角色访问 (窗口 ID-268)
窗口: 角色访问
描述: 维护数据存取规则
幫助: Maintain Data Access Roles of Roles Responsibilties
TAB: 角色
描述: Role with Data Access Restriction
幫助 Select Role for with Data Access Restrictions
File:角色访问 - 角色 - 窗口 (iDempiere 1.0.0).png
| 名稱 | 名稱 | 描述 | 幫助 | 產品規格 |
|---|---|---|---|---|
| Client | 客户 | 安装此软件的客户 | 客户是一个公司或者合法的实体。你不能在客户之间共享数据。 | AD_Client_ID numeric(10) NOT NULL Table Direct |
| Organization | 机构 | 客户内的机构实体。 | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID numeric(10) NOT NULL Table Direct |
| Name | 名称 | Alphanumeric identifier of the entity | The name of an entity (record) is used as an default search option in addition to the search key. The name is up to 60 characters in length. | Name character varying(60) NOT NULL String |
| Description | 描述 | 该记录的可选描述 | 描述最多为 255 个字符。 | Description character varying(255) String |
| Preference Level | Preference Level | Determines what preferences the user can set | Preferences allow you to define default values. If set to None, you cannot set any preference nor value preference. Only if set to Client, you can see the Record Info Change Log. | PreferenceType character(1) NOT NULL List |
| Maintain Change Log | 维护变化日志 | 维护变化的一个日志 | If selected, a log of all changes is maintained. | IsChangeLog character(1) NOT NULL Yes-No |
| Show Accounting | 显示财务 | Users with this role can see accounting information | This allows to prevent access to any accounting information. | IsShowAcct character(1) NOT NULL Yes-No |
| Access all Orgs | Access all Orgs | Access all Organizations (no org access control) of the client | When selected, the role has access to all organizations of the client automatically. This also increases performance where you have many organizations. | IsAccessAllOrgs character(1) NOT NULL Yes-No |
| Can Report | Can Report | Users with this role can create reports | You can restrict the ability to report on data. | IsCanReport character(1) NOT NULL Yes-No |
| Can Export | Can Export | Users with this role can export data | You can restrict the ability to export data from Adempiere. | IsCanExport character(1) NOT NULL Yes-No |
| Personal Lock | 个人数据加锁 | Allow users with role to lock access to personal records | If enabled, the user with the role can prevent access of others to personal records. If a record is locked, only the user or people who can read personal locked records can see the record. | IsPersonalLock character(1) NOT NULL Yes-No |
| Personal Access | 个人数据访问权 | Allow access to all personal records | Users of this role have access to all records locked as personal. | IsPersonalAccess character(1) NOT NULL Yes-No |
TAB: 表访问
描述: 维护表访问
幫助 If listed here, the Role can(not) access all data of this table, even if the role has access to the functionality.
If you Include Access to a table and select Read Only, you can only read data (otherwise full access).
If you Exclude Access to a table and select Read Only, you can only read data (otherwise no access).
Please note that table access rules here are in addition to the Data Access Levels defined for a Table and the User Level defined for a Role. These rules are evaulated first and you only need to define the exceptions to these rules here.
Note that access information is cached and requires re-login or reset of cache. Be aware that if you use Include rules, that you need to include also several supporting entiries. As an alternative, grant access only to functionality required. File:角色访问 - 表访问 - 窗口 (iDempiere 1.0.0).png
| 名稱 | 名稱 | 描述 | 幫助 | 產品規格 |
|---|---|---|---|---|
| Client | 客户 | 安装此软件的客户 | 客户是一个公司或者合法的实体。你不能在客户之间共享数据。 | AD_Client_ID numeric(10) NOT NULL Table Direct |
| Organization | 机构 | 客户内的机构实体。 | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID numeric(10) NOT NULL Table Direct |
| Role | 角色 | 职责角色 | The Role determines security and access a user who has this Role will have in the System. | AD_Role_ID numeric(10) NOT NULL Table Direct |
| Table | 表 | 字段所在表 | The Table indicates the table in which a field or fields reside. | AD_Table_ID numeric(10) NOT NULL Table Direct |
| Active | 有效 | 本记录有效 | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive character(1) NOT NULL Yes-No |
| Exclude | 排除 | Exclude Access to the Data | If selected, the role cannot access the data specified. If not selected, the role can ONLY access the data specified | IsExclude character(1) NOT NULL Yes-No |
| Access Type | Access Type | The type of access for this rule | If you restrict Access to the entity, you also cannot Report or Export it (i.e. to have access is a requirement that you can report or export the data). The Report and Export rules are further restrictions if you have access. | AccessTypeRule character(1) NOT NULL List |
| Read Only | 只读 | 字段被只有读 | The Read Only indicates that this field may only be Read. It may not be updated. | IsReadOnly character(1) NOT NULL Yes-No |
| Can Report | Can Report | Users with this role can create reports | You can restrict the ability to report on data. | IsCanReport character(1) NOT NULL Yes-No |
| Can Export | Can Export | Users with this role can export data | You can restrict the ability to export data from Adempiere. | IsCanExport character(1) NOT NULL Yes-No |
TAB: 列访问
描述: 维护列访问
幫助 If listed here, the Role can(not) access the column of this table, even if the role has access to the functionality
File:角色访问 - 列访问 - 窗口 (iDempiere 1.0.0).png
| 名稱 | 名稱 | 描述 | 幫助 | 產品規格 |
|---|---|---|---|---|
| Client | 客户 | 安装此软件的客户 | 客户是一个公司或者合法的实体。你不能在客户之间共享数据。 | AD_Client_ID numeric(10) NOT NULL Table Direct |
| Organization | 机构 | 客户内的机构实体。 | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID numeric(10) NOT NULL Table Direct |
| Role | 角色 | 职责角色 | The Role determines security and access a user who has this Role will have in the System. | AD_Role_ID numeric(10) NOT NULL Table Direct |
| Table | 表 | 字段所在表 | The Table indicates the table in which a field or fields reside. | AD_Table_ID numeric(10) Table Direct |
| Column | 列 | 在表中的列 | 链接到数据库表中的列。 | AD_Column_ID numeric(10) NOT NULL Table Direct |
| Active | 有效 | 本记录有效 | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive character(1) NOT NULL Yes-No |
| Exclude | 排除 | Exclude Access to the Data | If selected, the role cannot access the data specified. If not selected, the role can ONLY access the data specified | IsExclude character(1) NOT NULL Yes-No |
| Read Only | 只读 | 字段被只有读 | The Read Only indicates that this field may only be Read. It may not be updated. | IsReadOnly character(1) NOT NULL Yes-No |
TAB: 记录访问
描述: 维护记录访问
幫助 If listed here, the Role can(not) access the data records of this table, even if the role has access to the functionality
File:角色访问 - 记录访问 - 窗口 (iDempiere 1.0.0).png
| 名稱 | 名稱 | 描述 | 幫助 | 產品規格 |
|---|---|---|---|---|
| Client | 客户 | 安装此软件的客户 | 客户是一个公司或者合法的实体。你不能在客户之间共享数据。 | AD_Client_ID numeric(10) NOT NULL Table Direct |
| Organization | 机构 | 客户内的机构实体。 | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID numeric(10) NOT NULL Table Direct |
| Role | 角色 | 职责角色 | The Role determines security and access a user who has this Role will have in the System. | AD_Role_ID numeric(10) NOT NULL Table Direct |
| Table | 表 | 字段所在表 | The Table indicates the table in which a field or fields reside. | AD_Table_ID numeric(10) NOT NULL Table Direct |
| Record ID | 记录ID | 记录的内部ID | The Record ID is the internal unique identifier of a record | Record_ID numeric(10) NOT NULL Button |
| Active | 有效 | 本记录有效 | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive character(1) NOT NULL Yes-No |
| Exclude | 排除 | Exclude Access to the Data | If selected, the role cannot access the data specified. If not selected, the role can ONLY access the data specified | IsExclude character(1) NOT NULL Yes-No |
| Read Only | 只读 | 字段被只有读 | The Read Only indicates that this field may only be Read. It may not be updated. | IsReadOnly character(1) NOT NULL Yes-No |
| Dependent Entities | Dependent Entities | Also check access in dependent entities | Also dependent entities are included. Please be aware, that enabling this rule has severe consequences and that this is only wanted in some circumstances.
Example Rule: "Include Payment Term Immediate with Dependent Entities"
|
IsDependentEntities character(1) NOT NULL Yes-No |
.png){kind=link}
.png){kind=link}
.png){kind=link}
.png){kind=link}