How Do I Find The Access Control Functionality?
To customize user access in Cetec ERP and further restrict default user privileges and restrictions, use the Access Control feature under the Admin module of Cetec ERP. Navigate to ADMIN » Users » Access Control.
What is Access Control?
Access Control works with User Roles to determine user access to specific screens in Cetec ERP. Access Control gives you the flexibility to further restrict access given through User Roles, such as prohibiting access to the balance sheet for a user whose role set includes Accounting, or prohibiting access to the invoice list for a user with the Sales role.
Access control is a powerful administrative-level tool in Cetec ERP; to understand Access Control you have to understand a few things about how Cetec ERP is structured as a web-based, online ERP application.
What are URLs?
A URL is the text typed into the text field at the top of your web browser.
https://instancename.cetecerp.com is an example of a typical URL of a unique Cetec ERP instance, where “instancename” is replaced by the name of a company using Cetec ERP. Once you log in, you will be taken to https://instancename.cetecerp.com/home.
If you were to click on any of the major menu items, such as the quote list for example, the URL that corresponds to that specific report will display at the top of your web browser, for example:
https:///instancename.cetecerp.com/quote/list
Understanding The Contents of a URL: “Controllers” & “Actions”
What follows the main URL of https:///instancename.cetecerp.com/ is, in the world of Software Architecture, the Controller (in the case above, “quote” is the name of the controller), and what follows the Controller is called Action in the Cetec ERP framework, (in this case “list”).
Sometimes there is a gap that bridges Controller and Action so that Action does not always immediately follow the Controller name in sequence, e.g. https:///instancename.cetecerp.com/quote/13/view. In this case, the word “view” is the Action and the word “quote” is the Controller (Note: what is sandwiched in between controller and action — the number “13” — is telling Cetec ERP which quote the user is viewing.) What follows the main URL of https:///instancename.cetecerp.com/ is, in the world of Software Architecture, the Controller (in the case above, “quote” is the name of the controller), and what follows the Controller is called Action in the Cetec ERP framework, (in this case “list”).
And sometimes a Controller name spans multiple sections e.g. https://instancename.cetecerp.com/otd/eco/18/edit. Here, “otd/eco” is Controller and “edit” is Action.
A few more examples to facilitate your understanding:
- https://instancename.cetecerp.com/accesscontrol/list?controller=otd%3Aeco&action=&heading_control_web_grid-accesscontrollist_AccessControl=0&heading_control_web_grid-accesscontrollist_Controller=0&heading_control_web_grid-accesscontrollist_Action=0 -> “accesscontrol” is Controller and “list” is Action
- https://instancename.cetecerp.com/receiving/print_bin_labels -> “receiving” is Controller and “print_bin_labels” is Action
- https://instancename.cetecerp.com/vendorreturn/11/edit -> “vendorreturn” is Controller and “edit” is Action
- https://instancename.cetecerp.com/assetmgmt/toolequivalent/list -> “assetmgmt/toolequivalent” is Controller and “list” is Action
Restricting Behavior By Identifying Specific Controller/Action Combinations In Any URL
Navigate to ADMIN » Users » Access Control to see a list of all possible Controller/Action combination in Cetec ERP. The basic idea is that the Access Control gives you the ability to control exactly who can access any Controller/Action in the system.
This will net you 2,000+ combinations, and manually searching through the list will not be the best idea for obvious reasons. This is why you had to go through the pains of understanding what Controller and Action are, so that you could more easily search for them.
By using the search filters up at the top of the screen called Controller and Action, you can search for any Controller/Action in the system. If you want to restrict a particular page in Cetec ERP, go to that page you wish to restrict, and copy/paste its URL (specifically its controller and action) and search for that particular controller/action combination in the Access Control list. Do this a few times and you will get a feel for how the search feature is to be used.
Pro Tip For Controllers With More Than One Name
If the controller name spans more than one section, e.g. “https://instancename.cetecerp.com/assetmgmt/toolequivalent/list”, you must search for “assetmgmt/toolequivalent” by substituting “/” with “:”.
For example, to find any Action that belongs to the controller assetmgmt/toolequivalent, you would type in “assetmgmt:toolequivalent” in the Controller search filter and click Submit.
Customizing A User Role (Limiting Access To All Users With A Certain Role)
Find a specific screen (i.e. a Controller/Action combination) to which you want to restrict access, and click into it by pressing the blue link on the left side of the screen.
You will see the name of the screen, a select box Allow All? and an Update button.
The Allow All? option should be set to Yes by default. This means that any user whose roles give them the privilege to access this page.
If you want to restrict access, you must first change Allow All? to No and click Update. This will restrict access to the page for every role in the system.
Then you want to go down the list, and change Access to Allow for those roles that you want to allow access.
What If I Wanted To Limit Access To Only ONE User With A Certain Role, But Not ALL Users With That Role?
For example, consider a sales team of five users, and every one of those users has the Role of Sales in Cetec ERP. What if you wanted to restrict the opportunities/list screen from only one of those sales users, but allow access to the other four?
To accomplish this, you would need to create an additional user role in the ADMIN » Maintenance » Data Maintenance » Roles table. For example, add a role to that table called “Hide Opportunities List.” Then, go to that user profile and assign the one user that you want to exclude that role (in addition to all the other user roles he/she may have).
Go back to the Access Control screen for opportunities/list, set Allow All? to No and click Update. Then you want Allow access to the “Sales” role, and DENY access to the “Hide Opportunities List” role.
When one user has two roles, one of which allows access to a screen and the other that denies it, Deny will override and Allow and prevent access to this screen.
Testing Role Restrictions And User Access Privileges
Upon updating access control restrictions, check to see if a specific user can access a particular page by typing in the user ID number (you may find this in the Admin » Users » Users table) into the “Test User Access” field and clicking Test. Upon doing that, Cetec ERP will tell you whether or not this specific user is allowed to access the Controller/Action combination you are looking at.