Role Management

Exploring

This program lets you maintain operator roles and configure settings for each role.

Role management enables system administrators to easily pre-configure and control a number of settings within SYSPRO.

Operators are assigned to one or more roles using the Operator Maintenance program which are then applied to the operator's profile.

  • This program is accessible from the Ribbon bar:

    SYSPRO Ribbon bar > Setup

Programs

Security Settings Dashboard

Operator Maintenance

Operator Groups

Password Definition

Customization Management

Customization Profiler

Operator Roles

PDF and Video Resources

Feature Guides

Starting

  • When you initially implement SYSPRO, you should define your global role settings, before adding any roles.
  • If you are currently using SYSPRO, you should only set the global role settings after you have defined all the required roles and have assigned your existing operators to these roles.

You can restrict operator access to programs by assigning them to groups and applying access control against the group (configured using the Operator Groups program).

By default, access to this program is disabled for all operator groups other than the ADMIN group.

Solving

While in Role Design on a client or the server, the changes are stored in Role_### (memory) on both the server and the client. After exiting the design mode, the changes are saved to a Role folder (e.g. Role_001) on the server and the Role_### folder is deleted from the client.

If you are designing a new role, then the next time the operator who is linked to the newly-created role logs in, the new role folder self-heals to the client.

If you are changing an existing role, then the Role folder is updated immediately if the operator designing the role is linked to the same role, otherwise self-healing takes place on the next session the user linked to the role logs in.

The server checks the date-time stamp on the version.txt file, and if the file does not exist or the date-time stamp is different, then the folder self-heals to the client.

No, role design always takes precedence over system-wide design.

The VBScript must also be applied at role level.

For the server, a system account can be used, or a user account that is defined against the Communication Service and has all permissions except the following:

  • Full Control
  • Delete
  • Change permissions
  • Take ownership

For the client, a user account defined against the SYSPRO Client Service that has all permissions except the following:

  • Full Control
  • Delete
  • Change permissions
  • Take ownership

A role can be designed on the server or the client, but changes are always saved on the server and self-healed to the client.

The server checks the date time-stamp on the version.txt file. If the file does not exist, or the date time-stamp is different, then the folder self-heals to the client.

Role information is stored in the ADMRLP.DAT file in the \Work folder.

If you inadvertently deleted a role, you can restore this file from a backup to restore the role.

Using

The Global Configuration settings allow you to insist that the following are always configured by role and that the previous operator and group settings do not take effect:

  • eSignatures
  • Program access
  • Activities and fields
  • Access control
  • Workflows

This enables you to ensure that older settings are not used and that only the new role-based settings are applied whenever a new operator is added or an existing operator is linked to a role.

Considerations
  • If you indicate that any of your global role configurations are always by role, then all operators must belong to a role.
  • Global settings to always configure a security setting by role takes precedence over any individual role settings you have defined. For example: If you enable the Program access always by role global configuration option, then regardless of whether program access for a specific role is defined as not configured by role, the program access will always have to be configured by role (i.e. the settings against the individual roles are ignored).

Using the Copy function from the Edit menu, you can create a new role with the same settings as the role currently displayed, however once copied, you need to make at least one change to the new role to be able to save it.

You can copy the individual security settings between existing roles using the following programs:

  • Program access (Role Program Access Maintenance)
  • Activities and fields (Role Activities and Fields Maintenance)
  • Access control (Role Access Control Maintenance)
  • Workflow (Role Workflow Security Maintenance)

When you select the Configure by role option for any of the role configurations, you use the corresponding Browse icon to access the relevant program to define the role settings.

When you access the individual programs to configure role settings, your selections are saved within each of the programs:

  • Role Activities and Fields Maintenance
  • Role Program Access Maintenance
  • Role Access Control Maintenance
  • Customization Management
  • eSignature Setup

Therefore, canceling out of the Role Management program does not undo your selections in those programs.

Configuration considerations
  • To perform web views design by role, the operator should belong to a role and the User interface for the role must be set to Configured by role.

  • You use the Customization Management program to manage the design layouts applied to operator roles once they have been defined.

    The Role Management program enables you to manage the actual roles (e.g. adding, deleting, copying, exporting and importing).

  • When defining roles per company, the role configuration for the operator's default company is in effect until they log into a specific company in SYSPRO.

Referencing

Field Description

Edit

 

Add

Create a new role.

Delete

Delete the current role.

Copy

Create a new role with the same settings as the role currently displayed.

Once copied, you need to make at least one change to the new role to be able to save it.

Options

Global Configuration

Indicate the set of parameters to apply globally to all roles created in SYSPRO.

You should define these parameters before adding any roles.

Import

Import Standard Roles

Import the standard roles shipped with the SYSPRO product.

This adds the standard roles and does not delete or overwrite any roles you may have defined.

Export Roles

Use the Operator Role Export Wizard program to export all (or selective) role settings to a text file.

Once exported, the file can be imported at another SYSPRO site using the Operator Role Import Wizard program.

This enables you to transfer role settings to multiple sites without having to manually recreate the settings for each role on each new site.

Import Roles

Use the Operator Role Import Wizard program to import role settings from a text file that was output using the Operator Role Export Wizard program.

This enables you to transfer the role settings from another site to the current site without having to manually recreate the settings for each role at the current site.

New

Create a new role.

Delete

Delete the current role.

Save

Save your settings.

If you enable eSignatures or Program access settings by role, but no configuration is defined for the role, then the system displays a warning message to that effect and allows you to configure the role details at that point. You will be unable to save your settings until this done.

In addition, the default configurations will apply until you have configured the roles.

Role

Indicate the role you wish to maintain.

Organogram

Select this to use the Role Organogram Maintenance program to view the role organogram.
Field Description

Global role settings

 

All operators must be assigned to a role

Ensure that when a new operator is added or an existing one is maintained, that the operator is assigned to at least one role.

A warning message is displayed if any existing operators are not currently assigned to a role.

You cannot save changes to those operators (using the Operator Maintenance program) until you assign them to a role.

Global role configuration

eSignatures always by role

Indicate that you always want to define Electronic Signature settings by role.

Alternatively, eSignature settings can be configured by:

  • System
  • Company
  • Operator group
  • Operator

Program access always by role

Indicate that you always want to define program access by role.

Alternatively, program access is configured by operator group.

Activities and fields always by role

Indicate that you always want to define access to activities and fields by role.

Alternatively, access to activities and fields are configured by operator.

Access control always by role

Indicate that you always want to define access control to key fields (e.g. bank, AP branch, AR branch, warehouse, etc.) by role.

Alternatively, access control is configured by operator.

Workflow always by role

Indicate that you always want to define access to workflows and operations within workflows by role.

Access to workflows and workflow operations can also be applied from within the SYSPRO Workflow Administration program.

Separate role settings by company

These options enable you to define individual role settings per SYSPRO company.

This means that the same role can be configured differently in your different companies.

For example:

In Company A you can allow operators (belonging to the Salespersons role) to maintain Sales Orders.

In Company B you can deny access to that function for the same operators in the Salespersons role.

eSignatures by company within role

Define eSignatures by company by role.

Program access by company within role

Define program access by company by role.

Activities/fields by company within role

Define activities and fields by company by role.

Access control by company within role

Define access control by company by role.
Field Description

Role configuration

When you select the Configure by role option for any of these configurations, you use the corresponding Browse icon to access the relevant program to define the role settings.

Role

Indicates the description for the role you are currently maintaining.

User interface

Indicate whether you want to configure the user interface for operators belonging to this role according to the role's settings.

Elements of the user interface that you can customize range from docking panes and list views to display forms and entry forms.

eSignatures

Indicate whether you want to configure access to eSignatures for operators belonging to this role according to the role's settings.

Program access

Indicate whether you want to configure program access for operators belonging to this role according to the role's settings.

Activities and fields

Indicate whether you want to configure access to activities and fields for operators belonging to this role according to the role's settings.

Access control

Indicate whether you want to configure access control to key fields (e.g. banks, AP branches, AR branches, warehouses, etc.) for operators belonging to this role according to the role's settings.

Workflow

Indicate whether you want to configure access to workflows (and operations within workflows) for operators belonging to this role according to the role's settings.

This pane displays a tree view of the roles to which operators are currently assigned, together with the operators assigned to them.

This pane displays the list of operators defined for the current company and the roles to which they are linked.