Role Data Access (Vindue ID-268)
Vindue: Role Data Access
Beskrivelse: Maintain Data Access Rules
Hjælp: Maintain Data Access Roles of Roles/Responsibilties. Note that access information is cached and requires re-login or reset of cache.
TAB: Role
Beskrivelse: Role with Data Access Restriction
Hjælp Select Role for with Data Access Restrictions.
Note that access information is cached and requires re-login or reset of cache.
Fil:Role Data Access - Role - Vindue (iDempiere 1.0.0).png
| Navn | Navn | Beskrivelse | Hjælp | Specifikationer |
|---|---|---|---|---|
| Client | Firma | Firmaet i installationen. | Det kan være en virksomhed eller juridisk enhed. Du kan ikke dele data mellem firmaer. | AD_Client_ID numeric(10) NOT NULL Table Direct |
| Organization | Organisation | Organisatorisk enhed i firmaet | En organisation er en enhed i firmaet eller juridisk enhed, f.eks. butik, varehus. Du kan dele data mellem organisationer. | AD_Org_ID numeric(10) NOT NULL Table Direct |
| Name | Navn | Alfanumerisk markør til objektet | Navnet på et objekt (eller post) bruges som en startsøgeværdi ud over søgenøglen. Du kan skrive 60 tegn. | Name character varying(60) NOT NULL String |
| Description | Beskrivelse | Valgfri kort beskrivelse af posten | Du kan skrive op til 255 tegn. | Description character varying(255) String |
| Preference Level | Preference Level | Determines what preferences the user can set | Preferences allow you to define default values. If set to None, you cannot set any preference nor value preference. Only if set to Client, you can see the Record Info Change Log. | PreferenceType character(1) NOT NULL List |
| Maintain Change Log | Maintain Change Log | Maintain a log of changes | If selected, a log of all changes is maintained. | IsChangeLog character(1) NOT NULL Yes-No |
| Show Accounting | Show Accounting | Users with this role can see accounting information | This allows to prevent access to any accounting information. | IsShowAcct character(1) NOT NULL Yes-No |
| Access all Orgs | Access all Orgs | Access all Organizations (no org access control) of the client | When selected, the role has access to all organizations of the client automatically. This also increases performance where you have many organizations. | IsAccessAllOrgs character(1) NOT NULL Yes-No |
| Can Report | Can Report | Users with this role can create reports | You can restrict the ability to report on data. | IsCanReport character(1) NOT NULL Yes-No |
| Can Export | Can Export | Users with this role can export data | You can restrict the ability to export data from Adempiere. | IsCanExport character(1) NOT NULL Yes-No |
| Personal Lock | Personal Lock | Allow users with role to lock access to personal records | If enabled, the user with the role can prevent access of others to personal records. If a record is locked, only the user or people who can read personal locked records can see the record. | IsPersonalLock character(1) NOT NULL Yes-No |
| Personal Access | Personal Access | Allow access to all personal records | Users of this role have access to all records locked as personal. | IsPersonalAccess character(1) NOT NULL Yes-No |
TAB: Table Access
Beskrivelse: Maintain Table Access
Hjælp If listed here, the Role can(not) access all data of this table, even if the role has access to the functionality.
If you Include Access to a table and select Read Only, you can only read data (otherwise full access).
If you Exclude Access to a table and select Read Only, you can only read data (otherwise no access).
Please note that table access rules here are in addition to the Data Access Levels defined for a Table and the User Level defined for a Role. These rules are evaulated first and you only need to define the exceptions to these rules here.
Note that access information is cached and requires re-login or reset of cache. Be aware that if you use Include rules, that you need to include also several supporting entiries. As an alternative, grant access only to functionality required. Fil:Role Data Access - Table Access - Vindue (iDempiere 1.0.0).png
| Navn | Navn | Beskrivelse | Hjælp | Specifikationer |
|---|---|---|---|---|
| Client | Firma | Firmaet i installationen. | Det kan være en virksomhed eller juridisk enhed. Du kan ikke dele data mellem firmaer. | AD_Client_ID numeric(10) NOT NULL Table Direct |
| Organization | Organisation | Organisatorisk enhed i firmaet | En organisation er en enhed i firmaet eller juridisk enhed, f.eks. butik, varehus. Du kan dele data mellem organisationer. | AD_Org_ID numeric(10) NOT NULL Table Direct |
| Role | Rolle | Ansvarsrolle | Rollen bestemmer det sikkerheds- og adgangsniveau, som brugeren skal have i systemet. | AD_Role_ID numeric(10) NOT NULL Table Direct |
| Table | Tabel | Tabel for felter | Her angives den tabel, hvor et felt eller felter findes. | AD_Table_ID numeric(10) NOT NULL Table Direct |
| Active | Aktiv | Posten er aktiv i systemet | Du kan låse poster på 2 måder i systemet: Først kan du slette posten, eller du kan deaktivere posten. En deaktiveret post kan ikke vælges, men indgår i rapporter. Der er 2 grunde til vælge deaktivering frem for sletning af poster: (1) Systemet skal kunne råde over posten aht. revision. (2) Posten er knyttet til andre poster. Du kan f.eks. ikke slette en handelspartner, hvis der findes fakturaer, der knytter sig til vedkommende. I stedet deaktiveres forbindelsen, således at han/hun ikke indgår i fremtidige posteringer. | IsActive character(1) NOT NULL Yes-No |
| Exclude | Exclude | Exclude access to the data - if not selected Include access to the data | If selected (excluded), the role cannot access the data specified. If not selected (included), the role can ONLY access the data specified. Exclude items represent a negative list (i.e. you don't have access to the listed items). Include items represent a positive list (i.e. you only have access to the listed items).
|
IsExclude character(1) NOT NULL Yes-No |
| Access Type | Access Type | The type of access for this rule | If you restrict Access to the entity, you also cannot Report or Export it (i.e. to have access is a requirement that you can report or export the data). The Report and Export rules are further restrictions if you have access. | AccessTypeRule character(1) NOT NULL List |
| Read Only | Kun læs | Feltet kan kun læses | Her angives, at feltet kun kan læses. Du kan ikke foretage opdateringer. | IsReadOnly character(1) NOT NULL Yes-No |
| Can Report | Can Report | Users with this role can create reports | You can restrict the ability to report on data. | IsCanReport character(1) NOT NULL Yes-No |
| Can Export | Can Export | Users with this role can export data | You can restrict the ability to export data from Adempiere. | IsCanExport character(1) NOT NULL Yes-No |
TAB: Column Access
Beskrivelse: Maintain Column Access
Hjælp If listed here, the Role can(not) access the column of this table, even if the role has access to the functionality.
If you Include Access to a column and select Read Only, you can only read data (otherwise full access).
If you Exclude Access to a column and select Read Only, you can only read data (otherwise no access).
Note that access information is cached and requires re-login or reset of cache.
Fil:Role Data Access - Column Access - Vindue (iDempiere 1.0.0).png
| Navn | Navn | Beskrivelse | Hjælp | Specifikationer |
|---|---|---|---|---|
| Client | Firma | Firmaet i installationen. | Det kan være en virksomhed eller juridisk enhed. Du kan ikke dele data mellem firmaer. | AD_Client_ID numeric(10) NOT NULL Table Direct |
| Organization | Organisation | Organisatorisk enhed i firmaet | En organisation er en enhed i firmaet eller juridisk enhed, f.eks. butik, varehus. Du kan dele data mellem organisationer. | AD_Org_ID numeric(10) NOT NULL Table Direct |
| Role | Rolle | Ansvarsrolle | Rollen bestemmer det sikkerheds- og adgangsniveau, som brugeren skal have i systemet. | AD_Role_ID numeric(10) NOT NULL Table Direct |
| Table | Tabel | Tabel for felter | Her angives den tabel, hvor et felt eller felter findes. | AD_Table_ID numeric(10) Table Direct |
| Column | Kolonne | Kolonne i tabellen | Kobling til databasekolonne i tabellen. | AD_Column_ID numeric(10) NOT NULL Table Direct |
| Active | Aktiv | Posten er aktiv i systemet | Du kan låse poster på 2 måder i systemet: Først kan du slette posten, eller du kan deaktivere posten. En deaktiveret post kan ikke vælges, men indgår i rapporter. Der er 2 grunde til vælge deaktivering frem for sletning af poster: (1) Systemet skal kunne råde over posten aht. revision. (2) Posten er knyttet til andre poster. Du kan f.eks. ikke slette en handelspartner, hvis der findes fakturaer, der knytter sig til vedkommende. I stedet deaktiveres forbindelsen, således at han/hun ikke indgår i fremtidige posteringer. | IsActive character(1) NOT NULL Yes-No |
| Exclude | Exclude | Exclude access to the data - if not selected Include access to the data | If selected (excluded), the role cannot access the data specified. If not selected (included), the role can ONLY access the data specified. Exclude items represent a negative list (i.e. you don't have access to the listed items). Include items represent a positive list (i.e. you only have access to the listed items).
|
IsExclude character(1) NOT NULL Yes-No |
| Read Only | Kun læs | Feltet kan kun læses | Her angives, at feltet kun kan læses. Du kan ikke foretage opdateringer. | IsReadOnly character(1) NOT NULL Yes-No |
TAB: Record Access
Beskrivelse: Maintain Record Access
Hjælp You create Record Access records by enabling "Personal Lock" for the administrative role and Ctl-Lock (holding the Ctrl key while clicking on the Lock button).
If listed here, the Role can(not) access the data records of this table, even if the role has access to the functionality.
If you Include Access to a record and select Read Only, you can only read data (otherwise full access).
If you Exclude Access to a recorf and select Read Only, you can only read data (otherwise no access).
Note that access information is cached and requires re-login or reset of cache.
Fil:Role Data Access - Record Access - Vindue (iDempiere 1.0.0).png
| Navn | Navn | Beskrivelse | Hjælp | Specifikationer |
|---|---|---|---|---|
| Client | Firma | Firmaet i installationen. | Det kan være en virksomhed eller juridisk enhed. Du kan ikke dele data mellem firmaer. | AD_Client_ID numeric(10) NOT NULL Table Direct |
| Organization | Organisation | Organisatorisk enhed i firmaet | En organisation er en enhed i firmaet eller juridisk enhed, f.eks. butik, varehus. Du kan dele data mellem organisationer. | AD_Org_ID numeric(10) NOT NULL Table Direct |
| Role | Rolle | Ansvarsrolle | Rollen bestemmer det sikkerheds- og adgangsniveau, som brugeren skal have i systemet. | AD_Role_ID numeric(10) NOT NULL Table Direct |
| Table | Tabel | Tabel for felter | Her angives den tabel, hvor et felt eller felter findes. | AD_Table_ID numeric(10) NOT NULL Table Direct |
| Record ID | Bogfør-ID | Direkte, interne post-ID | Bogfør-ID er en intern og entydig markør til en post | Record_ID numeric(10) NOT NULL Button |
| Active | Aktiv | Posten er aktiv i systemet | Du kan låse poster på 2 måder i systemet: Først kan du slette posten, eller du kan deaktivere posten. En deaktiveret post kan ikke vælges, men indgår i rapporter. Der er 2 grunde til vælge deaktivering frem for sletning af poster: (1) Systemet skal kunne råde over posten aht. revision. (2) Posten er knyttet til andre poster. Du kan f.eks. ikke slette en handelspartner, hvis der findes fakturaer, der knytter sig til vedkommende. I stedet deaktiveres forbindelsen, således at han/hun ikke indgår i fremtidige posteringer. | IsActive character(1) NOT NULL Yes-No |
| Exclude | Exclude | Exclude access to the data - if not selected Include access to the data | If selected (excluded), the role cannot access the data specified. If not selected (included), the role can ONLY access the data specified. Exclude items represent a negative list (i.e. you don't have access to the listed items). Include items represent a positive list (i.e. you only have access to the listed items).
|
IsExclude character(1) NOT NULL Yes-No |
| Read Only | Kun læs | Feltet kan kun læses | Her angives, at feltet kun kan læses. Du kan ikke foretage opdateringer. | IsReadOnly character(1) NOT NULL Yes-No |
| Dependent Entities | Dependent Entities | Also check access in dependent entities | Also dependent entities are included. Please be aware, that enabling this rule has severe consequences and that this is only wanted in some circumstances.
Example Rule: "Include Payment Term Immediate with Dependent Entities"
|
IsDependentEntities character(1) NOT NULL Yes-No |
.png){kind=link}
.png){kind=link}
.png){kind=link}
.png){kind=link}