Cloud Business Cases: User Roles and Permissions in Cetec ERP

A customer asked, “Where/what permission is needed to allow a user to edit the PRCs?”

Rather than talk just about PRC descriptions, let’s ask the bigger question: “How do I give or restrict a user’s permission to do anything in Cetec?

3 Definitions:

  • User: one person using Cetec
  • User Role: a “title” within Cetec assigned to one or more users
  • Access Control: settings you create in Cetec that determine what permissions each role has

It’s important to note that:

  • permissions are assigned to roles and
  • roles are assigned to users
  • (i.e. you don’t assign permissions directly to users)

Handy Tips:

  • User roles are an interrelated web. One role may allow permissions that another denies, and a “deny” will override an “allow.” It’s helpful to first familiarize yourself with recommended role assignments. Click on the links to make sure you understand this process:

  • Start by assigning your users these built-in Cetec user roles. They have permissions baked in that save you setup time.
  • Then refine the roles by denying individual pages as needed using the method below.
  • In summary: First allow, then deny.

An Example:

  1. I have an employee named Sally Smith.
  2. I create a user profile for Sally in Cetec. Her username is now ssmith.
  3. I assign the role Manager to the user ssmith.
  4. Now Sally Smith has the permissions associated with the Manager role, which include editing part information. But I don’t want Sally to edit part information.
  5. So, I create a role called Deny Part Edit.
  6. I deny the Deny Edit Part role the permission to edit part information.
  7. Then I assign ssmith the Deny Part Edit role alongside the Manager role she already had.

Now, let’s look at how to do this in Cetec.

Create a new user.

  1. Let’s say you want to make your employee Sally Smith a user in Cetec, with the username ssmith.
  2. Go to Admin > Users > User List.
  3. Click the blue Add New User button.
  4. In the pop-up window, type “ssmith” as the username. Either leave the password field blank or fill in a temporary password for Sally.
  5. Now you’re on the user profile.
  6. In the Roles field, select “Manager.”
  7. Scroll down and click the orange Submit button.

Create a role.

  1. Go to Admin > Maintenance > Data Maintenance.
  2. In the list, click on Role.
  3. Click the blue “Add Record” button.
  4. In the new line that appears, type “Deny Part Edit.”
  5. Click the orange Submit button.

Assign/deny the role certain permissions.

  1. I want anyone with the Deny Part Edit role to be denied access to the part edit screen.
  2. I go to a part record and click Edit in the left side menu. Now I’m on the part edit screen. This is the page to which I want to deny access.
  3. I look at the page’s URL (website address). I see that the URL is:
  4. The important piece is what comes after the “.com”. a. The first section – part – is called the controller. b. The sections after the controller– 1/edit_profile – are called the actions. Here, I’m concerned with the edit_profile action. c. For more info on controllers and actions, click HERE
  5. Once I know the controller and action, I can set permissions.
  6. To set permissions, go to Admin > Users > Access Control.
  7. Enter the controller and action. In our example, the controller is part and the action is edit_profile. Click Submit.


  1. Click the part/edit_profile link in the list.
  2. Next to “Enable Custom Access Control?” choose Yes and then click Update.
  3. Find Deny Part Edit in the list.
  4. Next to it, choose Deny.
  5. Scroll up and click the orange Submit button.
  6. Now the role Deny Part Edit is denied access to the part edit screen.

Add this new role to your user’s profile.

  1. Go to Admin > Users > User List.
  2. Click on Edit next to ssmith.
  3. In the Roles field, hold down the Ctrl button to be sure you don’t deselect the existing Manager role and click on Deny Part Edit.
  4. Scroll down and click Submit.

Test your work.

  1. At the bottom of the user profile, click the Impersonate button to view Cetec as ssmith would.
  2. Try going to a part record and clicking Edit in the left side menu. If your settings worked, you should see a message like this:


With a little bit of prep, Cetec’s cloud ERP allows you to finely tune your users’ access to the software!