Setup > Users > Functional authorization 

This function is used to attach to a function profile code defined elsewhere, a group of the functions authorized with additional privileges if required.

    Prerequisite

    SEEREFERTTO Refer to documentation Implementation

    Screen management

    Entry screen

    Presentation

    The definition of the functional authorizations is made by entering pairs (profile codes, function codes) in a record.

    The grid present on the record is only useful when there are specific authorizations for the function. It can either be:

    • Either restrictions by site (in this case each line defines authorizations for one or several sites).
    • Or additional options (one or several lines can thus be entered depending on whether the authorizations are defined by site).

    A coherency control is performed on the sites and groups of sites listed in the authorization grid. Thus, if two sites belonging to different groups to which distinct authorizations have been accorded, an error message will be displayed and the entry will not be possible.

    In order to make the entry of complex cases faster, buttons are available to add in mass a set of functions or to merge profiles.

    On saving it, the table storing the authorization definitions, but the authorization cross reference table is not updated. This update will be made on exiting the function, if the response is Yes to the question Update the table AFCTFCY

    Close

     

    Fields

    The following fields are present on this tab :

    Profile

    This code identifies the created records in a unique manner.

    Function

    This code identifies a function of the software.

    • Module (field MODULE)

    Module to which the current function is attached.

    Grid List of values

    • Type (field FCYGRUCOD)

    Define if the authorizations are entered for the data linked to a site or a group of sites.

    • Grouping by site (field FCYGRU)

    Access rights may be defined either for just one site or for a grouping of sites. You will enter either a group code or a site code, depending upon the type selected.

    • Access (field ACS)

    Access will be allowed or prohibited for the site(s) of this function, given the profile code.

    • Options (field OPT)

    If this box is checked, all options will be available for this Profile code. If it is not checked, specific options will be available according to the selection criteria.

    Close

     

    Other conditions

    An important point to note is that the table of the functions profiles manages only the profile code, the authorizations detail by group or site being managed by the functional authorizations table. But more importantly, for authorizations management, is the site function profile table, which is automatically updated by this function, but also if necessary by the management of groups, companies and sites.

    In fact, this table manages in detail the authorizations for each site/profile/function cross reference. Taking into account the number of important functions in the software (several hundred), a folder with many sites may have a AFCTFCY table including a very great number of lines (it has however records of small size). This table is used to obtain good performances during the authorizations management, in particular in the reports. Its update is made on exiting the authorization update functions. Taking into account the large amount of information to be updated, this function can have a long execution time. It is also possible to launch this operation directly on using the associated utility (Validation of the functions).

    Menu Bar

    The following fields are included on the window opened through this button :

    • Type of deletion (field DELTYP)

    Define the deletion type desired :

    • Function only delete the authorization in the current function (for the current function profile).
    • Function profile delete the authorizations in all the function profile.
    • Module delete the authorizations for all the functions in the module entered in the field that follows (for the current function profile).
    • field MODULE

    [object Object]

    Close

    Is used to delete the authorization data linked to the profile.

    The following fields are included on the window opened through this button :

    Profile

    This code identifies the created records in a unique manner.

    • field ZPRFCOD

     

    Block number 2

    • Type (field FCYGRUCOD1)

    Access rights may be defined either for just one site or for a grouping of sites. You will enter either a group code or a site code, depending upon the type selected.

    • Grouping by site (field FCYGRU1)

     

    Block number 3

    • Access (field ACS1)

    Access will be allowed or prohibited for the site(s) of this function, given the profile code.

    • Options (field OPT1)

    If this box is checked, the different options associated with each of the functions present in the grid are authorized for the user whose access rights are being parameterized.

    • Forced cancel and replace (field ANN1)

     

    Grid

    • Module (field MODULE1)

    Module to which the current function is attached.

    • Menu (field MENU1)

    When a function is created, it is indispensable to reference it in a menu, in order that this function can be called. The menus are parameterized by user, but a reference user exists, called ADMIN, but whose name is modifiable using the parameter ADMUSR.. These menus contain all the functions and can serve as a template during the creation of the menus. Therefore a reference menu for where the function is found is defined here.

    The top menu in the standard menu tree structure is called GENE ; all functions must be referenced, whether in this menu GENE, or in another menu itself accessible via the menu GENE. The following constrains exist :

      it is not possible to have more than 30 choices in a menu.

      it is not possible to exceed 4 levels of sub-menus.

    The menu title is the text (translatable) that will actually appear in the user menu to describe the function.

    This code identifies a function of the software.

    • Description (field LIBFNC1)

    Title associated to the previous code.

    Close

    Is used to open a screen loading functions in mass.

    The aim is to define for a site or group of sites the use conditions (by including all options of the listed functions in mass or none).

    The concerned functions can be loaded in the grid by picking from the branching list on the left. This list displays the functions as they are classified in the standard menus of the ADMIN user.

     This button is used to load directly all functions linked to a specific module or to select directly a function or sub-menu.

    The record in this grid leads to the creation of the corresponding authorizations.

    Function-profile modification

     This button is used to load in the left list the rights and access to the concerned function-profile.

    Any addition, modification or rights and access cancellation for the profile is made in the left list.
    The grid is loaded automatically.

    In order to validate the modifications made to the profile, click on [Save].

    The following fields are included on the window opened through this button :

    Block number 1

    • field OBJET

     

    • field CLES

     

    Block number 2

    • From folder (field DOSORG)

    Indicate the folder from which the record is going be copied. The possible syntaxes are described in the dedicated appendix.

    • All folders (field TOUDOS)

    This option is used to copy the record to all the folders defined in the dictionary (ADOSSIER table from the current solution).

    • To folder (field DOSDES)

    Indicate the folder in which the record is going be copied. The possible syntaxes are described in the dedicated appendix.

    Close

    Is used to copy the functional authorization as a whole linked to a function profile code from or to another folder.

    The following fields are included on the window opened through this button :

    Indicate the name of a profile code under which the merge will be carried out.

    If access rights for this profile code do not exist, a copy will be carried out if not the merge will be more advantageous.

    Close

    This button is used to add the access rights of a profile to the current user.

    Error messages

    In addition to the generic error messages, the following messages can appear during the entry :

    XXX and YYY: incompatible sites

    An attempt has been made to create different authorizations for the two groups of sites having sites in common.

    Tables used

    SEEREFERTTO Refer to documentation Implementation