Step 12. Creating Users and Setting up Access Rights
Overview
The system allows you to configure user access rights to various objects using roles. The role specifies what actions and on which objects the user can perform.
Access Group Profiles
Creating Access Group Profiles
You can start setting up access rights by creating access group profiles. For that:
- Go to Master data and settings > Users and rights settings.
- Click Access group profiles.
- Click Create to create a new one.
- Enter the Description.
- If required, specify the Group (folder) it belongs to.
- On the Allowed actions (roles) tab, select the allowed actions for the member if this access group
- Click Save and close.
Limiting Access Group Profiles
You might want to restrict access to some data within the profile. Note: you cannot edit the predefined profile.
- Go to Master data and settings > Users and rights settings and select the Limit access at record level checkbox.
- Click Access group profiles and open the required one.
- Click More actions > Allow attribute editing > Allow editing.
- On the Access restrictions tab, click Add and specify the required Access kind (for example, companies, business units, and other) and the Access value:
- All denied, configure exceptions in access groups
- All allowed, configure exceptions in access groups
- All denied, configure exceptions in profile
- All allowed, configure exceptions in profile
- If All denied, configure exceptions in profile or All allowed, configure exceptions in profile, specify the exceptions on the Allowed values (or Denied values) tab.
- Click Save and close.
Restricting Access to Companies in Access Group Profiles
To restrict access to one or a few companies:
- Go to Master data and settings > Users and rights settings.
- Click Access group profiles and open the required one.
- Open the Access restrictions tab.
- Click Add and select Companies in the Access kind field and specify All allowed, configure exceptions in profile in the Access Values field.
- On the Denied values tab, click Add and select the company the user must not have access to.
- Click Save and close.
To allow access to only one company and prohibit others:
- Go to Master data and settings > Users and rights settings.
- Click Access group profiles and open the required one.
- Open the Access restrictions tab.
- Click More actions > Allow attribute editing > Allow editing.
- Click Add and select Companies in the Access kind field and specify All denied, configure exceptions in profile in the Access Values field.
- On the Allowed values tab, click Add and select the company the user can access.
- Click Save and close.
Restricting Access to Warehouses in Access Group Profiles
To restrict access to one or a few warehouses:
- Go to Master data and settings > Users and rights settings.
- Click Access group profiles and open the required one.
- Open the Access restrictions tab.
- Click Add and select Warehouses in the Access kind field and specify All allowed, configure exceptions in profile in the Access Values field.
- On the Denied values tab, click Add and select the warehouse the user must not have access to.
- Click Save and close.
To allow access to only one warehouse and prohibit others:
- Go to Master data and settings > Users and rights settings.
- Click Access group profiles and open the required one.
- Open the Access restrictions tab.
- Click More actions > Allow attribute editing > Allow editing.
- Click Add and select Warehouses in the Access kind field and specify All denied, configure exceptions in profile in the Access Values field.
- On the Allowed values tab, click Add and select the warehouses the user can access.
- Click Save and close.
Restricting Access to Business Units in Access Group Profiles
To restrict access to one or a few business units:
- Go to Master data and settings > Users and rights settings.
- Click Access group profiles and open the required one.
- Open the Access restrictions tab.
- Click Add and select Business units in the Access kind field and specify All allowed, configure exceptions in profile in the Access Values field.
- On the Denied values tab, click Add and select the business unit the user must not have access to.
- Click Save and close.
To allow access to only one business unit and prohibit others:
- Go to Master data and settings > Users and rights settings.
- Click Access group profiles and open the required one.
- Open the Access restrictions tab.
- Click More actions > Allow attribute editing > Allow editing.
- Click Add and select Business units in the Access kind field and specify All denied, configure exceptions in profile in the Access Values field.
- On the Allowed values tab, click Add and select the business unit the user can access.
- Click Save and close.
Access Groups
Creating Access Groups
To assign access rights to the particular employees, use the Access groups catalog:
- Go to Master data and settings > Users and rights settings.
- Click Access groups.
- Click Create.
- Specify the Description, Group (folder) it belongs to (if necessary), and a Profile.
- On the Group members tab, click Pick and add users to the group if you already have them. If not, just skip this step.
- If All denied, configure exceptions in access groups or All allowed, configure exceptions in access groups values were selected for the Profile specified for this access group, configure exceptions on the Access restrictions tab.
- Click Save and close.
Note: you can specify one access group profile in different access groups.
Restricting Access to Companies in Access Groups
To restrict access to one or a few companies:
- Go to Master data and settings > Users and rights settings.
- Click Access groups and open the required one.
- Open the Access restrictions tab.
- Click Add and select Companies in the Access kind field and specify All allowed in the Access Values field.
- On the Denied values tab, click Add and select the company the user must not have access to.
- Click Save and close.
To allow access to only one company and prohibit others:
- Go to Master data and settings > Users and rights settings.
- Click Access groups and open the required one.
- Open the Access restrictions tab.
- Click Add and select Companies in the Access kind field and specify All denied in the Access Values field.
- On the Allowed values tab, click Add and select the company the user can access.
- Click Save and close.
Restricting Access to Warehouses in Access Groups
To restrict access to one or a few warehouses:
- Go to Master data and settings > Users and rights settings.
- Click Access groups and open the required one.
- Open the Access restrictions tab.
- Click Add and select Warehouses in the Access kind field and specify All allowed in the Access Values field.
- On the Denied values tab, click Add and select the warehouse the user must not have access to.
- Click Save and close.
To allow access to only one warehouse and prohibit others:
- Go to Master data and settings > Users and rights settings.
- Click Access groups and open the required one.
- Open the Access restrictions tab.
- Click Add and select Warehouse in the Access kind field and specify All denied in the Access Values field.
- On the Allowed values tab, click Add and select the warehouse the user can access.
- Click Save and close.
Restricting Access to Business Units in Access Groups
To restrict access to one or a few business units:
- Go to Master data and settings > Users and rights settings.
- Click Access groups and open the required one.
- Open the Access restrictions tab.
- Click Add and select Business units in the Access kind field and specify All allowed in the Access Values field.
- On the Denied values tab, click Add and select the business unit the user must not have access to.
- Click Save and close.
To allow access to only one business unit and prohibit others:
- Go to Master data and settings > Users and rights settings.
- Click Access groups and open the required one.
- Open the Access restrictions tab.
- Click Add and select Business units in the Access kind field and specify All denied in the Access Values field.
- On the Allowed values tab, click Add and select the business unit the user can access.
- Click Save and close.
Additional Access Groups
To enhance access restrictions, you can select the following checkboxes in Master data and settings > Users and rights settings:
Counterparty (Partner) access groups allow you to configure access to partners and to documents created for these partners. You can combine partners into access groups to restrict or provide the system users with access to them. For example, one user might sell goods only in their native country, the other one is responsible for selling goods to foreign customers. So you can create two access groups and assign different system users to them.
To create a partner/counterparty access group:
- Go to Master data and settings > Users and rights settings.
- Click Counterparty/Partner access groups.
- Click Create.
- Enter the Description.
- Click Save and close.
Item access groups allow you to configure access to products. You can combine individuals into access groups to restrict or allow the system users to edit or add them. For example, if different people in your company are responsible for selling different products, you can create item access groups to make sure one user cannot sell goods someone else is responsible for.
To create an item access group:
- Go to Master data and settings > Users and rights settings.
- Click Item access groups.
- Click Create.
- Enter the Description.
- Click Save and close.
You can set access restrictions to these groups on the Access restrictions tab of the access group or the access group profile.
To restrict access to one or a few item/counterparty/partner access groups:
- Go to Master data and settings > Users and rights settings.
- Click Access group profiles (or Access group) and open the required one.
- Open the Access restrictions tab.
- Click Add and select Partner/Item/Counterparty group in the Access kind field and specify All allowed, configure exceptions in profile (All allowed) in the Access Values field.
- On the Denied values tab, click Add and select the access groups the user must not have access to.
- Click Save and close.
To allow access to only one company and prohibit others:
- Go to Master data and settings > Users and rights settings.
- Click Access group profiles (or Access group) and open the required one.
- Open the Access restrictions tab.
- Click Add and select Companies in the Access kind field and specify All denied, configure exceptions in profile (or All denied) in the Access Values field.
- On the Allowed values tab, click Add and select the access groups the user can access.
- Click Save and close.
Creating Users
- Go to Master data and settings > Users and rights settings
- To combine users into groups, select the Group users checkbox if you want to combine users into groups.
- Click Users. On the left part of the screen, you can see user groups. On the right part of the screen, you can see the users included into the selected group.
- To add users to the group, click it and then click Create. One user can be a member of several user groups.
- Enter the Full name of the user and a short Username, set a password*.
- In the Application interface language field, choose English.
- Click Save.
- Click Access rights at the top.
- In the table below, click Add to group.
- Select the required groups and click Select. If this is the first startup, the system will give the user the administrator rights automatically.
*To set up the requirements to passwords that users create, go to Master data and settings and click Authorization settings. You can apply password complexity requirements (at least 7 characters, contain 3 of 4 character types, etc.), minimum password length, minimum and maximum password validity periods, prohibit to reuse the same password before it is changed several times, specify the number of days the use can be inactive (do not enter the system) before their password becomes invalid.