Form-level security

After an authorized user has successfully logged on to the application, the user can only view information for which they are authorized. The specific pages, forms, and reports the user can view depends on the user's security group and the security settings that have been specified for the maintenance forms. Each security group is granted permission to view and edit fields in specific areas of the application.

Form-level security determines which maintenance forms and interactions the security groups are authorized to view and modify. The application consists of numerous forms. Each page and certain sections of page (child forms) can be identified as individual forms.

Security groups, such as supervisor, employee, or system administrator, are function-based so that access to information is limited to the parts of the application the user needs to view and modify to perform their job. A security group does not have specific security privileges until they are explicitly granted.

When you assign permissions to individual maintenance forms, the security groups can be granted one permission type:

  • Edit: Enables users (all users in the security group) to view and edit maintenance forms. Any Create New Entry links or Delete check boxes on forms or pages are functional.
  • View: Enables users to view maintenance forms only. Any Create New Entry links or Delete check boxes are hidden.
  • None: Prevents users from accessing maintenance forms. They are not displayed in the Header, Table of Contents, or Folder Tree.

For example, to prevent users in the Supervisors security group from accessing the Weekly Timesheet, set the corresponding permission to None.

Any permission that is set in the JSP Parameter field of the Maintenance Form Detail page overrides the group permissions for the maintenance form. See Maintenance forms.