Cloud Business Cases: User Roles and Permissions in Cetec ERP
A customer asked, “Where/what permission is needed to allow a user to edit the PRCs?”
Rather than talk just about PRC descriptions, let’s ask the bigger question: “How do I give or restrict a user’s permission to do anything in Cetec?
- User: one person using Cetec
- User Role: a “title” within Cetec assigned to one or more users
- Access Control: settings you create in Cetec that determine what permissions each role has
It’s important to note that:
- permissions are assigned to roles and
- roles are assigned to users
- (i.e. you don’t assign permissions directly to users)
- User roles are an interrelated web. One role may allow permissions that another denies, and a “deny” will override an “allow.” It’s helpful to first familiarize yourself with recommended role assignments. Click on the links to make sure you understand this process:
- SUGGESTED ROLES
- USER ROLES
- Start by assigning your users these built-in Cetec user roles. They have permissions baked in that save you setup time.
- Then refine the roles by denying individual pages as needed using the method below.
- In summary: First allow, then deny.
- I have an employee named Sally Smith.
- I create a user profile for Sally in Cetec. Her username is now ssmith.
- I assign the role Manager to the user ssmith.
- Now Sally Smith has the permissions associated with the Manager role, which include editing part information. But I don’t want Sally to edit part information.
- So, I create a role called Deny Part Edit.
- I deny the Deny Edit Part role the permission to edit part information.
- Then I assign ssmith the Deny Part Edit role alongside the Manager role she already had.
Now, let’s look at how to do this in Cetec.
Create a new user.
- Let’s say you want to make your employee Sally Smith a user in Cetec, with the username ssmith.
- Go to Admin > Users > User List.
- Click the blue Add New User button.
- In the pop-up window, type “ssmith” as the username. Either leave the password field blank or fill in a temporary password for Sally.
- Now you’re on the user profile.
- In the Roles field, select “Manager.”
- Scroll down and click the orange Submit button.
Create a role.
- Go to Admin > Maintenance > Data Maintenance.
- In the list, click on Role.
- Click the blue “Add Record” button.
- In the new line that appears, type “Deny Part Edit.”
- Click the orange Submit button.
Assign/deny the role certain permissions.
- I want anyone with the Deny Part Edit role to be denied access to the part edit screen.
- I go to a part record and click Edit in the left side menu. Now I’m on the part edit screen. This is the page to which I want to deny access.
- I look at the page’s URL (website address). I see that the URL is: http://company.cetecerp.com/part/1/edit_profile
- The important piece is what comes after the “.com”. a. The first section – part – is called the controller. b. The sections after the controller– 1/edit_profile – are called the actions. Here, I’m concerned with the edit_profile action. c. For more info on controllers and actions, click HERE
- Once I know the controller and action, I can set permissions.
- To set permissions, go to Admin > Users > Access Control.
- Enter the controller and action. In our example, the controller is part and the action is edit_profile. Click Submit.
- Click the part/edit_profile link in the list.
- Next to “Enable Custom Access Control?” choose Yes and then click Update.
- Find Deny Part Edit in the list.
- Next to it, choose Deny.
- Scroll up and click the orange Submit button.
- Now the role Deny Part Edit is denied access to the part edit screen.
Add this new role to your user’s profile.
- Go to Admin > Users > User List.
- Click on Edit next to ssmith.
- In the Roles field, hold down the Ctrl button to be sure you don’t deselect the existing Manager role and click on Deny Part Edit.
- Scroll down and click Submit.
Test your work.
- At the bottom of the user profile, click the Impersonate button to view Cetec as ssmith would.
- Try going to a part record and clicking Edit in the left side menu. If your settings worked, you should see a message like this:
With a little bit of prep, Cetec’s cloud ERP allows you to finely tune your users’ access to the software!