Data Authority Security
This document describes data authority security to apply to restrictions in order to prevent users and user groups from specifying specific records within a function.
Follow these steps - Authority to access object groups
Authorization to Access Object Groups will qualify users to monitor and maintain different objects in the M3 Business Engine such as sales price lists, statistic reports, orders, facilities, etc. These objects can be connected to an object access group, and different users can be connected to user groups. For each user group, you can specify a number of object access groups. Therefore, if an object is connected to an access group, access is only granted to users that belong to a user group connected to that access group.
-
Create user groups for object access group
Start 'User Group. Open' (CRS004). Create an optional group identity, for example, USRGRP-ONE.
-
Connect users to user groups
Start 'User. Open' (MNS150) and select the user to be connected to a user group for object access groups. You can also connect a user of type GRPPRF, which actually is a user group. See section User Groups.
Start 'User. Access per Company Division' (MNS151) by using option 11=User ID in 'User. Open' (MNS150). A list of companies and divisions the user is authorized to will be displayed. Specify the Company/Division by selecting Open, for which the user should be connected with the user group. Specify the User group - object access field, on the E-panel with the user group for object access groups. Press Enter.
Repeat this step for each company/division that should be connected to a user.
Note: The same user could be connected to different User Groups (for object access) in different companies and/or divisions. If the specific combination of company and division are missing for a certain user, the record containing company and 'blank' division will be used when performing the authority check. -
Create object access group
Start 'Object Access Group. Open' (CRS006). Create an object access group identity, for example, ACCGRP-ONE.
Repeat this step for each company/division that should be connected to a user.
-
Connect the user group to the Object Access Group
Start 'Object Access Group. Connect User Group' (CRS007) by using option 11 in 'Object Access Group. Open' (CRS006). Connect one or several user groups to the object access group.
Repeat this step for each company/division that should be connected to a user.
-
Connect the Object Access Group to an object
This step can be completed in different functions, e.g. 'Facility. Open' (CRS008), 'Sales Price List. Open' (OIS017), 'Sales Stats/Budget Report. Open' (OSS412).
Select the object (record) and click Open. Specify the Object access group field and select the actual object access group for this object (function). When an object is connected to an access group, access is only granted to users that belong to a user group connected to that access group.
Authorization to items, orders, general ledger
You can make authorization for users and restrict non-authorized users to certain functions as item types, item categories, order types, general ledgers, purchase orders. You can set up these authorities in M3 BE:
- Authorization for General Ledger - 'Settings - Access Authority Check' (GLS005)
- Authorization for Customer Orders - 'Authorization Group for CO Type. Open' (OIS007)
- Authorization for Purchase Orders - 'Purchase Authority. Open' (PPS235)
- Authorization for Work Orders - 'Work Order Authorization. Open' (MOS175)
- Authorization for Items - 'Item. Connect Authority' (MMS014)