In my "Understanding and troubleshooting the Batch Server" session during the "Sage X3 Technical Support Tips and Tricks (March 2022)" I glossed over "Authorisation Level" as I didn’t have time to go into it’s detail. In this blog I will take a look at what this option provides and show how it can be used.
What is Authorisation Level and where is it used?
Authorisation Level is used in the Batch Server context and provides additional authorisation to specific batch job tasks, allowing you fine-grained control over which batch jobs specific users can launch.
By default, all batch jobs can be launched by all users (within their normal authorisation limits) but this feature allows you to define a numerical Authorisation Level value to some or all your batch tasks, which is then compared to the Authorisation Level assigned to a user. If the user Authorisation Level is lower than or equal to the Batch Tasks Authorisation Level, then they have access to it, otherwise it is blocked.
Setup and configuration
Parameters
In Parameter values, the Batch Task Level parameter defines the default Authorisation Level value to allocate to users when they are created.
Navigate to Parameters, General Parameters, Parameter values
Batch Task Level https://online-help.sageerpx3.com/erp/12/staticpost/batch-task-level/
Users can only execute tasks at a level lower than or equal to this level
Tasks
To setup Authorisation Level for batch tasks, you navigate to Usage, Batch Server, Task Management for single tasks, or Usage, Batch Server, Groups of Tasks
The “Authorisation Level“ can be a value from 1 to 99. The exact number you use is arbitrary, but bear in mind higher numbers should be available to fewer users. e.g. level 15 could be used for tasks that most users can access, whereas level 95 could be used for reports that very few users can access.
Due to the maintenance requirement of the tasks, and the users, you also need to consider which tasks need to be restricted and which do not, with a view to keeping the administration of this feature to a minimum.
You could perhaps band tasks into groups of numbers to make it easier to control.
For example: Task Authorisation Level value ranges:
| NULL | no restriction (default) |
| 11 - 30 | Elevated permissions required |
| 51 – 70 | Power Users only |
| 81 - 99 | Administrators |
Users
Users are created with the Authorisation Level value as specified in the “Batch Task Level” parameter and can run any tasks with no Authorisation Level specified, or a value up to and including 10 (as this is my configured value). This means I only need to worry about any user who needs elevated permissions or higher.
To set the user value, navigate to Parameters, Users, Users
Select the user you wish to change, go to the Parameter definitions, then find the Supervisor module, AUZ group, then Detail
Set the “Batch Task Level” (NIVBATCH) for the selected user to the value appropriate for your requirements
Click OK, then Save to save the change
Demonstration
For the purposes of my demonstration, I will configure the following Batch Tasks and Users. The number in brackets is the Authorisation Level and the Yes/No in the grid shows whether the user can run it as a batch task or not. All the users have the same user function/menu setup so have access to the same functions through the front end.
NOTE: the ADMIN user can see all tasks regardless of these settings.
|
Batch Task \User |
ERPAU (5) |
ERPBR (10) |
ERPUS (20) |
ERP (70) |
|
ACCFINEX “Year End Simulation“ (Not set) |
Yes |
Yes |
Yes |
Yes |
|
AIMP “Printouts” (6) |
No |
Yes |
Yes |
Yes |
|
UTIBASE ”Database Consistency Verificat” (20) |
No |
No |
No ** |
No ** |
|
ACCFIYEND “Fiscal Year End” (60) |
No |
No |
No |
Yes |
|
AHISTO “Archive/Purge” (95) |
No |
No |
No |
No |
|
SYSTEME “System command” (95) |
No |
No |
No |
No |
** These users do not have access to UTIBASE via the menu, so cannot run this function via the Batch Server either. If UTIBASE is added to the Functional Profile for the user, then they will be able to then run it via Batch Server also, as their Authorisation Level is sufficient.
To test the results of this setup, login as the user concerned then navigate to Usage, Batch Server, Query submission (or can also test in Recurring Task Management)
When you try to use the “Validation” button the Authorisation Level is checked, and an error message is provided if you do not have sufficient Authorisation Level to run the task.
Conclusion
I hope this article has provided insight into the Authorisation Level functionality. Feel free to leave a comment below to let me know your feedback.