Users and Security > Using Security Functions > Specifying Groups or Users
  
Specifying Groups or Users
To define security access by menu, site, and so on, you can enter any number of valid user IDs and/or groups, separated by commas, in the following programs:
Menu Security Maintenance (36.3.10). See here.
Site Security Maintenance (36.3.15). See here.
Inventory Movement Code Security (36.3.17). See here.
GL Account Security Maintenance (36.3.9). See here.
Entity Security Maintenance (36.3.13), which is based only on user ID access. You cannot assign user groups. See here.
Note: If you do not set up records in these programs, the system by default allows access to all users who pass log-in and domain security restrictions. See Basic Login Security.
The system validates entries against records set up in User Maintenance and User Group Maintenance.
The asterisk (*) and exclamation point (!) are special characters when used in the User IDs/Groups field.
The asterisk (*) gives access to all users and groups.
The exclamation point restricts specific users by user ID, not by group. For example, !user1,* means all users except user1 have access to the function; !user1,admin allows access only to members of the admin group, with the exception of user1. However, !admin,* does not prevent members of the admin group from accessing the function.
When using the exclamation point, you must enter exclusions first: *,!user1 gives access to all users including user1. To exclude multiple users, enter:
!user1,!user2,!user3,*
Important: When you enter exclusions, you must also define users who have access. For example, if you enter just !user1, you are specifying that user1 does not have access—but you have not granted access to other users. The result is that no one has access to the controlled function. To avoid this situation, be sure to enter the appropriate user IDs, groups, or an asterisk after the exclusions. In this example, !user1,* excludes user1, but lets all other users run the program.
When you use the asterisk to grant access to all but specifically excluded users, the logic works correctly only when excluded users are not assigned to groups. The asterisk allows access to all group members, even if they have been excluded as individuals.
Sample Uses of User ID and Group Name lists some examples. User IDs and group names are not case-sensitive.

Sample Uses of User ID and Group Name
 
String
Description
*
All users have access.
mary, manager
Only user mary and members of the manager group have access.
!jcd,*
Everyone but user jcd has access.
The inverse of the last example does not work. If you put *,!jcd in the field, the system grants everyone access first and does not go back to check on jcd. Someone using the jcd user ID would not be excluded. In general, avoid using any exclamation point after the very beginning of the entry.