Use the fields in this subtask table window to assign "Read-Only", "Full", or "Deny" rights to a user in one or more Costpoint applications within a module. You may, for example, have given a user group "Full" rights to a specific module, but want to assign "Read-Only" or "Deny" rights to one or more specific applications within that module.
[You cannot assign "Deny" rights at a higher level and than assign "Full" or "Read-Only" rights at a lower level.]
As you drill down to lower levels to assign specific user group rights, the header information displays the module information (ID and name) to help keep you oriented.
Within the Application Rights subtask, you can also drill down to assign even more specific user rights, as follows:
Use the Result Set Rights by Application subtask link (in the Application Rights subtask screen) to assign "No Rights", "Read Rights", "Update Rights", "Insert Rights", and/or "Delete Rights" to a user in one or more Costpoint result sets within an application. You may, for example, have given a user full rights to a specific application, but want to assign no rights to one or more result sets within that application. (You cannot assign "No Rights" rights at a higher level and then assign "Read Rights", "Update Rights", "Insert Rights", or "Delete Rights" at a lower level.)
Use the Deny Action Rights subtask link (in the Result Set Rights by Application subtask screen) to assign "Deny Rights" or "Execute Rights" to a user to one or more Costpoint "actions" (processes) within the result set. You may, for example, have given a user update, insert, and/or delete rights to a specific result set within an application, but want to assign or withhold execute rights to a specific "action" (process) within that result set. (You cannot assign "Deny Rights" at a higher level and then assign "Execute Rights" at a lower level.)
Use the Deny Report Rights subtask link (in the Result Set Rights by Application subtask screen) to assign "Deny Rights" or "Execute Rights" to a user to one or more Costpoint reports within the result set. You may, for example, have given a user update, insert, and/or delete rights to a specific result set within an application, but want to assign or withhold execute rights to a specific report within that result set. (You cannot assign "Deny Rights" at a higher level and then assign "Execute Rights" at a lower level.)
Use this screen whenever you want to assign application rights (and drill down further to assign result set rights) to one or more specific user groups.
For existing data, the application ID automatically displays in this non-editable field for the row.
For new data, enter, or use Lookup to select, the application ID.
The system-maintained application data and the Lookup in this table window is from the S_APP_LIST table.
The name associated with the Application field in this row automatically displays in this non-editable field.
You can click on the Notes icon at the end of the field, if necessary, to easily view extensive application name data without the need to use the Up Arrow and Down Arrow function keys within the field.
This field displays the two letter module designation for the application.
This field displays the domain name for the application. The domain names represent the five tabs across the top of the Costpoint screen: Accounting, People, Projects, Materials, and Administration.
This field displays the action category that contains the application. The action names display below the domain name tabs on the Costpoint screen: Configure, Maintain, Transactions, Process, Review, and Utilities.
This field displays the entity names in the drop-down lists below each action heading.
Click this button to copy the selected application(s) to the Application Rights table.
For existing data, the application ID automatically displays in this non-editable field for the row.
For new data, enter, or use Lookup to select, the application ID.
The system-maintained application data and the Lookup in this table window is from the S_APP_LIST table.
The name associated with the Application field in this row automatically displays in this non-editable field.
You can click on the Notes icon at the end of the field, if necessary, to easily view extensive application name data without the need to use the Up Arrow and Down Arrow function keys within the field.
Use the drop-down box to select the type of rights to assign to the user for this application.
You can select "Read-Only," "Full," or "Deny" rights, as follows:
With "Read-Only" rights, the user can access the application and can select and view data but cannot update data.
With "Full" rights, the user can access the application, select data, and update data.
With "Deny" rights, the user cannot access the application.
Enter, or use Lookup to select the company to which these application rights will apply. You can enter or select All to apply these right to all companies
This non-editable field only displays if the Enforce Segregation of Duties Rules checkbox is selected in the Corporate Settings subtask of the System Settings screen (Administration\Configure System). One of the following status statements populates the field:
System Approved - The system has verified that there are no segregation of duties conflicts for this right
In Conflict - The system has determined that one or more segregation of duties conflicts exist for this right. The rights cannot be used unless manually overridden using the Override Segregation of Duties Conflicts application (Administration\Process\Segregation of duties).
Delete Conflict - An attempt to delete this right has failed, since deleting the rights record would cause one or more segregation of duties conflicts.
Manually Approved - The system has determined that one or more segregation of duties conflicts exist for this right, but the conflicts have been manually overridden.
Pending - An assigned right has yet to be checked for segregation of duties conflicts. The Identify Segregation of Duties Conflicts process (Administration\Process\Segregation of Duties) must be run before this assigned right can be used.
Delete Requested - An attempt to delete this right must be checked for segregation of duties conflicts. The Identify Segregation of Duties Conflicts process Administration\Process\Segregation of Duties) must be run before this assigned right can be deleted.
This field displays the domain name for the application. The domain names represent the five tabs across the top of the Costpoint screen: Accounting, People, Projects, Materials, and Administration.
This field displays the action category that contains the application. The action names display below the domain name tabs on the Costpoint screen: Configure, Maintain, Transactions, Process, Review, and Utilities.
This field displays the entity names in the drop-down lists below each action heading.
* A red asterisk denotes a required field.
Click on this subtask link to open the Result Set Rights by Application subtask screen.
Changes to this screen update the following tables:
W_USER_UGRP_LIST (User Group List - Web)
W_USER_GRP_USERS (User Group User - Web)
W_USER_COMPANY (User Company - Web)
W_APP_RIGHTS (Application Rights - Web)