Technical Tuesday: Using Hidden Folders to Manage Access Rights

Doug Johnson | November 8, 2016

Acumatica provides role-based security so you can manage security rights at several levels. In this article we describe a way to provide access to screens without adding them to the menu structure.

Technical Tuesday: Using Hidden Folders to Manage Access Rights

Environment: 6.00.1129

Data: SalesDemo demo data from partner portal

Scenario Overview

Business Problem

Acumatica allows you to set role-based rights by:

  • Suites: Finance, Distribution, Configuration, etc.
  • Modules: General Ledger, Accounts Payable, etc.
  • Screen: any Acumatica screen
  • Field: any Acumatica screen
  • Field-value levels: using row-level security

There are situations where users may need read-only access to screens or reports in a module because they are referenced from other screens or drill-downs.

If you change access rights in the normal way, the screen will be visible in the menu structure within Acumatica.

Demonstration Scenario

Assume we have users who need to enter customer invoices in Accounts Receivable, but should not be able see or access the General Ledger module.

This is quite easy to setup, but in the Financial Details tab of the Invoices and Memos screen (AR301000) there is a link to the GL batch that is created when the invoice is released. We want to grant our users read-only access to this GL batch screen without having the General Ledger appear in the main menu.

In this scenario, the challenge is to setup granular security rights without creating complex security administration.

Acumatica Implementation

To implement this, we will perform the following steps:

  1. Create new role and assign the appropriate security rights.
  2. Add a duplicate link to your read-only screens or reports in a hidden folder on the site map
  3. Update the access rights to include the hidden area

These steps can be accomplished in a minute or two. More importantly, this implementation is easy to maintain.

Step 1: Create and assign new role

I this step we create a new role that we can add to our salespeople and assign the appropriate security rights.

  • Navigate to the User Roles (Configuration > User Security > User Roles) screen and add a new role. I called it SALESAR.

    Add new role

  • Go to access rights by role and select the new role you created.
    • Set Finance Suite permission to Granted

      Set Finance Suite permission to Granted

    • Set Accounts Receivable permission to View Only

      Set Accounts Receivable permission to View Only

    • Set Invoices and Memos permission to Insert

      Set Invoices and Memos permission to Insert

  • Navigate to the Users screen and assign this role to the user “williams” in the SalesDemo data.
  • After assigning the SALESAR role to our sales person, they can see the Accounts Receivable module, but not
  • With these settings, a user with the SALESAR role can see enter invoices, but if the person navigates to the Financial Details tab and clicks the batch number, they receive an error “You have insufficient rights to access object (Journal Entry)”.

    You have insufficient rights to access object (Journal Entry)

  • NOTE: the module only appears if the user has access to two or more modules. If the user has access to Accounts Receivable only, then it will not appear. If the user has access to two modules in the Financial Suite, then both will appear.

Step 2: Add a Duplicate Link to your Report or Form in a Hidden Folder

Follow the steps below to add a duplicate link to your read-only screens or reports in a hidden folder on the site map.

  • Open the Site Map (SM200520, System -> Customization -> Manage)
  • Add the Journal Transactions (GL301000) form to the Hidden folder, as shown in the screen shot. When you add a form to the Hidden folder, it is not displayed in the navigation pane, but you can access it by using the Id or from another form.

    Add the Journal Transactions (GL301000) form to the Hidden folder

Step 3: Assign View-Only Rights to the Screen(s) in the Hidden Folders

When you add a form to the Hidden folder, it is not displayed in the navigation pane, but you can access it by using the Id or from another form. In this step we grant rights to view the screen that we just added to the hidden folder.

  • Return to the Access Rights by Role screen, select the SALESAR role, and grant view-only to the Journal Transactions screen you just added.

    Grant view-only to the Journal Transactions screen

  • Test the change by logging in as williams, navigating to the Invoice and Memos screen, and Clicking the Batch Nbr. link in the Financial Details tab. The screen below shows my result.

    Clicking the Batch Nbr. link in the Financial Details tab

  • Notice two things: the journal entry appears in view-only mode and the Journal Transactions screen (as well as the General Ledger module) does not appear in the menu.

Conclusion

Acumatica role-based security allows you to define granular usage rights for suites, modules, screens, and fields. As a web-application, Acumatica allows convenient access to related data by drilling down or into from forms and reports.

  • Forms examples: Drill into GL transactions from various transactions, drill into sales orders from purchase orders, navigate to CRM data from AR invoices or sales orders, etc.
  • Report examples: generic inquiries can drill into other generic inquiries or screens.

The drill down can cross suites or modules. When this happens, users may receive an insufficient rights error when they click a link. If you do not want your users to see this error message, you can (1) hide the offending field using standard access rights or (2) copy the screen to a hidden folder and provide access to it via the hidden folder.

In this article we showed how to perform the second technique so you can provide access to the screen without having the screen appear in Acumatica menus. Have further questions or want to learn about more cool features in Acumatica? Join us for Acumatica Summit 2017 in San Diego January 29 through February 3. I look forward to seeing you there!

asdasd
Doug Johnson

Director of Partner Programs and Enablement at Acumatica. Doug is in charge of showing people the specifics about what makes Acumatica’s Cloud ERP software awesome for our customers and partners. For other tips and technical training, stay tuned on Tuesdays.

Subscribe to our bi-weekly newsletter

Subscribe