Escolar Documentos
Profissional Documentos
Cultura Documentos
Security
By Kitti Upariphutthiphong
Technical Consultant, ecosoft™
kittiu@gmail.com
ADempiere|ERP
1
Module Objectives
2
Security Access in Real Life ERP System
Logistic Dept.
Legal Dept. Admin Dept.
Account Dept.
What we face?
In a real ERP implementation, there are many people, i.e., General Manager,
Accounting Manager, Warehouse Manager, Accounting staff, warehouse staff,
shipping staff, and so on) involved in operating the system.
Because every individual has his or her own responsibilities in the
organization, the system should help the organization manage the access rights
to information and perform activities in the system.
3
Data Layers
System
– System Definition System
– Shared Setup
Client A Client B
Client * *
– Client/Org Definition Org 1 Org 1
Org 2 Org 2
– Shared Setup
Org3 Org3
Organization
– Transactions
4
Module 3.1
Role Security
ADempiere|ERP
5
Access Levels
Security Access
=
User (role) login to the ADempiere
What Functions they have the right to access
Data
Object Access System Client + Org Organization
Level
System X
System +
Client X X
Client +
Organization X X
All X X X
7
Configuring Role Access Rights
Process Access
Optional
Access all Orgs Form Access
Maintain Change Log
Show accounting Task Access
Can Report
Can Export Doc Action Access
8
WORKSHOP
9
Create new user
For the All Access role, select all of the All Access role (which has the Manual checkbox
checkboxes in the Allow Info in Role fields deselected), the Window Access, Process Access,
group. Form Access, Workflow Access, Task Access,
and Document Action Access will be granted
automatically, based on User Level selection.
11
Assign User to new role
ADempiere|ERP
15
Data Access Restriction
Record Access
Table Access
Column Access
Optional
Encrypted Feature Report Access
Obscure Feature
Export Access
16
WORKSHOP
17
Scenario 1
Any user that can open Purchase Order window will see
Document Types
– MM Receipt
– MM Receipt with Confirmation
18
Restrict a Record Access to a Role
Login to ADempiere as Client Admin – A dialog will open, select Role = Restricted
Access and click OK
– Username: GardenAdmin
– Password: GardenAdmin
– Role: GardenWorld Admin
20
Restrict a Table Access to a Role
21
Scenario 3
22
Restrict a Column Access to a Role
23
Test Your Knowledge
24