You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

If you are going to use the RLS (Record-Level Security) functionality, make sure that the Limit Access on Record Level option is selected on the Administration > Settings > Services form.

Using this form with the RLS functionality enabled, you can do the following:

  • Left pane: Set up access rights for the selected user by assigning user profiles in accordance with the user's duties and positions as an employee.
  • Right pane: Using the RL functionality, restrict access to particular documents and records which are otherwise available to users based on their profiles.

Note. Only a user with the Administrator role (profile) can set up other user access rights.

By default, a new user is created without access to any functionality. With no profile assigned, the user even cannot log in to the application.


The Access Rights form

Using the User Profiles (left) pane, you can assign multiple predefined profiles to this user by selecting appropriate check boxes in the Profiles list. The user will be able to access only the functionality defined by the selected profiles. Within the accessible functionality, the user will have access to ALL documents and records of the document and record types associated with this functionality.

If you need to restrict the user access to particular records, use the Restrictions (right) pane.

The upper table with the profile name as subtitle (Accountant in the screenshot above) contains the list of record types particular records of which can be restricted for the user.

Generally, user access can be restricted to records of the following types:

  • Entities
  • Departments / Warehouses
  • Access Group Companies
  • Petty Cashes (Cash Accounts)
  • Employees
  • Email Accounts

For some profiles, access restrictions are not available.

Note. If you need to restrict access of the user to particular records, specify these records as restricted ones for each profile assigned to this user.

In the Restricted Values table, you can select particular records of the record type (selected in the upper pane) to which access will be restricted. For example, in the screenshot above, for this user (James Bond) with the Accountant profile, access to documents of the United Furniture Group entity will be denied.

The toolbar buttons

Click the Save button to save the assigned profiles or the Save and close button to save the user's assigned profiles and close the form.

The Access Rights Report button generates and opens the Access Rights report for this user with complete list of application objects and functionality to which the user has access.


  • No labels