Use the fields in this subtask table window to assign "Read-Only", "Full", or "Deny" rights to a user in one or more Costpoint applications within a module. You may, for example, have given a user Full rights to a specific module, but want to assign Read-Only or Deny rights to one or more specific applications within that module.
(You cannot assign Deny rights at a higher level and then assign Full or Read-Only rights at a lower level.)
As you drill down to lower levels to assign specific user rights, the header information displays the module information (ID and name) to help keep you oriented.
Within the Application Rights subtask, you can also drill down to assign even more specific user rights, as follows:
Use the Result Set Rights by Application subtask link (in the Application Rights subtask screen) to assign "No Rights", "Read Rights", "Update Rights", "Insert Rights", and/or "Delete Rights" to a user in one or more Costpoint result sets within an application. You may, for example, have given a user Full rights to a specific application, but want to assign No rights to one or more result sets within that application. (You cannot assign Deny rights at a higher level and then assign Read, Update, Insert, or Delete rights at a lower level.)
Use the Deny Action Rights subtask link (in the Result Set Rights by Application subtask screen) to assign Execute rights to a user to one or more Costpoint "actions" (processes) within the result set. You may, for example, have given a user Update, Insert, and/or Delete rights to a specific result set within an application, but want to assign or withhold Execute rights to a specific "action" (process) within that result set. (You cannot assign Deny rights at a higher level and then assign Execute rights at a lower level.)
Use the Deny Report Rights subtask link (in the Result Set Rights by Application subtask screen) to assign Execute rights to a user to one or more Costpoint reports within the result set. You may, for example, have given a user Update, Insert, and/or Delete rights to a specific result set within an application, but want to assign or withhold Execute rights to a specific report within that result set. (You cannot assign Deny rights at a higher level and then assign Execute rights at a lower level.)
Use this screen whenever you want to assign application rights (and drill down to assign result set rights) or for a specific user.
This non-editable block lists all Costpoint applications and where they are located within the system. The information provided in the Module ID, Domain Name, Action Name, and Entity Name fields is a map to the location of the application within Costpoint. For example, you are currently in the SYMUSR application named "Users." It is located in the "SY" module in the "Administration" domain under the "Maintain" action heading. The entity is "Users." The path is Administration\Maintain\Users\Users.
Click in the box to the left of the row containing the application you want to select. To select multiple applications, hold down the Ctrl key while clicking on the applications. The Ctrl/click operation is also used to de-select a row. After you have highlighted the application(s), click the Select button to populate the Application Rights table. This table contains the application(s) to which you will assign or deny rights.
This field displays the system designation for the application.
This field displays the name of the application.
This field displays the two letter module designation for the application.
This field displays the domain name for the application. The domain names represent the 5 tabs across the top of the Costpoint screen: Accounting, People, Projects, Materials, and Administration.
This field displays the action category that contains the application. The action names display below the domain name tabs on the Costpoint screen: Configure, Maintain, Transactions, Process, Review, and Utilities.
This field displays the entity names displayed in the drop-down lists below each action heading.
Click this button to copy the selected application(s) to the Application Rights table.
For existing data, the application ID automatically displays in this non-editable field for the row.
For new data, enter, or use Lookup to select, the application ID.
The system-maintained application data and the Lookup in this table window is from the S_APP_LIST table.
The name associated with the Application field in this row automatically displays in this non-editable field.
You can click on the Notes icon at the end of the field, if necessary, to easily view extensive application name data without the need to use the Up Arrow and Down Arrow function keys within the field.
Use the drop-down box to select the type of rights to assign to the user for this application.
You can select "Read-Only," "Full," or "Deny" rights, as follows:
With "Read-Only" rights, the user can access the application and can select and view data but cannot update data.
With "Full" rights, the user can access the application, select data, and update data.
With "Deny" rights, the user cannot access the application.
Enter, or use Lookup to select the company to which these application rights will apply. You can enter or select "All" to apply these right to all companies
This non-editable field only displays if the Enforce Segregation of Duties Rules checkbox is selected in the Corporate Settings subtask of the System Settings screen (Administration\Configure System). One of the following status statements populates the field:
System Approved - The system has verified that there are no segregation of duties conflicts for this right
In Conflict - The system has determined that one or more segregation of duties conflicts exist for this right. The rights cannot be used unless manually overridden using the Override Segregation of Duties Conflicts application (Administration\Process\Segregation of duties).
Delete Conflict - An attempt to delete this right has failed, since deleting the rights record would cause one or more segregation of duties conflicts.
Manually Approved - The system has determined that one or more segregation of duties conflicts exist for this right, but the conflicts have been manually overridden.
Pending - An assigned right has yet to be checked for segregation of duties conflicts. The Identify Segregation of Duties Conflicts process (Administration\Process\Segregation of Duties) must be run before this assigned right can be used.
Delete Requested - An attempt to delete this right must be checked for segregation of duties conflicts. The Identify Segregation of Duties Conflicts process Administration\Process\Segregation of Duties) must be run before this assigned right can be deleted.
This field displays the domain name for the application. The domain names represent the five tabs across the top of the Costpoint screen: Accounting, People, Projects, Materials, and Administration.
This field displays the action category that contains the application. The action names display below the domain name tabs on the Costpoint screen: Configure, Maintain, Transactions, Process, Review, and Utilities.
This field displays the entity names in the drop-down lists below each action heading.
* A red asterisk denotes a required field.
Select an application in the Application Rights table by clicking in the box to the left of the row. Click this subtask link to open the Result Set Rights by Application subtask screen which will display and allow you to edit the rights set up for the selected application.
Changes to this screen update the following tables:
W_USER_UGRP_LIST (User Group List - Web)
W_USER_GRP_USERS (User Group User - Web)
W_USER_COMPANY (User Company - Web)
W_APP_RIGHTS (Application Rights - Web)