Specifying User IDs and Roles

Setting Up Additional Types of Security > Additional Security for Standard Programs > Specifying User IDs and Roles

To define security access by field, site, and so on for standard programs, you can enter any number of valid user IDs and/or roles, separated by commas, in the following programs:

• Specify user IDs in Field Security Maintenance (36.3.15.1). See here.

• Specify user IDs or roles in Site Security Maintenance (36.3.13.8). See here.

• Specify user IDs or roles in GL Account Security Maintenance (36.3.13.1). See here.

• Specify user IDs or roles in Inventory Movement Code Security (36.3.13.13). See here.

Note: If you do not set up records in these programs, the system by default allows access to all users who pass login, domain, and role-based access security restrictions. See Login Security.

The system validates entries against records set up in User Maintenance and Role Create.

The asterisk (*) and exclamation point (!) are special characters when used in the User IDs/Roles field.

• The asterisk (*) gives access to all users and roles.

• The exclamation point restricts specific users by user ID, not by role. For example, !user1,* means all users except user1 have access to the function; !user1,admin allows access only to members of the admin role, with the exception of user1. However, !admin,* does not prevent members of the admin role from accessing the function.

When using the exclamation point, you must enter exclusions first: *,!user1 gives access to all users including user1. To exclude multiple users, enter:

!user1,!user2,!user3,*

Important: When you enter exclusions, you must also define users who have access. For example, if you enter just !user1, you are specifying that user1 does not have access—but you have not granted access to other users. The result is that no one has access to the controlled function. To avoid this situation, be sure to enter the appropriate user IDs, roles, or an asterisk after the exclusions. In this example, !user1,* excludes user1, but lets all other users run the program.

When you use the asterisk to grant access to all but specifically excluded users, the logic works correctly only when excluded users are not assigned to roles. The asterisk allows access to all users assigned the role, even if they have been excluded as individuals.

Table 1.6 lists some examples. User IDs and role names are not case-sensitive.

Sample Uses of User ID and Role Name


String	Description
*	All users have access.
mary, manager	Only user mary and members of the manager role have access.
!jcd,*	Everyone but user jcd has access.

The inverse of the last example does not work. If you put *,!jcd in the field, the system grants everyone access first and does not go back to check on jcd. Someone using the jcd user ID would not be excluded. In general, avoid using any exclamation point after the very beginning of the entry.