I was wondering if there was a way to add Row-level permissions by site-grouping or companies instead of a site for some users?
We have made custom functional profiles with all the companies but certain users (more than 10) need access it certain companies only and we rather not create a combination of functional profiles for these users.
Thank You
Andrew
Hi,
For this type of situation, in a company with many users and companies (example 1500 users, 20 profiles and 100 companies), we've created a custom function to manage users and access rights more simply.
The combination of site/company and function is generally too elaborate for the basiic need.
Example: An accountant at company A should have the same Function profile as one in company B.
This approach has several advantages: it's much more efficient, easy to maintain, reduces the number of profiles and makes it easy to tell who has access to which company. You no longer manage access to the site on the Functional authorization but directly on the user.
The only thing to do is to add an entry point on EXEFNC script to control access to sites (and default site) :
#<AdxTL>@(#)0.0.0.0 $Revision$
$ACTION
Case ACTION
When "AUTORIS" : Gosub CT_SITE
When Default
Endcase
Return
$CT_SITE
Local Integer I
[L]I = 0
# Sites access
If clalev([F:YAUB])=0 : Local File AUSRBPR [YAUB] : Endif
If clalev([F:YAFC])=0 : Local File AFONCTION [YAFC] : Endif
Read [F:YAFC]CODINT=GFONCTION
If !fstat
If [F:YAFC]FCYAUZ = 2 and !find(GUSER,"ADMIN")
For [YAUB]AUB0 Where [YAUB]USR = GUSER and [YAUB]ROL = "FCY"
[L]I += 1
GUSRFCY([L]I) = [YAUB]BPR
Next YAUB
If [L]I > 0
GNBAUZ = [L]I
Endif
Endif
Endif
# Defaut site
If clalev([F:ZAUS])=0 : Local File AUTILIS [ZAUS] : Endif
Read [F:ZAUS]CODUSR=GUSER
If !fstat and dim([F:ZAUS]ZGFCYDEF)>0 and [F:ZAUS]ZGFCYDEF <> ""
For [L]I=0 To 15
GFCYDEF([L]I) = [F:ZAUS]ZGFCYDEF
Next
Endif
Return
Hi,
For this type of situation, in a company with many users and companies (example 1500 users, 20 profiles and 100 companies), we've created a custom function to manage users and access rights more simply.
The combination of site/company and function is generally too elaborate for the basiic need.
Example: An accountant at company A should have the same Function profile as one in company B.
This approach has several advantages: it's much more efficient, easy to maintain, reduces the number of profiles and makes it easy to tell who has access to which company. You no longer manage access to the site on the Functional authorization but directly on the user.
The only thing to do is to add an entry point on EXEFNC script to control access to sites (and default site) :
#<AdxTL>@(#)0.0.0.0 $Revision$
$ACTION
Case ACTION
When "AUTORIS" : Gosub CT_SITE
When Default
Endcase
Return
$CT_SITE
Local Integer I
[L]I = 0
# Sites access
If clalev([F:YAUB])=0 : Local File AUSRBPR [YAUB] : Endif
If clalev([F:YAFC])=0 : Local File AFONCTION [YAFC] : Endif
Read [F:YAFC]CODINT=GFONCTION
If !fstat
If [F:YAFC]FCYAUZ = 2 and !find(GUSER,"ADMIN")
For [YAUB]AUB0 Where [YAUB]USR = GUSER and [YAUB]ROL = "FCY"
[L]I += 1
GUSRFCY([L]I) = [YAUB]BPR
Next YAUB
If [L]I > 0
GNBAUZ = [L]I
Endif
Endif
Endif
# Defaut site
If clalev([F:ZAUS])=0 : Local File AUTILIS [ZAUS] : Endif
Read [F:ZAUS]CODUSR=GUSER
If !fstat and dim([F:ZAUS]ZGFCYDEF)>0 and [F:ZAUS]ZGFCYDEF <> ""
For [L]I=0 To 15
GFCYDEF([L]I) = [F:ZAUS]ZGFCYDEF
Next
Endif
Return