Template:Role (Window ID-111 V1.0.0)

From iDempiere en

Window: Role

Description: Maintain User Responsibilities

Help: The Role Window allows you to define the different roles that users of this system will have. Roles control access to windows, tasks, reports, etc. For a tenant an Administrator and User role are predefined. You may add additional roles to control access for specific functionality or data. You can add users to the role. Note that access information is cached and requires re-login or reset of cache.

Tab: Role

Description: Define responsibility roles

Help: Define the role and add the tenant and organizations the role has access to. You can give users access to this role and modify the access of this role to windows, forms, processes and reports as well as tasks.
If the Role User Level is Manual, the assigned acces rights are not automatically updated (e.g. if a role has a restricted number of Windows/Processes it can access). You need to add organizational access unless the role has access to all organizations. The SuperUser and the user creating a new role are assigned to the role automatically.
If you select an Organization Tree, the user has access to the leaves of summary organizations. Note: You cannot change the System Administrator role.

Role - Role - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Tenant Tenant for this installation. A Tenant is a company or a legal entity. You cannot share data between Tenants. AD_Role.AD_Client_ID
numeric(10)
Table Direct
Organization Organizational entity within tenant An organization is a unit of your tenant or legal entity - examples are store, department. You can share data between organizations. AD_Role.AD_Org_ID
numeric(10)
Table Direct
Name Alphanumeric identifier of the entity The name of an entity (record) is used as an default search option in addition to the search key. The name is up to 60 characters in length. AD_Role.Name
character varying(60)
String
Description Optional short description of the record A description is limited to 255 characters. AD_Role.Description
character varying(255)
String
User Level System Tenant Organization The User Level field determines if users of this Role will have access to System level data, Organization level data, Tenant level data or Tenant and Organization level data. AD_Role.UserLevel
character(3)
List
Manual This is a manual process The Manual check box indicates if the process will done manually. AD_Role.IsManual
character(1)
Yes-No
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

AD_Role.IsActive
character(1)
Yes-No
Master Role A master role cannot be assigned to users, it is intended to define access to menu option and documents and inherit to other roles AD_Role.IsMasterRole
character(1)
Yes-No
Auto expand menu If ticked, the menu is automatically expanded AD_Role.IsMenuAutoExpand
character(1)
Yes-No
Maintain Change Log Maintain a log of changes If selected, a log of all changes is maintained. AD_Role.IsChangeLog
character(1)
Yes-No
Currency The Currency for this record Indicates the Currency to be used when processing or reporting on this record AD_Role.C_Currency_ID
numeric(10)
Table Direct
Approval Amount The approval amount limit for this role The Approval Amount field indicates the amount limit this Role has for approval of documents. AD_Role.AmtApproval
numeric
Amount
Approval Amount Accumulated The approval amount limit for this role accumulated on a period The Approval Amount field indicates the amount limit this Role has for approval of documents within a period limit. AD_Role.AmtApprovalAccum
numeric
Amount
Days Approval Accumulated The days approval indicates the days to take into account to verify the accumulated approval amount. The Days Approval Accumulated field indicates the days to take into account to verify the accumulated approval amount. AD_Role.DaysApprovalAccum
numeric(10)
Integer
Approve own Documents Users with this role can approve their own documents If a user cannot approve their own documents (orders, etc.), it needs to be approved by someone else. AD_Role.IsCanApproveOwnDoc
character(1)
Yes-No
Role Type AD_Role.RoleType
character varying(2)
List
Preference Level Determines what preferences the user can set Preferences allow you to define default values. If set to None, you cannot set any preference nor value preference. Only if set to Tenant, you can see the Record Info Change Log. AD_Role.PreferenceType
character(1)
List
Menu Tree Tree of the menu Menu access tree AD_Role.AD_Tree_Menu_ID
numeric(10)
Table
Access Advanced AD_Role.IsAccessAdvanced
character(1)
Yes-No
Access all Orgs Access all Organizations (no org access control) of the tenant When selected, the role has access to all organizations of the tenant automatically. This also increases performance where you have many organizations. AD_Role.IsAccessAllOrgs
character(1)
Yes-No
Use User Org Access Use Org Access defined by user instead of Role Org Access You can define the access to Organization either by Role or by User. You would select this, if you have many organizations. AD_Role.IsUseUserOrgAccess
character(1)
Yes-No
Personal Lock Allow users with role to lock access to personal records If enabled, the user with the role can prevent access of others to personal records. If a record is locked, only the user or people who can read personal locked records can see the record. AD_Role.IsPersonalLock
character(1)
Yes-No
Personal Access Allow access to all personal records Users of this role have access to all records locked as personal. AD_Role.IsPersonalAccess
character(1)
Yes-No
Can Report Users with this role can create reports You can restrict the ability to report on data. AD_Role.IsCanReport
character(1)
Yes-No
Can Export Users with this role can export data You can restrict the ability to export data from iDempiere. AD_Role.IsCanExport
character(1)
Yes-No
Tenant Administrator This role is a tenant administrator AD_Role.IsClientAdministrator
character(1)
Yes-No
Show Accounting Users with this role can see accounting information This allows to prevent access to any accounting information. AD_Role.IsShowAcct
character(1)
Yes-No
Overwrite Price Limit Overwrite Price Limit if the Price List enforces the Price Limit The Price List allows to enforce the Price Limit. If set, a user with this role can overwrite the price limit (i.e. enter any price). AD_Role.OverwritePriceLimit
character(1)
Yes-No
Confirm Query Records Require Confirmation if more records will be returned by the query (If not defined 500) Enter the number of records the query will return without confirmation to avoid unnecessary system load. If 0, the system default of 500 is used. AD_Role.ConfirmQueryRecords
numeric(10)
Integer
Max Query Records If defined, you cannot query more records as defined - the query criteria needs to be changed to query less records Enter the number of records a user will be able to query to avoid unnecessary system load. If 0, no restrictions are imposed. AD_Role.MaxQueryRecords
numeric(10)
Integer
Organization Tree Trees are used for (financial) reporting and security access (via role) Trees are used for (finanial) reporting and security access (via role) AD_Role.AD_Tree_Org_ID
numeric(10)
Table
Allow Info Account AD_Role.Allow_Info_Account
character(1)
Yes-No
Allow Info Schedule AD_Role.Allow_Info_Schedule
character(1)
Yes-No
Allow Info Product AD_Role.Allow_Info_Product
character(1)
Yes-No
Allow Info BPartner AD_Role.Allow_Info_BPartner
character(1)
Yes-No
Allow Info Order AD_Role.Allow_Info_Order
character(1)
Yes-No
Allow Info Invoice AD_Role.Allow_Info_Invoice
character(1)
Yes-No
Allow Info InOut AD_Role.Allow_Info_InOut
character(1)
Yes-No
Allow Info Payment AD_Role.Allow_Info_Payment
character(1)
Yes-No
Allow Info Asset AD_Role.Allow_Info_Asset
character(1)
Yes-No
Allow Info Resource AD_Role.Allow_Info_Resource
character(1)
Yes-No
Predefined Context Variables Predefined context variables to inject when opening a menu entry or a window AD_Role.PredefinedContextVariables
character varying(4000)
String

Tab: Org Access

Description: Maintain Role Org Access

Help: Add the tenant and organizations the user has access to. Entries here are ignored, if User Org Access is selected or the role has access to all roles.
Note that access information is cached and requires re-login or reset of cache.

Role - Org Access - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Tenant Tenant for this installation. A Tenant is a company or a legal entity. You cannot share data between Tenants. AD_Role_OrgAccess.AD_Client_ID
numeric(10)
Table Direct
Organization Organizational entity within tenant An organization is a unit of your tenant or legal entity - examples are store, department. You can share data between organizations. AD_Role_OrgAccess.AD_Org_ID
numeric(10)
Table Direct
Role Responsibility Role The Role determines security and access a user who has this Role will have in the System. AD_Role_OrgAccess.AD_Role_ID
numeric(10)
Table Direct
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

AD_Role_OrgAccess.IsActive
character(1)
Yes-No
Read Only Field is read only The Read Only indicates that this field may only be Read. It may not be updated. AD_Role_OrgAccess.IsReadOnly
character(1)
Yes-No

Tab: User Assignment

Description: Users with this Role

Help: The User Assignment Tab displays Users who have been defined for this Role.

Role - User Assignment - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Tenant Tenant for this installation. A Tenant is a company or a legal entity. You cannot share data between Tenants. AD_User_Roles.AD_Client_ID
numeric(10)
Table Direct
Organization Organizational entity within tenant An organization is a unit of your tenant or legal entity - examples are store, department. You can share data between organizations. AD_User_Roles.AD_Org_ID
numeric(10)
Table Direct
Role Responsibility Role The Role determines security and access a user who has this Role will have in the System. AD_User_Roles.AD_Role_ID
numeric(10)
Search
User/Contact User within the system - Internal or Business Partner Contact The User identifies a unique user in the system. This could be an internal user or a business partner contact AD_User_Roles.AD_User_ID
numeric(10)
Search
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

AD_User_Roles.IsActive
character(1)
Yes-No

Tab: Window Access

Description: Window Access

Help: The Window Access Tab defines the Windows and type of access that this Role is granted.

Role - Window Access - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Tenant Tenant for this installation. A Tenant is a company or a legal entity. You cannot share data between Tenants. AD_Window_Access.AD_Client_ID
numeric(10)
Table Direct
Organization Organizational entity within tenant An organization is a unit of your tenant or legal entity - examples are store, department. You can share data between organizations. AD_Window_Access.AD_Org_ID
numeric(10)
Table Direct
Role Responsibility Role The Role determines security and access a user who has this Role will have in the System. AD_Window_Access.AD_Role_ID
numeric(10)
Table Direct
Window Data entry or display window The Window field identifies a unique Window in the system. AD_Window_Access.AD_Window_ID
numeric(10)
Table Direct
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

AD_Window_Access.IsActive
character(1)
Yes-No
Read Write Field is read / write The Read Write indicates that this field may be read and updated. AD_Window_Access.IsReadWrite
character(1)
Yes-No

Tab: Process Access

Description: Process Access

Help: The Process Access Tab defines the Processes and type of access that this Role is granted.

Role - Process Access - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Tenant Tenant for this installation. A Tenant is a company or a legal entity. You cannot share data between Tenants. AD_Process_Access.AD_Client_ID
numeric(10)
Table Direct
Organization Organizational entity within tenant An organization is a unit of your tenant or legal entity - examples are store, department. You can share data between organizations. AD_Process_Access.AD_Org_ID
numeric(10)
Table Direct
Role Responsibility Role The Role determines security and access a user who has this Role will have in the System. AD_Process_Access.AD_Role_ID
numeric(10)
Table Direct
Process Process or Report The Process field identifies a unique Process or Report in the system. AD_Process_Access.AD_Process_ID
numeric(10)
Table Direct
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

AD_Process_Access.IsActive
character(1)
Yes-No
Read Write Field is read / write The Read Write indicates that this field may be read and updated. AD_Process_Access.IsReadWrite
character(1)
Yes-No

Tab: Form Access

Description: Form Access

Help: The Form Access Tab defines the Forms and type of access that this Role is granted.

Role - Form Access - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Tenant Tenant for this installation. A Tenant is a company or a legal entity. You cannot share data between Tenants. AD_Form_Access.AD_Client_ID
numeric(10)
Table Direct
Organization Organizational entity within tenant An organization is a unit of your tenant or legal entity - examples are store, department. You can share data between organizations. AD_Form_Access.AD_Org_ID
numeric(10)
Table Direct
Role Responsibility Role The Role determines security and access a user who has this Role will have in the System. AD_Form_Access.AD_Role_ID
numeric(10)
Table Direct
Special Form Special Form The Special Form field identifies a unique Special Form in the system. AD_Form_Access.AD_Form_ID
numeric(10)
Table Direct
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

AD_Form_Access.IsActive
character(1)
Yes-No
Read Write Field is read / write The Read Write indicates that this field may be read and updated. AD_Form_Access.IsReadWrite
character(1)
Yes-No

Tab: Info Access

Description:

Help:

Role - Info Access - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Tenant Tenant for this installation. A Tenant is a company or a legal entity. You cannot share data between Tenants. AD_InfoWindow_Access.AD_Client_ID
numeric(10)
Table Direct
Organization Organizational entity within tenant An organization is a unit of your tenant or legal entity - examples are store, department. You can share data between organizations. AD_InfoWindow_Access.AD_Org_ID
numeric(10)
Table Direct
Role Responsibility Role The Role determines security and access a user who has this Role will have in the System. AD_InfoWindow_Access.AD_Role_ID
numeric(10)
Table Direct
Info Window Info and search/select Window The Info window is used to search and select records as well as display information relevant to the selection. AD_InfoWindow_Access.AD_InfoWindow_ID
numeric(10)
Table Direct
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

AD_InfoWindow_Access.IsActive
character(1)
Yes-No

Tab: Workflow Access

Description: Workflow Access

Help: The Workflow Access Tab defines the Workflows and type of access that this Role is granted.

Role - Workflow Access - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Tenant Tenant for this installation. A Tenant is a company or a legal entity. You cannot share data between Tenants. AD_Workflow_Access.AD_Client_ID
numeric(10)
Table Direct
Organization Organizational entity within tenant An organization is a unit of your tenant or legal entity - examples are store, department. You can share data between organizations. AD_Workflow_Access.AD_Org_ID
numeric(10)
Table Direct
Role Responsibility Role The Role determines security and access a user who has this Role will have in the System. AD_Workflow_Access.AD_Role_ID
numeric(10)
Table Direct
Workflow Workflow or combination of tasks The Workflow field identifies a unique Workflow in the system. AD_Workflow_Access.AD_Workflow_ID
numeric(10)
Table Direct
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

AD_Workflow_Access.IsActive
character(1)
Yes-No
Read Write Field is read / write The Read Write indicates that this field may be read and updated. AD_Workflow_Access.IsReadWrite
character(1)
Yes-No

Tab: Task Access

Description: Task Access

Help: The Task Access Tab defines the Task and type of access that this Role is granted.

Role - Task Access - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Tenant Tenant for this installation. A Tenant is a company or a legal entity. You cannot share data between Tenants. AD_Task_Access.AD_Client_ID
numeric(10)
Table Direct
Organization Organizational entity within tenant An organization is a unit of your tenant or legal entity - examples are store, department. You can share data between organizations. AD_Task_Access.AD_Org_ID
numeric(10)
Table Direct
Role Responsibility Role The Role determines security and access a user who has this Role will have in the System. AD_Task_Access.AD_Role_ID
numeric(10)
Table Direct
OS Task Operation System Task The Task field identifies a Operation System Task in the system. AD_Task_Access.AD_Task_ID
numeric(10)
Table Direct
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

AD_Task_Access.IsActive
character(1)
Yes-No
Read Write Field is read / write The Read Write indicates that this field may be read and updated. AD_Task_Access.IsReadWrite
character(1)
Yes-No

Tab: Document Action Access

Description: Define access to document type / document action / role combinations.

Help: Define access to document type / document action / role combinations.

Role - Document Action Access - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Tenant Tenant for this installation. A Tenant is a company or a legal entity. You cannot share data between Tenants. AD_Document_Action_Access.AD_Client_ID
numeric(10)
Table Direct
Organization Organizational entity within tenant An organization is a unit of your tenant or legal entity - examples are store, department. You can share data between organizations. AD_Document_Action_Access.AD_Org_ID
numeric(10)
Table Direct
Role Responsibility Role The Role determines security and access a user who has this Role will have in the System. AD_Document_Action_Access.AD_Role_ID
numeric(10)
Table Direct
Document Type Document type or rules The Document Type determines document sequence and processing rules AD_Document_Action_Access.C_DocType_ID
numeric(10)
Table Direct
Reference List Reference List based on Table The Reference List field indicates a list of reference values from a database tables. Reference lists populate drop down list boxes in data entry screens AD_Document_Action_Access.AD_Ref_List_ID
numeric(10)
Table Direct
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

AD_Document_Action_Access.IsActive
character(1)
Yes-No

Tab: Included roles

Description:

Help:

Role - Included roles - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Sequence Method of ordering records; lowest number comes first The Sequence indicates the order of records AD_Role_Included.SeqNo
numeric(10)
Integer
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

AD_Role_Included.IsActive
character(1)
Yes-No
Role Responsibility Role The Role determines security and access a user who has this Role will have in the System. AD_Role_Included.AD_Role_ID
numeric(10)
Search
Included Role AD_Role_Included.Included_Role_ID
numeric(10)
Table

Tab: Document Status Access

Description:

Help:

File:Role - Document Status Access - Window (iDempiere 1.0.0).png

Fields
Name Description Help Technical Data
Tenant Tenant for this installation. A Tenant is a company or a legal entity. You cannot share data between Tenants. PA_DocumentStatusAccess.AD_Client_ID
numeric(10)
Table Direct
Organization Organizational entity within tenant An organization is a unit of your tenant or legal entity - examples are store, department. You can share data between organizations. PA_DocumentStatusAccess.AD_Org_ID
numeric(10)
Search
Role Responsibility Role The Role determines security and access a user who has this Role will have in the System. PA_DocumentStatusAccess.AD_Role_ID
numeric(10)
Table Direct
User/Contact User within the system - Internal or Business Partner Contact The User identifies a unique user in the system. This could be an internal user or a business partner contact PA_DocumentStatusAccess.AD_User_ID
numeric(10)
Search
Document Status PA_DocumentStatusAccess.PA_DocumentStatus_ID
numeric(10)
Table Direct
Active The record is active in the system There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.

There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries.

PA_DocumentStatusAccess.IsActive
character(1)
Yes-No
Cookies help us deliver our services. By using our services, you agree to our use of cookies.