Setup > Users > Functional authorization 

This function is used to attach to a function profile code defined elsewhere, a group of the functions authorised with additional privileges if required.

    Prerequisite

    SEEREFERTTO Refer to documentation Implementation

    Screen management

    Entry screen

    Presentation

    The definition of the functional authorisations is made by entering pairs (profile codes, function codes) in a record. When the authorisation with a function requires no further information, there is nothing else to do. But when the restrictions by site exist, or when the additional options are associated with the functions, this information is to be entered in the grid present in the tab.

    This entry can be tedious, but it will be seen later that several more rapid methods exist to select a group of functions to attribute authorisations to them. These possibilities are accessible using the buttons at the bottom of the screen described in this documentation ( , which can be called by right click from the Function field, and the button  ).

    To directly enter an authorisation for a single function, it is sufficient to enter the function profile code then the function code. If the access to this function is modulated as a function of the site (that is to say a site field exists in the tables generated by the function and that this field is used to filter a limitation access to the information). This grid is used to enter the following elements :

    *    a type that can be Site or Grouping, with the associated site or group of sites code. The group is a group of sites that corresponds to a legal company (in this case, the group is automatically updated if the new sites are created in this company). It is possible to give an empty group code ; this case corresponds to all the other sites not explicitly defined by the list of the sites or groups in the grid.

    *    an Access flag (yes/no). It is thus possible to define for each site, the different authorisations, remembering that a line with an empty group code is used to define the default authorisations for all the other sites not explicitly named.

    *    an Optionsfiled that can be entered once the additional authorisations are attached to the function. These authorisations are used in general to give access to a button or a menu and to trigger the access to a process or to an additional window. Each option is symbolised by a character. By default, all the characters associated with the existing options are proposed, but it is possible to delete some or all of them. These options are contextual (for example, the access to the open items, symbolised by E that exists in the invoice management), but "standard" options exist accessible when the function is an object management. These options are as follows :

    Option

    Meaning

    C

    Record creation

    M

    Record modification

    S

    Record deletion

    V

    Record validation (when it exists)

    The option U, when it exists, is used to define a filter by user : it is used once a function must be used to process either only the data attached to a user or all (this last choice is only possible if the option U has been activated for the user) the data

    It is important to note that a coherency check is made on the sites and groups listed in the authorisations grid. Thus, if two sites belonging to different groups to which distinct authorisations have been accorded, an error message will be displayed and the entry will not be possible.

    When the function is not modelled by site, but options exist, the first line in the grid is entered without giving a site code, but only by entering the yes/no flag and the options.

    On saving it, the table storing the authorisation definitions, but the authorisation cross reference table is not updated (see below). This update will be made on exiting the function, if the response is Yes to the question Update the table AFCTFCY.

    Close

     

    Fields

    The following fields are present on this tab :

    Profile

    This code identifies the created records in a unique manner.

    Function

    This code identifies a function of the software.

    • Module (field MODULE)

    Module to which the current function is attached.

    Table List of values

    • Type (field FCYGRUCOD)

    Define if the authorizations are entered for the data linked to a site or a group of sites.

    • Grouping by site (field FCYGRU)

    Access rights may be defined either for just one site or for a grouping of sites. You will enter either a group code or a site code, depending upon the type selected.

    • Access (field ACS)

    Access will be allowed or prohibited for the site(s) of this function, given the profile code.

    • Options (field OPT)

    If this box is checked, all options will be available for this Profile code. If it is not checked, specific options will be available according to the selection criteria.

    Close

     

    Other conditions

    An important point to be noted : the table of the functions profiles manages only the profile code, the authorisations detail by group or site being managed by the functional authorisations table. But more importantly, for authorisations management, is the site function profile table, which is automatically updated by this function, but also if necessary by the management of groups, companies and sites.

    In fact, this table manages in detail the authorisations for each site/profile/function cross reference. Taking into account the number of important functions in the software (several hundred), a folder with many sites may have a AFCTFCY table including a very great number of lines (it has however records of small size). This table is used to obtain good performances during the authorisations management, in particular in the reports. Its update is made on exiting the authorisation update functions. Taking into account the large amount of information to be updated, this function can have a long execution time. It is also possible to launch this operation directly on using the associated utility (Validation of the functions).

    Menu Bar

    This button is used to open a new screen for the mass loading of functions. In this screen the following are defined :

    *    the site or the group of sites (as a function of the Type given)

    *    the access rights (yes/no), by a tick box

    *    the fact that the associated options are authorised or not (a global tick box to accord all the options or none)

    *    the list of functions concerned. These functions can be loaded in the grid by picking from the branching list on the left. This list picks up the function as they are organised in the standard menus of the ADMIN user. In addition to the direct picking of a function or a sub-menu, it is also possible to directly load all the functions linked to a module thanks to a button.. The record in this grid will then lead to the creation of the corresponding authorisations.
     

    This button makes it possible to copy the current record to another folder.

    This button is used to add, for the current function profile, the access rights already accorded to another function profile. In this way is is possible to define the function profile by fusion for a group of function profiles in the database.
     

    Error messages

    In addition to the generic error messages, the following messages can appear during the entry :

    XXX and YYY : incompatibles sites

    An attempt has been made to create different authorisations for the two groups of sites having sites in common.

    Tables used

    SEEREFERTTO Refer to documentation Implementation