Application Permissions
Use Application Permissions to assign permissions to specific menus, pages, and/or reports to an application user.
Go to System > Application Settings > Menus and Security
Under Security, click the Application Permissions menu item
The page contains two panels: Users(top) and Permissions and Menu Restrictions (bottom).
Selecting a record from the Users grid updates the grids in the Permissions and Menu Restrictions panel below.
Users
Type the name of the user or group in the search field of the Users grid. If the user is not found in the grid, add the user to begin.
If the user or group is still not found, refer to Application Users for more information.
These are the field available in the Users grid:
Field's Description
Application User The Windows or SQL Server user name as defined in Application Users
User Name Read Only. Displays the name of the user/group when Application User has been selected
User Type Read Only. Displays the type of the user/group when Application User has been selected
Start Date The date these permissions start. If blank, perpetual time is assumed
End Date The date these permissions stop. If blank, perpetual time is assumed.
Disabled ? When checked disables all the permissions for the user/group
Default Application Modes Reserved for future use.
Comments Used to save any notes
Permissions
The Permissions and Menu Restrictions panel (bottom) contain three tabs: Permissions, Menu/Page Restriction, and All Report Permission.
In the permissions tab, there is a grid indicating the effective permissions for the selected user/group. The menu structure in the navigation menu is hierarchical.
When permissions are set at the Application level, the permissions are inherited to all Modules, Sub modules, and Menus within that application domain. Similarly, permissions set at the Module level will affect all Sub Modules and Menus as well.
For example, setting the permission to Permit for application Cadebill will give access to all modules under it. However, adding the permission to Deny on the Scheduler module will permit the user to access all modules and menus except those under the Scheduler module.
It is recommended that users are granted permission to the application level and restricted at the menu level.The following fields are available:
Field's Description
Permission ID Unique identifier for a record in Application Permissions.
Application User Read-only. The selected user/group from Users panel (top).
Application ID Select an application from the drop-down list.
Mode ID Reserved for future use.
Module Select the module from the drop-down list.
Sub Module Select the sub module from the drop-down list.
Menu Select the menu from the drop-down list.
Permission Select an option: Permit, Permit and Grant, or Deny
Comments Additional comments, if any.
Restriction For internal use only.
Include All Child Menus Some menus have child menus. If checked, the same permission applies to all child menus as well.
Menu/Page Restrictions
In this tab, permissions can be further refined at the menu level and below. For instance, permissions may be set for a specific operation such as denying the ability to delete records from the Rates table while still allowing read, create and update. Likewise, permissions may be set to hide a specific field in a response table.
To understand, the relationship to the Menu, refer to the diagram below.
The following fields are available:
Field's Description
ID Internal, identity field.
User ID System-generated integer to uniquely identify a user instance in the system. Read-only.
Menu Select a Menu from the drop-down list. Since this is a cascading drop-down, selecting a Menu from this drop-down will simplify subsequent selections.
Entity Table Name For the selected Menu, there are several request/response tables. To set a permission for a table select one from the drop-down list. List is filtered by selected Menu.
CRUD Operation
To restrict the operations on the selected Menu select Create, Read, Update, and/or Delete (CRUD) as needed. If any operations are selected, only the selected items will be allowed.
- If CRUD restrictions are defined at the menu level only, then allow/deny is limited to respective menu/page and all entity tables within that page.
- If CRUD restrictions are defined at the entity table level only, then allow/deny is limited to the entity table and all menus/pages where it may be used.
- If CRUD restrictions are defined at the menu and entity table, then allow/deny is limited to the respective menu/page and entity table only.
- If CRUD restrictions are defined at the menu level only, then allow/deny is limited to respective menu/page and all entity tables within that page.
Command Names To restrict the available commands for the selected Entity Table Name, select the command(s) from the drop-down list. Only selected operations will be available. If none are selected then there are no specific restrictions.
View Name To restrict the available views for the Entity Table Name, select the view(s) from the drop-down list. Only selected views will be available. If none are selected then there are no specific restrictions.
Hierarchy Instance To restrict the available hierarchies for the Entity Table Name, select the hierarchy(s) from the drop-down list. Only selected hierarchies will be available. If none are selected then there are no specific restrictions.
View Filter Names To restrict the available view filters for the Entity Table Name, select the view filter(s) from the drop-down list. Only selected view filters will be available. If none are selected then there are no specific restrictions.
Cud Limits
Using a JSON formatted array we can place limits on the transactions that are allowed during Create, Update, or Delete operations. See JSON Representation Syntax below.
In this example, the restriction will be used when invoking a Create or Update operation on a record. The restriction is that the Customer Payment Amount must be between $0 and $500 and the Financial Transaction Type must be 10.
Read Filters Using a JSON formatted array we can place limits on the of transactions that are allowed during a Read operation. See JSON Representation Syntax below.
Permission Select an option: Permit, Permit and Grant, or Deny. Applies to Menu, Entity Table, and Field Names only.
Comments Additional comments, if any.
Restriction Internal field.
Field Names
For the selected Entity Table Name, there are several fields. To set a permission for a field select one (or more) from the drop-down list. List is filtered by selected Entity Table Name. Works in conjunction with Permission.
Disabled ? When checked, the selected Field Name(s) may be visible but will be in read-only mode during Create or Update operations.
All Report Permission
This tab limits the reports that the selected user/group can access. The following fields are available: