You use this program to view the different levels of access that have been configured against your operators. It provides a central area for administrators to establish what security access is defined for operators.
Field | Description |
---|---|
Options | |
Create Conflict.txt | This creates a sample file in your
\Work folder (on the server) which
enables you to construct a list of program pairs to which
access should never be granted to a single operator as it
would constitute a role/task conflict in your
organization. For example: If access to Posting AP invoices (program APSPIN) and Paying AP invoices (program APSP95) should never be granted to a single operator, then these programs must be listed as a pair in the conflict.txt file. When an operator is granted access to both these programs then a conflict is indicated in the Conflict column of the Program listview. |
Show all records | This displays all available records in the panes. |
Show allowed records | This displays only those records for which the operator is allowed access. |
This displays a list of operators against which you can select to view the level of access configured.
This displays a list of activities within the system, indicating whether access has been configured against the operator or the operator role.
Click the hyperlink in the Activity description column to display a window listing all operators who have access to that Activity.
This displays a list of fields within the system, indicating whether access has been configured against the operator or the operator role.
Click the hyperlink in the Field description column to display a window listing all operators who have access to that Field.
This displays a list of programs within the system, indicating whether access has been configured against the operator role or operator group.
A conflict is only highlighted when both programs in a conflicting pair are allowed access based on the conflict.txt file. Conflicting programs are applicable to program access defined globally or configured by role.
Click the hyperlink in the Program column to display a window listing all operators who have access to that Program.
This displays a list of key fields within the system, indicating whether access has been configured against the operator or the operator role.
Click the hyperlink in the Access control column to display a window displaying all options for that Access control type. You can select an option from this listview to view a list of all operators who have access to that Control.
This displays a list of eSignatures within the system, indicating whether access has been configured against the operator, operator role, company, operator group or system wide.
Click the hyperlink in the Transaction description column to display a window listing all operators who have access to that transaction ID.
This displays a list of Workflow operations within the system, indicating whether access has been configured against the company or operator role.
Click the hyperlink in the Workflow column to display a window listing all operators who have access to that Workflow operation.
This displays a list of groups within the system (including subgroup) indicating those to which the operator belongs.
Click the hyperlink in the Operator group column to display a window listing all operators assigned to that Group.
A role conflict file must exist before you can report on role conflicts. To create this file you need to select the Create Conflict.txt option from the Options menu of the Operator Audit program ( -> -> -> ).
You can tailor this file to your specific requirements. The file contains a list of program pairs that, in your opinion, constitute a conflict in your organization.
For example: If you don't consider it appropriate for an operator to have access to processing manual checks as well as voiding checks in the Accounts Payable module, then you would list the programs: APSP82APSP93 in the conflict.txt file.
The conflict.txt file must have the following properties:
The file must be a text file that can be created using an editor such as Notepad.
The file name must be conflict.txt. The file name is not case-sensitive unless you are using a Unix based operating system, in which case the file name must be in capital letters.
The file must reside in your \Work folder and, in a client/server environment, on the server.
Each line of the text file comprises two six-character SYSPRO program names or e.net business objects, which result in a role conflict. The program name pairs are separated by a single space.
Comments can be included in the text file. They can be included at the beginning of the line (i.e. with a semi-colon in column 1) or they can be added from column 25 onwards in a line, providing a semi-colon is placed in column 25.
Role conflicts are applied both in the order in which the programs appear in the conflict.txt file and in reverse. For example: If the operator is allowed access to both IMPMOG and APSP82 then the role conflict is listed against IMPMOG and against APSP82 in the report. |
The following is an example of a conflict.txt file with comments:
;Role conflicts for IMPMOG - Admin operator groups
IMPMOG APSP82
;AP Manual Check Payment
IMPMOG APSP93
;AP Void payment entry
;Role conflicts for IMPPMP - Admin Operators
IMPPMP APSP82
IMPPMP APSP93
The following is an example of a conflict.txt file without comments:
IMPMOG APSP82
IMPMOG APSP93
IMPPMP APSP82
IMPPMP APSP93
When Activity access is configured by role, an operator can have access to the same activity via more than one role, so it is possible that the same activity is displayed more than once.
When Field access is configured by role, an operator can have access to the same field via more than one role, so it is possible that the same field is displayed more than once.
An operator can have access to a transaction via more than one role, so it is possible that the same Workflow is displayed more than once.
An operator can have access to a program via more than one group, so it is possible that the same program is displayed more than once. The primary group and/or role is displayed in bold text.
An operator can have access to a transaction via more than one setting (operator/group/company/role) so it is possible that the same transaction is displayed more than once.