Object Access Control

This document explains what object access control is. It also lists the different programs in Sales and Distribution where this functionality can be implemented.

Before you start

  • User groups, object access groups and the connections between them must be defined before you can begin using object access control. Each user who is to be included must be connected to a user group.
  • A user must be defined in 'User. Open' (MNS150).
  • A user group must be defined in 'User Group. Open' (CRS004).
  • An object access group must be defined in 'Object Access Group. Open' (CRS006) and be connected to a user group in 'Object Access Group. Connect User Group' (CRS007).

Purpose

Object access control is a security feature for functions in M3.

You can use object access control to ensure that only authorized personnel have access to certain records.

When a user tries to access a record that is connected to an object access group, the system checks to see whether the user belongs to a user group that is connected to the relevant object access group. If so, the user is granted access. If not, a message appears on the screen telling the user that he/she has been denied access.

Example: Using object access control

You have created an object access group called Prices for price maintenance.

You have also created a user group called Pricemaint for personnel who are responsible for pricing. All qualified users must be connected to this user group.

To make object access control work, the object access group and the user group need to be connected to each other.

A price list has to be connected to the object access group Prices in the function 'Sales Price List. Open' (OIS017/E).

If a user who is not connected to the user group Pricemaint tries to open that particular price list after it has been connected to the object access group Prices, he/she will be denied access.

These functions can be connected to an object access group:

  • 'Customer Blanket Agreement. Open' (OIS060)
  • 'CO Charge. Open' (OIS030)
  • 'Order Line Charge Model. Open' (CRS278)
  • 'Sales Costing Model. Open' (OIS022)
  • 'Discount Campaign. Open' (OIS820)
  • 'Promotion. Open' (OIS840)
  • 'Bonus/Commission Agreement. Open' (OIS412)
  • 'Sales Price List. Open' (OIS017)
  • 'Sales Price Report. Open' (OIS530)
  • 'Purchase Costing Model. Open' (PPS285)
  • 'Purchase Agreement. Open' (PPS100)
  • 'Customer. Open' (CRS610)
  • 'Customer. Open Local Exceptions' (MFS610).

Outcome

A user group and an object access group have been created. These two groups are subsequently connected to each other in order to obtain object access control.

Object access control can be used when a company, for security reasons, wants only a limited number of employees to have access to records in various programs such as price lists.

Related topics