MKMS Help

User Access Rights

This Help File Page was last Modified on 05/28/2013

User Access Rights

This Help File Page was last Modified on 05/28/2013

Previous topic Next topic  

User Access Rights

This Help File Page was last Modified on 05/28/2013

Previous topic Next topic  
The User Access Rights Form allows the System Administrator to assign individual rights, on a User by User basis, to specifically selected Data Entry and Look Up Forms, each with its own Form Name. as well as defining (in some cases) Field by Field User Access Rights.
These Forms Based Access Rights (CRUDA) are Create, Read, Update, Delete, and Audit.
If entries are to be tracked by the Internal Auditing System's Audit Report,  be sure to Check the Audit box.
A User attempting to exceed their User Access Rights on any Form will see a message similar to the one illustrated below explaining the reason for the denial.

 

HelpFilesUserRightsExceededMessage

Insufficient security rights to edit a record

 

Normally, Employees (Users) are assigned to an Employee Group - thus granting those Employees access to, and therefore specified Access Rights for, a Set of Forms the Access Rights to which have been granted to that Employee Group (see the Form Names, Employee Groups and Information Processing Forms chapters for more information about Forms).
The appropriate Form Names and associated Access Rights should be based on what needs to be accomplished by (the tasks typically assigned to) that Employee Group.
Sometimes an Employee needs additional (or fewer) Access Rights than those established in the Employee Group to which they've been assigned.
To accommodate this situation, the User Access Rights Form provides the means to individually grant Access Rights, further limit or remove Access Rights, to specifically selected Form Names, an/or Fields within those Forms.
In the example illustrated below, we have a set of Forms and Access Rights for an individual who needs to create Invoices for Sales, Post Receipts and Allocate those Receipts to specific Invoices.
The Accounting Information Form in the example shown below has a list of Field Names that may be selectively granted or denied by Checking or Unchecking those individual Access Rights.

HelpFilesUserAccessRightsExample

User Access Rights Form - Accommodating various Sales Invoicing entry, Receipt Posting and Allocation responsibilities

 

To assign User Access Rights to specific Form Names, from the Main Menu Select the Security menu and Click User Access Rights.
These User Access Rights entries are intended to supplement and/or reduce existing Access Rights to Form Names which have been granted to the Employee as a result of being a Member of an Employee Group.
If the Employee has been assigned to an Employee Group on the Security tab of the Employee Form, and if the Access Rights granted to that Employee Group are sufficient for that Employee, no additional entry needs to be made here, for that Employee.
The User Access Rights assigned here are intended to supplement and/or reduce existing Access Rights to Form Names which have previously been granted to an Employee as a result of being a Member of an Employee Group.
There are three sections on this User Access Rights Form:
1.Available Forms - Lists all Form Names, for Forms, Procedures and Reports within the MKMS and MKMSCS applications.
2.Assigned Forms - Lists all Form Names, for Forms, Procedures and Reports that have User Access Rights specifically and individually assigned to the selected Employee.
The Assigned Forms on the User Access Rights Form override any Access Rights assigned to this Employee as a result of being a Member of an Employee Group.
3.Field List - Many of the listed in the Assigned Forms section have individual Field Names to which Access may be specifically Granted or Denied.
By default, when Field Names are listed, each will be Checked indicating that Access is Granted.
By removing the Check, Access to that Field Name is Denied.

 

Why Assign User Access Rights - Customize the Forms - and in some cases the Field Names - that an Employee is permitted to access, and specify the Access Rights to be granted when viewing those Forms:
CRUDA - Assigning Access Rights sets the User's ability to Create, Read, Update, Delete, and/or Audit (i.e., C.R.U.D.A.) information on any data entry Form that accesses and/or reports information in the database.
Form Names - A Form is any screen within the program that allows for data entry, look-up, retrieval or reporting.

HelpFilesUserAccessRights

User Access Rights Form - Available Forms & Assigned Forms lists

 

Understanding the User Access Rights Form:
Employee - Using the Drop-Down Selection List provided, Select the Employee for whom you will be adding (or deleting) Access Rights.
Available Forms Column - Set the User Access Rights, Choose the Form(s), and transfer them to the Assigned Forms list:
Check the box(es) that represent the Access Rights that are to be assigned to the selected Employee for the selected Forms.
Check the box(es) for the desired Forms.
Click the Right Arrow > (in the vertical column separating Available Forms from Assigned Forms columns) to move the Checked Forms to the Assigned Forms column.
To move the all of the Forms to the Assigned Forms column, Click the Double Right Arrows >> (something that will rarely be done here).
Assigned Forms Column - Review what was transferred and, if appropriate, Uncheck Access Rights as may be necessary to fine-tune the Access Rights assignments.
You may also individually Select any of the Assigned Forms:
Click the Left Arrow < (in the vertical column separating Available Forms from Assigned Forms columns) to remove it - and its related Access Rights - from the Assigned Forms column.
Click the Double Left Arrows << to remove all the Assigned Forms - and their related Access Rights - from the Assigned Forms column.

 

Denying Access Rights - Identify any Forms to which the Employee's Access Rights should be restricted or denied compared to what was granted by being a Member of an Employee Group.
If the Employee has been assigned to an Employee Group on the Security tab of the Employee Form, and if the Access Rights granted to that Employee Group are greater than that Employee needs (they should be restricted from accessing one or more Forms):
Using the Drop-Down Selection List provided, Select the Employee for whom you want to Deny certain or all Access Rights to one or more Forms.
In the Available Forms column, Locate and Check the Form(s) to which Access is (or selected Access Rights are) to be Denied.
If Access is to be completely Denied:
Check the Access Right of A (Audit)  - because at least one Access Right must be Checked to move this Form to the Assigned Forms column - all other Access Rights should be Unchecked.
Confirm that you have Chosen only those Form(s) for which Access is to be completely Denied.
Click the Right Arrow > to move the selected Form(s) to the Assigned Forms column.

HelpFilesUserAccessRightsAuditOnly

 

Uncheck the A (Auditable) box to remove that Access Right for each selected Form.
Click Save ü to record the change.
This procedure will completely Deny Access by this Employee to the selected Form(s).
This is because the User Access Rights Form's assignments supercede the Employee Groups Form's assignments of Access Rights, so the selected Form(s) will now be inaccessible to that Employee.
If specific Access Rights assigned in the Employee Group are to be Denied: but other assigned Access Rights are to be permitted:
Check only the Access Rights that are to be permitted.
Confirm that you have Checked the correct Form(s) in the Assigned Forms column.
Click the Right Arrow > to move the selected Form(s) to the Assigned Forms column.
Click Save ü to record the change.
This is because the User Access Rights Form's assignments super cede the Employee Groups Form's assignments of Access Rights, so the selected Form(s) will only allow the Employee those Access Rights assigned here, rather than what was assigned in their Employee Group.
In the example shown above:
The Employee originally had access to the Widget Dashboard Configuration Form through assignment to an Administrative Employee Group with that access, but it was decided he did not need it.
That Form was located in the Available Forms column and Checked, but with only Auditable Rights granted.
It was then moved to the Assigned Forms column with only Auditable Rights.
Finally, the Auditable box will be Unchecked (see the mouse pointer in the illustration above where it's about to Uncheck the Auditable Right).
You must Click Save ü to record the change.
The Employee is now completely blocked from accessing that Widget Dashboard Configuration Form.