SYSPRO Ribbon bar > Administration > Role Management

Role Management

You use this program to maintain operator roles and to configure settings for each role. This enables system administrators to easily pre-configure and control a number of settings within SYSPRO.

Operators are assigned to one or more roles using the Operators program which are then applied to the operator's profile.

Toolbar and menu

Field Description
Edit  
Copy

Create a new role with the same settings as the role currently displayed. Once copied, you need to make at least one change to the new role to be able to save it.

You can copy the individual security settings between existing roles using the following programs:

  • Program access (Role Program Access Maintenance)
  • Activities and fields (Role Activities and Fields Maintenance)
  • Access control (Role Access Control Maintenance)
  • Workflow (Role Workflow Security Maintenance)
Options  
Global Configuration Indicate the set of parameters to apply globally to all roles created in SYSPRO.
[Note]

You should define these parameters before adding any roles.

Import  
Import Standard Roles Imports the standard roles shipped with the SYSPRO product.

This adds the standard roles and does not delete or overwrite any roles you may have defined.

Export Roles Uses the Operator Role Export Wizard program to export all (or selective) role settings to a text file.

Once exported, the file can be imported at another SYSPRO site using the Operator Role Import Wizard program.

This enables you to transfer role settings to multiple sites without having to manually recreate the settings for each role on each new site.

Import Roles Uses the Operator Role Import Wizard program to import role settings from a text file that was output using the Operator Role Export Wizard program.

This enables you to transfer the role settings from another site to the current site without having to manually recreate the settings for each role at the current site.

Save Saves your settings.

If you enable eSignatures or Program access settings by role, but no configuration is defined for the role, then the system displays a warning message to that effect and allows you to configure the role details at that point. You will be unable to save your settings until this done.

In addition, the default configurations will apply until you have configured the roles.

Global Configuration

Field Description
Global role settings These settings allow you to insist that eSignatures, Program access, Activities and fields and Access control are always configured by role and that the previous operator and group settings do not take effect.

This enables you to ensure that older settings are not used and that only the new role-based settings are applied whenever a new operator is added or an existing operator is linked to a role.

All operators must be assigned to a role Ensures that when a new operator is added or an existing one is maintained, that the operator is assigned to at least one role.

A warning message is displayed if any existing operators are not currently assigned to a role.

You cannot save changes to those operators (using the Operators program) until you assign them to a role.

Global role configuration

See also: Notes and warnings.

eSignatures always by role Indicates you always want to define Electronic Signature settings by role (see eSignature Setup).

Alternatively, eSignature settings can be configured by system, by company, by operator group or by operator (see eSignature Setup).

Program access always by role Indicates you always want to define program access by role (see Role Program Access Maintenance).

Alternatively, program access is configured by operator group (see Groups).

Activities and fields always by role Indicates you always want to define access to activities and fields by role (see Role Activities and Fields Maintenance).

Alternatively, access to activities and fields are configured by operator (see Operators).

Access control always by role Indicates you always want to define access control to key fields (e.g bank, AP branch, AR branch, warehouse, etc.) by role (see Role Access Control Maintenance).

Alternatively, access control is configured by operator (see Operators).

Workflow always by role Indicates you always want to define access to workflows and operations within workflows by role (see Role Workflow Security Maintenance).

Access to workflows and workflow operations can also be applied from within the SYSPRO Workflow Administration program.

Separate role settings by company These options enable you to define individual role settings per SYSPRO company.

This means that the same role can be configured differently in your different companies.

For example: In Company A you can allow operators (belonging to the Salespersons role) to maintain Sales Orders. In Company B you can deny access to that function for the same operators in the Salespersons role.

[Note]

When defining roles per company, the role configuration for the operator's 'default company' is in effect until they log into a specific company in SYSPRO.

eSignatures by company within role Defines eSignatures by company by role.
Program access by company within role Defines program access by company by role.
Activities/fields by company within role Defines activities and fields by company by role.
Access control by company within role Defines access control by company by role.

Role Information

Field Description
Role configuration When you select the Configure by role option for any of these configurations, you use the corresponding Browse icon to access the relevant program to define the role settings.
[Note]

When you access the individual programs to configure role settings, your selections are saved within each of the programs (e.g. Role Activities and Fields Maintenance, Role Program Access Maintenance, Role Access Control Maintenance,Customization Management, eSignature Setup).

Cancelling out of the Roles program does not therefore undo your selections in those programs.

Role This indicates the description for the role you are currently maintaining.
User interface Indicate whether you want to configure the user interface for operators belonging to this role according to the role's settings.

Elements of the user interface that you can customize range from docking panes and list views to display forms and entry forms. To perform web views design by role, the operator should belong to a role and the User interface for the role must be set to Configured by role.

[Note]

You use the Customization Management program to manage the design layouts applied to operator roles once they have been defined.

The Roles program enables you to manage the actual roles (e.g. adding, deleting, copying, exporting and importing).

eSignatures Indicate whether you want to configure access to eSignatures for operators belonging to this role according to the role's settings (see eSignature Setup).
Program access Indicate whether you want to configure program access for operators belonging to this role according to the role's settings (see Role Program Access Maintenance).
Activities and fields Indicate whether you want to configure access to activities and fields for operators belonging to this role according to the role's settings (see Role Activities and Fields Maintenance).
Access control Indicate whether you want to configure access control to key fields (e.g. banks, AP branches, AR branches, warehouses, etc.) for operators belonging to this role according to the role's settings.
Workflow Indicate whether you want to configure access to workflows (and operations within workflows) for operators belonging to this role according to the role's settings.

Operators Linked to Role

This pane displays the list of operators defined for the current company and the roles to which they are linked.

Role Usage

This pane displays a tree view of the roles to which operators are currently assigned, together with the operators assigned to them.

Hints and Tips

  • Role information is stored in the ADMRLP.DAT file in the ..\Work folder. If you inadvertently deleted a role, you can restore this file from a backup to restore the role.

Notes and warnings

Global configuration

  • When you initially implement SYSPRO, you should define your Global role settings, before adding any roles.

  • If you are currently using SYSPRO, you should only set the Global role settings after you have defined all the required roles and you have assigned your existing operators to these roles.

  • If you indicate that any of your global role configurations are always by role then all operators must belong to a role.

  • Global settings to always configure a security setting by role takes precedence over any individual role settings you have defined.

    For example: if you enable the Program access always by role global configuration option, then regardless of whether program access for a specific role is defined as not configured by role, the program access will always have to be configured by role (i.e. the settings against the individual roles are ignored).

Troubleshooting

FAQs

How are UI role design changes saved in a client-server environment?

While in Role Design on a client or the server, the changes are stored in Role_### (memory) on both the server and the client. After exiting the design mode, the changes are saved to a Role folder (e.g. Role_001) on the server and the Role_### folder is deleted from the client.

If you are designing a new role, then the next time the operator who is linked to the newly created role logs in, the new role folder self-heals to the client.

If you are changing an existing role, then the Role folder is updated immediately if the operator designing the role is linked to the same role, otherwise self-healing takes place on the next session the user linked to the role logs in. The server checks the date-time stamp on the version.txt file, and if the file does not exist or the date-time stamp is different, then the folder self-heals to the client.

Do system wide UI changes take preference over roles?

No, role design always takes precedence over system-wide design.

When adding a system-wide VBScript, will this also apply to roles, or must it also be added in role design?

The VB-Script must also be applied at role level.

Which permissions are required on the server and the client for self healing to work effectively? Does the system use the Windows permissions or the service permissions to determine read/write access?

For the server, a system account can be used, or a user account that is defined against the Communication Service and has all permissions except the following:

  • Full Control

  • Delete

  • Change permissions

  • Take ownership

For the client, a user account defined against the SYSPRO Client Service that has all permissions except the following:

  • Full Control

  • Delete

  • Change permissions

  • Take ownership

Should changes to roles only be made on a client machine, or can they also be made on the server?

A role can be designed on the server or the client, but changes are always saved on the server and self-healed to the client.

If a user moves to a different machine, what does the server use to determine if that role folder exists for that user on the new machine?

The server will check the date-time stamp on the version.txt file. If the file does not exist or the date-time stamp is different, then the folder self-heals to the client.

Inserting Application Help

You would typically follow this procedure to display help for the current program in a customized pane that can be pinned to the program window.

Information includes step-by-step instructions for the various functions available within the program, including a brief overview of what the program does, what setup options are required and how to personalize the program.

  1. Open the program for which you want to insert application help into a customized pane.

    This functionality is only available for a program that has panes.

  2. Right-click any form field.

    You can also click the triangle menu icon that appears in the title area of a pane.

  3. Select Insert Application Help from the context-sensitive menu.

    The application help appears in a pane within your program. You can reposition the pane using the docking stickers or pin it to the program window.

Removing the Application Help pane

If you no longer want to display application help in a pane for your current program, you can simply remove it.

  1. Select the Close icon in the right-hand corner of the application help pane.

  2. Confirm that you want to delete the pane.