site. It can be used for functions that have global authorizations with an empty site code.
AGETAFCRIGHTD(this,AFONCTION,ACODFCY,AFLGERR)on an object-type function, returns if the deletion is authorized for the given site. It can be used for functions that have global authorizations with an empty site code.
AGETAFCRIGHTN(this,AFONCTION,ACODFCY,AFLGERR) on an object-type function, returns if the modification of the _enable_ flag is authorized for the given site. It can be used for functions that have global authorizations with an empty site code.
Example
# Do we have the rights to create a sale order for the site PAR ? If no, returnIf fmet this.ACTX.AGETAFCRIFGRC(this,"GESSOH",[V]CST_ATRUE)=[V]CST_AERRORReturnEndif

2.2 Authorization for access codes

Different methods are available. In every method, this must be sent as a parameter.
If AFLGERR is set to [V]CST_ATRUE, the error class of this is set with the right error.
If [V]CST_AFALSE is used, the method returns the value [V]CST_AERROR as error code but does not fill the error class of this.

functionParametersDescription
AGETACSRIGHTC(this,ACODACC,AFLGERR)returns if creation rights are allowed for the access code
AGETACSRIGHTM(this,ACODACC,AFLGERR)returns if modicication rights are allowed for the access code
AGETACSRIGHTE(this,ACODACC,AFLGERR)returns if execution rights are allowed for the access code