Use the Record Access tab to determine a role's access rights to specific menus and records in
Vision. For example, a
project manager needs full access to records in the
Project Info Center, but a
project consultant only needs read access to these records.
Even if a role does not have access to an Info Center, you can still set up record level read and update criteria for reporting purposes. Before you can assign access rights to any
Vision module, you must activate the module in
.
Contents
Application Record Access Grid
Use this grid to control the role's access to portions of the
Vision application, including access to menu items and records. Options on this grid depend on the
Vision applications that are installed.
Field | Description |
Application Record Access Drop-down
|
Click the drop-down arrow on a grid header to complete any of the following actions:
- To print grid data, click
Print. When the Print Preview form displays, click
to send the grid data to your default printer.
- To export grid data to an Excel spreadsheet, click
Export to Excel. When Microsoft Excel opens, use its features to modify, print, or email the data, or to save the spreadsheet file locally.
- To turn on grouping for a grid, click
Enable Grouping. When a field displays with the instruction: "Drag a column header here to group by that column," drag and drop column headers into this field, in the sequence that you want them to display.
Not all options are available on all grids.
|
Application
|
Select the
Vision application for which you want to establish access rights. The applications that display depend on the
Vision applications that you install.
|
Access
|
Click in this field, and use the drop-down list to select the access rights for the selected item.
-
Read Only — The role can look at records but not add, modify, or delete record information.
-
Modify Only — The role can read records and modify information, but cannot add new records or delete records.
-
Add/Modify — The role can read, modify, and add records, but cannot delete records.
-
Full — The role can read, add, modify, and delete records.
The
Access column is view-only for certain applications. You must use the
Vision default for these applications.
Options for Billing Terms
If you did not select
Billing Terms on the General tab, you can select one of the following settings to specify access to billing terms:
-
Percent Complete — Users assigned to a role for which this setting is selected can view all information on the Fees tab on the Billing Terms form but can only update percent complete and fee-to-date fields on the Fees tab and the
Description field on the General tab.
-
None — Users assigned to a role for which this setting is selected can view all information on the Fees tab and General tab on the Billing Terms form, but cannot update any of that information. These users cannot use the
Billing Terms link in the Navigation pane, in the Project Info Center, or in Interactive Billing to display the Billing Terms form. These users can only display the fee information using the
Update Fees options in Invoice Approvals, Interactive Approvals, or Interactive Billing (assuming that they have access to one or more of those forms).
Users who only have this access to fee information and the description in Billing Terms cannot use the
Billing Terms link in the Navigation pane, in the Project Info Center, or in Interactive Billing to display the Billing Terms form. They can only display the fee information using the
Update Fees options in Invoice Approvals, Interactive Approvals, or Interactive Billing (assuming they have access to one or more of those forms).
|
Record Level View
|
Click in this field, and then click
to open a lookup dialog box and determine the records that members of this role can view within the selected application. For example, for the
Client application, you might give a role the ability to see
client information in the
Client Info Center for only a subset of
clients. This setting also controls the list of records that are returned in the search results list in lookup fields and user-defined lookup fields for this application that appear in other applications (such as in the
Primary Client lookup field in the
Project Info Center).
Client Info Center Example
You set up record level view security so that security role A can view only one
client—Brown and Associates. John is assigned to role A.
Outcome:
- In the
Client Info Center, when John opens the
Client lookup in the
Search field, the only
client that will be returned in the search is Brown and Associates. This is the only
client whose record John can view in the
Client Info Center.
- In the
Project Info Center, when John opens the
Client lookup in the
Primary Client field, the only
client that will be returned in the search is Brown and Associates. This is the only
client that he can assign to a
project in the
Project Info Center.
- In the
Project Info Center when John opens the
Client lookup in a user-defined
client field, the only
client that will be returned in the search is Brown and Associates. This is the only,
client in the user-defined
client field that he can assign to a
project in the
Project Info Center.
The exception to this behavior is the record level view setting that you assign for the Employees Info Center. The Employees record level view setting is not applied to the Employee lookup fields in other Info Centers (for example, the
Principal,
Project Manager, or
Supervisor lookup fields in the
Project Info Center).
Employees Info Center Example
You set up record level view security so that security role A can view only one employee - Emily Collins. John is assigned to role A.
Outcome:
- In the Employees Info Center when John opens the Employee lookup in the
Search field, the only employee that will be returned in the search is Emily Collins. This is the only employee whose record John can view in the Employees Info Center.
- In the
Project Info Center when John opens the Employee lookup in the
Principal,
Project Manager, or
Supervisor fields, all employees are returned in the search. John can assign any employee to a
project in the
Project Info Center.
- In the
Project Info Center when John opens the Employee lookup in a user-defined employee field, all employees are returned in the search. John can assign any employee to a
project in the
Project Info Center.
The role's
Access settings supersede
Record Level View rights. You cannot give a role permission to view a record if the role does not have permission to access the corresponding application.
The default for this field is
Not in Use.
|
Record Level Update
|
Click in this field, and then click
to open a lookup dialog box and determine the records that this role can update within the selected application. For example, you might give a role the ability to update information about only a subset of
clients in the
Client Info Center.
The default for this field is
Same as View, meaning that the
Record Level Update setting is the same as the
Record Level View setting.
The role's
Access settings supersede
Record Update View rights. You cannot give a role permission to update a record if the role doesn't have permission to access the corresponding application.
|
Options below the grid
Field | Description |
Apply record access to all transaction centers
|
Select this option to apply record level security to limit access to certain records in the Transaction Center.
|
Enable self service in Employee Review
|
Select this option to allow employees to view a summary of their own payroll and expense check information on the Employee Review screen. Your role determines access to the Employee Review features.
|
Allow modification of Disable Login user setting in Users when read-only access
|
Select this option to give users in this role access to modify the enable/disable login user setting when they only have read-only access to the Users application.
|
Allow modification of Passwords in Users when read-only access
|
Select this option to give users in this role access to modify user passwords even if they only have read-only access to the Users application.
|
Allow access to records in iAccess
|
This option is available if the role has access to iAccess for Vision. Select this option to give the users in this role the ability to access records in the iAccess application.
|
Allow Changes to Supporting Documents
|
This option is available if the role has access to Interactive Billing or Interactive Approvals. Select this option to give the users in this role the ability to modify supporting documents that have been uploaded for transactions.
Possible modifications include:
- Change the description of a supporting document
- Upload a supporting document in Interactive Billing
- Delete a supporting document
- Change the
Print with Invoice setting of the supporting document
By default, this option is cleared and users can only view supporting documents.
|
Apply Project access to
Field | Description |
Timesheets
|
Select this option to apply project record level security to limit which projects a user can see when entering personal Timesheet information.
This option displays if your firm uses the Vision Time application.
|
Expense Reports
|
Select this option to apply project record level security to limit which projects a user can see when entering personal Expense Report information.
This option displays if your firm uses the Vision Expense application.
|
Billing
|
Select this option to apply project record level security to Vision Billing. This option controls the projects that you can access when you perform the following Billing functions:
- Interactive Billing
- Batch Billing
- Billing Terms
- Billing Groups
- Billing Rate Tables
- Refresh Billing Extensions
- Invoice Template Editor
If you do not select this option, your billing personnel will have access to
all projects.
If your firm uses the Multicompany feature, and you do not select this option, your billing personnel will have access to all projects where the main billing project belongs to the active company.
This option displays if your firm uses Vision Billing.
|
Sub Projects in Billing Groups
|
Select this option to restrict subproject lookups based on project record level security when setting up billing groups. When you select this option, the role can view and edit information for all of the accessible main projects, and can add any sub-project to which the role has security access. If the role does not have access to the main project, however, it cannot view the sub-projects, regardless of the rights to access these sub-projects individually.
|
Activity Access
Use these fields to determine access to
Vision activities.
Field | Description |
Record Level View
|
Use the lookup to select one of the following options as the criteria for the chosen info center:
-
Not in Use — Select this option to eliminate Record Level View from the Activity access rights. This is the default setting.
-
Use info center access — Select this option to apply Info Center access to the activity record access. For example, Record Access for the
Client Info Center is set to all
clients in California. If you set the activity access to
Use info center access, then of all activities associated with a
client, the role will only be able to view the activities of the
clients to which it has rights (in other words, all
clients in California).
-
Use query — Select this option to use a query to determine the activity access rights.
|
Record Level Update
|
Use the lookup to select one of the following options as the update access for the record level:
-
Read Only — The role can look at records but cannot add, modify, or delete record information.
-
Modify Only — The role can look at records and make modifications to information, but cannot add new records or delete records.
-
Add/Modify — The role can look at, modify, and add records, but cannot delete records.
-
Full — The role can read, add, modify, and delete records.
|
Approval Workflow Record Access Grid
Field | Description |
Approval Workflow Record Access Drop-down
|
Click the drop-down arrow on a grid header to complete any of the following actions:
- To print grid data, click
Print. When the Print Preview form displays, click
to send the grid data to your default printer.
- To export grid data to an Excel spreadsheet, click
Export to Excel. When Microsoft Excel opens, use its features to modify, print, or email the data, or to save the spreadsheet file locally.
- To turn on grouping for a grid, click
Enable Grouping. When a field displays with the instruction: "Drag a column header here to group by that column," drag and drop column headers into this field, in the sequence that you want them to display.
Not all options are available on all grids.
|
Application
|
This column displays the approval application.
|
Access
|
This column displays the type of access that is granted to the user for the corresponding approval application. In order to view a record, the user must be logged in to the company to which the record belongs. Use the drop-down field to select any of the following access controls:
-
Assignments only — This is the default option for the field. This option allows access to records that the user created, submitted, approved, or rejected. As a supervisor, the user can also view all records created, submitted, approved, or rejected by subordinate users.
-
View All Records — This option allows the user to access all records that are available in the corresponding approval application. The records display in read-only mode unless the user is currently the assigned user and has rights to take action on the record.
- Apply Employee Record Level View Access — This option only applies to the Absence Requests application. This option allows the user to search for and select any absence request record that belongs to an employee for which the user has employee record level view access. The records display in read-only mode unless the user is currently the assigned user and has rights to take action on the record.
- Apply Vendor Record Level View Access — This option only applies to AP Invoice Approvals. This option allows the user to search for and select any AP Invoice Approval record that belongs to a vendor for which the user has vendor record level view access. The records display in read-only mode unless the user is currently the assigned user and has rights to take action on the record.
|