Record Access Tab of Roles

Even if a role does not have access to an Info Center, you can still set up record level read and update criteria for reporting purposes. Before you can assign access rights to any Vision module, you must activate the module in Configuration > Module Activation.

Application Record Access Grid

Use this grid to control the role's access to portions of the Vision application, including access to menu items and records. Options on this grid depend on the Vision applications that are installed.

Field	Description
Application Record Access Drop-down	Click the drop-down arrow on a grid header to complete any of the following actions: To print grid data, click Print. On the Print Preview form, click File > Print to send the grid data to your default printer. To export grid data to an Excel spreadsheet, click Export to Excel. When Microsoft Excel opens, use its features to modify, print, or email the grid data, or to save the spreadsheet file locally. To turn on grouping for a grid, click Enable Grouping. When a field displays with the instruction: "`Drag a column header here to group by that column`," drag and drop column headers into the field, in the sequence that you want them to display. Not all options are available on all grids.
Application	Select the `Vision` application for which you want to establish access rights. The applications that display depend on the `Vision` applications that you install.
Access	Click in this field, and use the drop-down list to select the access rights for the selected item. Read Only — The role can look at records but not add, modify, or delete record information. Modify Only — The role can read records and modify information, but cannot add new records or delete records. Add/Modify — The role can read, modify, and add records, but cannot delete records. Full — The role can read, add, modify, and delete records. The Access column is view-only for certain applications. You must use the `Vision` default for these applications. Options for Billing Terms If you did not select Billing Terms on the General tab, you can select one of the following settings to specify access to billing terms: Percent Complete — Users assigned to a role for which this setting is selected can view all information on the Fees tab on the Billing Terms form but can only update percent complete and fee-to-date fields on the Fees tab and the Description field on the General tab. None — Users assigned to a role for which this setting is selected can view all information on the Fees tab and General tab on the Billing Terms form, but cannot update any of that information. These users cannot use the Billing Terms link in the Navigation pane, in the Project Info Center, or in Interactive Billing to display the Billing Terms form. These users can only display the fee information using the Update Fees options in Invoice Approvals, Interactive Approvals, or Interactive Billing (assuming that they have access to one or more of those forms). Users who only have this access to fee information and the description in Billing Terms cannot use the Billing Terms link in the Navigation pane, in the Project Info Center, or in Interactive Billing to display the Billing Terms form. They can only display the fee information using the Update Fees options in Invoice Approvals, Interactive Approvals, or Interactive Billing (assuming they have access to one or more of those forms).
Record Level View	Click in this field, and then click to open a lookup dialog box and determine the records that members of this role can view within the selected application. For example, for the `Client` application, you might give a role the ability to see `client` information in the `Client` Info Center for only a subset of `clients`. This setting also controls the list of records that are returned in the search results list in lookup fields and user-defined lookup fields for this application that appear in other applications (such as in the Primary Client lookup field in the `Project` Info Center). `Client` Info Center Example You set up record level view security so that security role A can view only one `client`—Brown and Associates. John is assigned to role A. Outcome: In the `Client` Info Center, when John opens the `Client` lookup in the Search field, the only `client` that will be returned in the search is Brown and Associates. This is the only `client` whose record John can view in the `Client` Info Center. In the `Project` Info Center, when John opens the `Client` lookup in the Primary Client field, the only `client` that will be returned in the search is Brown and Associates. This is the only `client` that he can assign to a `project` in the `Project` Info Center. In the `Project` Info Center when John opens the `Client` lookup in a user-defined `client` field, the only `client` that will be returned in the search is Brown and Associates. This is the only, `client` in the user-defined `client` field that he can assign to a `project` in the `Project` Info Center. The exception to this behavior is the record level view setting that you assign for the Employees Info Center. The Employees record level view setting is not applied to the Employee lookup fields in other Info Centers (for example, the Principal, Project Manager, or Supervisor lookup fields in the `Project` Info Center). Employees Info Center Example You set up record level view security so that security role A can view only one employee - Emily Collins. John is assigned to role A. Outcome: In the Employees Info Center when John opens the Employee lookup in the Search field, the only employee that will be returned in the search is Emily Collins. This is the only employee whose record John can view in the Employees Info Center. In the `Project` Info Center when John opens the Employee lookup in the Principal, Project Manager, or Supervisor fields, all employees are returned in the search. John can assign any employee to a `project` in the `Project` Info Center. In the `Project` Info Center when John opens the Employee lookup in a user-defined employee field, all employees are returned in the search. John can assign any employee to a `project` in the `Project` Info Center. The role's Access settings supersede Record Level View rights. You cannot give a role permission to view a record if the role does not have permission to access the corresponding application. The default for this field is Not in Use.
Record Level Update	Click in this field, and then click to open a lookup dialog box and determine the records that this role can update within the selected application. For example, you might give a role the ability to update information about only a subset of `clients` in the `Client` Info Center. The default for this field is Same as View, meaning that the Record Level Update setting is the same as the Record Level View setting. The role's Access settings supersede Record Update View rights. You cannot give a role permission to update a record if the role doesn't have permission to access the corresponding application.

Options below the grid

Field	Description
Apply record access to all transaction centers	Select this option to apply record level security to limit access to certain records in the Transaction Center.
Enable self service in Employee Review	Select this option to allow employees to view a summary of their own payroll and expense check information on the Employee Review screen. Your role determines access to the Employee Review features.
Allow modification of Disable Login user setting in Users when read-only access	Select this option to give users in this role access to modify the enable/disable login user setting when they only have read-only access to the Users application.
Allow modification of Passwords in Users when read-only access	Select this option to give users in this role access to modify user passwords even if they only have read-only access to the Users application.
Allow access to records in iAccess	This option is available if the role has access to iAccess for Vision. Select this option to give the users in this role the ability to access records in the iAccess application.
Allow Changes to Supporting Documents	This option is available if the role has access to Interactive Billing or Interactive Approvals. Select this option to give the users in this role the ability to modify supporting documents that have been uploaded for transactions. Possible modifications include: Change the description of a supporting document Upload a supporting document in Interactive Billing Delete a supporting document Change the Print with Invoice setting of the supporting document By default, this option is cleared and users can only view supporting documents.

Apply Project access to

Field	Description
Timesheets	Select this option to apply project record level security to limit which projects a user can see when entering personal Timesheet information. This option displays if your firm uses the Vision Time application.
Expense Reports	Select this option to apply project record level security to limit which projects a user can see when entering personal Expense Report information. This option displays if your firm uses the Vision Expense application.
Billing	Select this option to apply project record level security to Vision Billing. This option controls the projects that you can access when you perform the following Billing functions: Interactive Billing Batch Billing Billing Terms Billing Groups Billing Rate Tables Refresh Billing Extensions Invoice Template Editor If you do not select this option, your billing personnel will have access to all projects. If your firm uses the Multicompany feature, and you do not select this option, your billing personnel will have access to all projects where the main billing project belongs to the active company. This option displays if your firm uses Vision Billing.
Sub Projects in Billing Groups	Select this option to restrict subproject lookups based on project record level security when setting up billing groups. When you select this option, the role can view and edit information for all of the accessible main projects, and can add any sub-project to which the role has security access. If the role does not have access to the main project, however, it cannot view the sub-projects, regardless of the rights to access these sub-projects individually.

Activity Access

Use these fields to determine access to Vision activities.

Field	Description
Record Level View	Use the lookup to select one of the following options as the criteria for the chosen info center: Not in Use — Select this option to eliminate Record Level View from the Activity access rights. This is the default setting. Use info center access — Select this option to apply Info Center access to the activity record access. For example, Record Access for the `Client` Info Center is set to all `clients` in California. If you set the activity access to Use info center access, then of all activities associated with a `client`, the role will only be able to view the activities of the `clients` to which it has rights (in other words, all `clients` in California). Use query — Select this option to use a query to determine the activity access rights.
Record Level Update	Use the lookup to select one of the following options as the update access for the record level: Read Only — The role can look at records but cannot add, modify, or delete record information. Modify Only — The role can look at records and make modifications to information, but cannot add new records or delete records. Add/Modify — The role can look at, modify, and add records, but cannot delete records. Full — The role can read, add, modify, and delete records.

Field

Description

Record Level View

Use the lookup to select one of the following options as the criteria for the chosen info center:

Not in Use — Select this option to eliminate Record Level View from the Activity access rights. This is the default setting.
Use info center access — Select this option to apply Info Center access to the activity record access. For example, Record Access for the Client Info Center is set to all clients in California. If you set the activity access to Use info center access, then of all activities associated with a client, the role will only be able to view the activities of the clients to which it has rights (in other words, all clients in California).
Use query — Select this option to use a query to determine the activity access rights.

Record Level Update

Use the lookup to select one of the following options as the update access for the record level:

Read Only — The role can look at records but cannot add, modify, or delete record information.
Modify Only — The role can look at records and make modifications to information, but cannot add new records or delete records.
Add/Modify — The role can look at, modify, and add records, but cannot delete records.
Full — The role can read, add, modify, and delete records.

Approval Workflow Record Access Grid

Field	Description
Approval Workflow Record Access Drop-down	Click the drop-down arrow on a grid header to complete any of the following actions: To print grid data, click Print. On the Print Preview form, click File > Print to send the grid data to your default printer. To export grid data to an Excel spreadsheet, click Export to Excel. When Microsoft Excel opens, use its features to modify, print, or email the grid data, or to save the spreadsheet file locally. To turn on grouping for a grid, click Enable Grouping. When a field displays with the instruction: "`Drag a column header here to group by that column`," drag and drop column headers into the field, in the sequence that you want them to display. Not all options are available on all grids.
Application	This column displays the approval application.
Access	This column displays the type of access that is granted to the user for the corresponding approval application. In order to view a record, the user must be logged in to the company to which the record belongs. Use the drop-down field to select any of the following access controls: Assignments only — This is the default option for the field. This option allows access to records that the user created, submitted, approved, or rejected. As a supervisor, the user can also view all records created, submitted, approved, or rejected by subordinate users. View All Records — This option allows the user to access all records that are available in the corresponding approval application. The records display in read-only mode unless the user is currently the assigned user and has rights to take action on the record. Apply Employee Record Level View Access — This option only applies to the Absence Requests application. This option allows the user to search for and select any absence request record that belongs to an employee for which the user has employee record level view access. The records display in read-only mode unless the user is currently the assigned user and has rights to take action on the record. Apply Vendor Record Level View Access — This option only applies to AP Invoice Approvals. This option allows the user to search for and select any AP Invoice Approval record that belongs to a vendor for which the user has vendor record level view access. The records display in read-only mode unless the user is currently the assigned user and has rights to take action on the record.

Field

Description

Approval Workflow Record Access Drop-down

Click the drop-down arrow on a grid header to complete any of the following actions:

To print grid data, click Print. On the Print Preview form, click File > Print to send the grid data to your default printer.
To export grid data to an Excel spreadsheet, click Export to Excel. When Microsoft Excel opens, use its features to modify, print, or email the grid data, or to save the spreadsheet file locally.
To turn on grouping for a grid, click Enable Grouping. When a field displays with the instruction: "Drag a column header here to group by that column," drag and drop column headers into the field, in the sequence that you want them to display.

Not all options are available on all grids.

Application

This column displays the approval application.

Access

This column displays the type of access that is granted to the user for the corresponding approval application. In order to view a record, the user must be logged in to the company to which the record belongs. Use the drop-down field to select any of the following access controls:

Assignments only — This is the default option for the field. This option allows access to records that the user created, submitted, approved, or rejected. As a supervisor, the user can also view all records created, submitted, approved, or rejected by subordinate users.
View All Records — This option allows the user to access all records that are available in the corresponding approval application. The records display in read-only mode unless the user is currently the assigned user and has rights to take action on the record.
Apply Employee Record Level View Access — This option only applies to the Absence Requests application. This option allows the user to search for and select any absence request record that belongs to an employee for which the user has employee record level view access. The records display in read-only mode unless the user is currently the assigned user and has rights to take action on the record.
Apply Vendor Record Level View Access — This option only applies to AP Invoice Approvals. This option allows the user to search for and select any AP Invoice Approval record that belongs to a vendor for which the user has vendor record level view access. The records display in read-only mode unless the user is currently the assigned user and has rights to take action on the record.

Contents

Index

Glossary

Search Results