9 min read

In a real ERP implementation, there are many people (such as the General Manager, Accounting Manager, Warehouse Manager, Accounting staff, warehouse staff, shipping staff, and so on) involved in operating the system. Because every individual has his or her own responsibilities in the organization, the system should help the organization manage the access rights to information and perform activities in the system.

Managing ADempiere user IDs

In our ADempiere implementation, we need to define a list of users in the system. A user could be the Accounting Manager, the Warehouse Manager, or any of the staff who need to access the system. Now, log in with user ID admin, using Sistematika Fashion, Ltd Admin as the role and * as the organization. We will register a new user ID with the help of the ADempiere administrator.

Creating a user ID in the system

In this example, we will create two additional user IDs. Open the Menu  System Admin | General Rules | Security | User window. On the User Contact tab, enter and save the following minimum requirement information:

Field

1st data

2nd data

Client

Sistematika Fashion, Ltd

Sistematika Fashion. Ltd

Organization

*

*

Name

Daniel

Moses

Search Key

daniel

moses

Password

123456

123456

An example of the first set of user ID data entered in the User window is shown in the following screenshot:

ADempiere 3.4 ERP Solutions

As these user IDs are not yet connected to any Role, they cannot currently access the ADempiere system.

There are other tabs listed in the User window (for example, User Roles, User Substitute, Org Assignment, and so on). For our purpose, there is no need to set up any data here.

Managing user ID access control

For a computer system’s security, role-based access control is an approach to restricting system access to authorized users. ADempiere uses this role-based access control approach for its internal security implementation.

In the subsequent sections, we will introduce you to creating and configuring role-based access control in the ADempiere system.

Introduction to ADempiere roles

The ADempiere role is the place where we can define and configure the access rights for our authorized user ID. These access rights include access to:

  • Organization
  • Window
  • Process
  • Form
  • Workflow
  • Task
  • Document Action

In our example, we will create two roles, which have the following behavior:

  • The first role will have all access rights
  • The second role will have restricted or limited rights

We will practice creating these sample roles and examine the impact of the security configuration.

Creating a new ADempiere role

Open the Menu  System Admin | General Rules | Security | Role window, and then enter and save the following minimum requirements information on the Role tab:

Field

1st data

2nd data

Client

Sistematika Fashion, Ltd

Sistematika Fashion, Ltd

Organization

*

*

Name

All Access

Restricted Access

User Level

Client + Organization

Organization

Manual

deselected

selected

Preference Level

Client

Organization

Maintain Change Log

selected

selected

Show Accounting

selected

deselected

Access all Orgs

selected

deselected

Can Report

selected

selected

Can Export

selected

selected

For the All Access role, select all of the checkboxes in the Allow Info in Role fields group.

An example for the information in the Role tab for All Access is shown in the following screenshot:

ADempiere 3.4 ERP Solutions

On saving the All Access role (which has the Manual checkbox deselected), the Window Access, Process Access, Form Access, Workflow Access, Task Access, and Document Action Access will be granted automatically, based on User Level selection. Check it out in all of the available tabs in this Role window. This role has almost identical access rights when compared to the default Sistematika Fashion, Ltd Admin role.

Attaching a user ID to a specific role

With our newly-created role, you need to assign a user ID to this role. Perform the following activities:

  1. Assign user ID Daniel to the All Access role.
    Ensure that your active record in the Role tab of the Role window is All Access. Navigate to the User Assignment tab, and then click on the New button. Set the Organization to *, and the User/Contact field to Daniel, and then save this information.
  2. Assign user ID Moses to the Restricted Access role.
    Ensure that your active record in the Role tab of Role window is Restricted Access. Navigate to the User Assignment tab, and then click on the New button. Set the Organization to *, and the User/Contact field to Moses, and then save this information.

With this configuration, user ID Daniel will be able to log in to the system and work in all of the available organizations. Organization assignment is automatically provided for the All Access role because, it has the Access all orgs checkbox selected.

Assigning organization access to a user ID

Unfortunately, although user ID Moses has already been assigned to the Restricted Access role, he will still not able to access and log in to the system. This is because the Restricted Access role has the Access all Orgs checkbox deselected.

With this configuration, we need to manually assign organization access to this role. For our example, we will assign the Shirt and Dress organization to this role.

Perform the following tasks:

  • Be sure that your active record in the Role tab of Role window is Restricted Access. Navigate to the Org Access tab, set the Organization to Shirt, and then click on the Save button.
  • While still on the Org Access tab, click on the New button, set the Organization to Dress, and finalize the task by clicking on the Save button.

The result is shown in the following screenshot:

ADempiere 3.4 ERP Solutions

Now, user ID Moses will be able to log in and access the system.

Working with the Access all Orgs option

If the Access all Orgs option is selected, your user ID will be able to access all of the organizations available in the client. If this option is deselected, you have two options for assigning organization access to a certain user ID:

  • Select the Use User Org Access checkbox. This option will appear if you deselect the Access all Orgs option. You need to register the organization access through the Org Access tab in the User window.
  • If the Use User Org Access checkbox is deselected, you can register an organization through the Org Access tab in the Role window.

Working with the Maintain Change Log option

To see the history of the data changes, launch another ADempiere client, log in with user ID Daniel, password 123456, using All Access as a role, and Shirt as organization. As this feature is enabled for all of the available ADempiere windows, we can practice by working in the Product window. Open this window and find the Standard product. For this product, perform the following activities:

  • Change the UPC/EAN field to UPC-STD, and click on the Save button
  • Once again, change the UPC/EAN field to UPC-STD001, and click on the Save button

Now, click on Record Info in this window. This will show you the information shown in the following screenshot:

ADempiere 3.4 ERP Solutions

Working with the Show accounting option

With this option selected (along with having the Show Accounting Tabs option in Tools  Preference| selected), you will be able to read, modify, and execute processes related to accounting. If this option is deselected, you will not be able to:

  • Access accounting facts/GL journal entries in any of the ADempiere documents such as MM Receipt, AR Invoice, and so on. The Posted or Not Posted button will not available in all of the documents.
  • Access windows related to accounting (such as Accounting Fact Details, Account Combination, Account Element, GL Journal window, and so on).
  • Access accounting configuration (such as the Accounting tab of Product, Business Partner, Cashbook, Bank window, and so on).

The last two types of access are basically configurable. When registering the tab as part of constructing the window in the Window, Tab & Field window, the tab has Accounting Tab attributes. With these attributes, you can define whether or not this tab will show information related to Accounting.

To unveil this configuration, launch another ADempiere client, and log in with user ID System, password System, and the role System Administrator. Open the Menu  Application Dictionary | Window|, Tab & Field window. In the upcoming Lookup Record window (search dialog window), enter Accounting Fact Details in the Name field and click on the OK button. In the Accounting Fact Details record, navigate to the Tab tab. You will see that the Accounting Tab checkbox is selected, as shown in the following screenshot:

ADempiere 3.4 ERP Solutions

With this configuration, and while the Show Accounting checkbox is deselected for your role, you will not be able to access this tab. Because this is the only tab available in the Accounting Fact Details window, you cannot access the window. Try to access this window by using user ID user and Sistematika Fashion, Ltd User as the role. The system will display a message such as With your current role and settings, you cannot view this information. Now, log off from user ID System.

Working with the Can Report option

As a default, the Can Report option is selected. With this option, you can generate a report by clicking on the Report button for any window that has the reports feature. If this option is deselected, you cannot generate a report for these windows.

If the Can Report option is deselected, the user ID that is connected using this role will get the following error message while creating reports:

ADempiere 3.4 ERP Solutions

Working with the Can Export option

After print previewing our reports using the Print preview or Print button, if the Can Export option is selected, we will be able to export our reports into various file formats (such as, XLS, PDF, and so on).

If this option is deselected, the Export button will not be available. Therefore, you cannot export your reports.

Accessing Info Window

ADempiere provides us with real-time information to assess product, business partner, account information, and so on. You will be able to control the availability of this information by selecting or deselecting the corresponding Info window in the Role tab of the Role window, as shown in the following screenshot:

For example, if you deselect the Allow Info BPartner checkbox, the Business Partner Info will disappear from the View menu.

Assigning Window Access

As described in the Assigning organization access to user ID section, user ID Moses will be able to log in, select Restricted Access as a Role and Shirt as the Organization to work in this environment. He can then start working with the available window.

“Available window? There is no window available in the main menu. I can not see any window after logging in!”

Yes, there is no window available while accessing the system by using the Restricted Access role. We have not yet registered the list of windows in the Window Access tab. In our example, we will register two windows for this role: Purchase Order and Material Receipt. This user ID then will have the rights to perform activities in both of these windows.

Ensure that you are in the Restricted Access record in the Role tab of the Role window. Navigate to the Window Access tab, and then enter and save the following information:

Field

1st data

2nd data

Organization

*

*

Window

Purchase Order

Material Receipt

Read Write

selected

selected
Packt

LEAVE A REPLY

Please enter your comment!
Please enter your name here