Security

M3 Business Engine object authorities in M3 Graphical Lot Tracker

To restrict users and user groups from entering specific records within a function, you can create and activate M3 Business Engine data authority security. This authority to access object groups qualifies users to monitor and maintain different objects in M3 Business Engine, such as sales price lists, orders, warehouses, and facilities. Objects such as these are connected to object access groups. Additionally, users can be connected to user groups and, for each group, any number of object access groups can be specified.

Therefore, if an object is connected to an object access group, then access is only granted to users who belong to a user group that is connected to this access group.

Object access authority can be enforced at the division, facility, and warehouse levels, thus limiting the actions of non-authorized M3 Business Engine users in M3 Graphical Lot Tracker. Non-authorized M3 Business Engine users are users without object access based on their user group.

See Setting up object authority in M3 Business Engine.

In specific situations, the use of object authorizations can complicate trace investigations. For example, the lot might have moved over to a facility or warehouse for which the user is not authorized. If you set the .M3REPORT:LotAudit_ObjAutorization application setting to ‘Disabled’ in M3 Graphical Lot Tracker, then object authorization is disabled only for the Lot Audit report.

Before you start

Before M3 Business Engine object authority can be activated in M3 Graphical Lot Tracker, these requirements must be fulfilled:

  • The user must have access rights to M3 Graphical Lot Tracker with the same credentials as in M3 Business Engine.
  • An object access group must be associated with every object in M3 Business Engine, for example, a warehouse or a facility.
  • Users must be associated with a user group that is linked to the object access group in M3 Business Engine.
  • The .M3Sys:ObjAutorization setting must be enabled in M3 Graphical Lot Tracker.

After the .M3Sys:ObjAutorization setting has been enabled, non-authorized M3 Business Engine users have limited access to M3 Graphical Lot Tracker transactions:

  • Non-authorized users can view the trace object in the trace graph and move focus to this object, but detailed information is not displayed in the Trace panel or in reports.
  • In search panels, transactions for which the user is not authorized are not displayed. This behavior does not apply to the quick search.
  • In drop-down lists, objects for which the user is not authorized are not displayed.
Caution: 
If a user without full authorization performs a recall action, then shipments or stock that should have been affected by the recall could be missed. If you set the .M3REPORT:LotAudit_ObjAutorization application setting to ‘Disabled’, you can override object authorization only for the Lot Audit report.