ManPageW Role
Enjoy it, and help to fill it! But please, always respecting copyright.
Please write your contributions under the Contributions Section
Contents
Window: Role
Description : Maintain User Responsibilities
Help : The Role Window allows you to define the different roles that users of this system will have. Roles control access to windows, tasks, reports, etc. For a client an Administrator and User role are predefined. You may add additional roles to control access for specific functionality or data. You can add users to the role. Note that access information is cached and requires re-login or reset of cache.
Tab: Role
Description : Define responsibility roles
Help : Define the role and add the client and organizations the role has access to. You can give users access to this role and modify the access of this role to windows, forms, processes and reports as well as tasks.
If the Role User Level is Manual, the assigned acces rights are not automatically updated (e.g. if a role has a restricted number of Windows/Processes it can access). You need to add organizational access unless the role has access to all organizations. The SuperUser and the user creating a new role are assigned to the role automatically.
If you select an Organization Tree, the user has access to the leaves of summary organizations.
Note: You cannot change the System Administrator role.
Table Name : AD_Role
Fields
Name | Description | Help | Technical Data |
---|---|---|---|
Client | Client/Tenant for this installation. | A Client is a company or a legal entity. You cannot share data between Clients. Tenant is a synonym for Client. | AD_Client_ID
NUMBER(10) TableDir |
Organization | Organizational entity within client | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID
NUMBER(10) TableDir |
Name | Alphanumeric identifier of the entity | The name of an entity (record) is used as an default search option in addition to the search key. The name is up to 60 characters in length. | Name
NVARCHAR2(60) String |
Description | Optional short description of the record | A description is limited to 255 characters. | Description
NVARCHAR2(255) String |
Active | The record is active in the system | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive
CHAR(1) YesNo |
User Level | System Client Organization | The User Level field determines if users of this Role will have access to System level data, Organization level data, Client level data or Client and Organization level data. | UserLevel
CHAR(3) List |
Manual | This is a manual process | The Manual check box indicates if the process will done manually. | IsManual
CHAR(1) YesNo |
Currency | The Currency for this record | Indicates the Currency to be used when processing or reporting on this record | C_Currency_ID
NUMBER(10) TableDir |
Approval Amount | The approval amount limit for this role | The Approval Amount field indicates the amount limit this Role has for approval of documents. | AmtApproval
NUMBER Amount |
UserDiscount | UserDiscount
NUMBER(22,22) Number | ||
Approve own Documents | Users with this role can approve their own documents | If a user cannot approve their own documents (orders, etc.), it needs to be approved by someone else. | IsCanApproveOwnDoc
CHAR(1) YesNo |
Supervisor | Supervisor for this user/organization - used for escalation and approval | The Supervisor indicates who will be used for forwarding and escalating issues for this user - or for approvals. | Supervisor_ID
NUMBER(10) Search |
Menu Tree | Tree of the menu | Menu access tree | AD_Tree_Menu_ID
NUMBER(10) Table |
Overwrite Price Limit | Overwrite Price Limit if the Price List enforces the Price Limit | The Price List allows to enforce the Price Limit. If set, a user with this role can overwrite the price limit (i.e. enter any price). | OverwritePriceLimit
CHAR(1) YesNo |
Preference Level | Determines what preferences the user can set | Preferences allow you to define default values. If set to None, you cannot set any preference nor value preference. Only if set to Client, you can see the Record Info Change Log. | PreferenceType
CHAR(1) List |
Maintain Change Log | Maintain a log of changes | If selected, a log of all changes is maintained. | IsChangeLog
CHAR(1) YesNo |
Show Accounting | Users with this role can see accounting information | This allows to prevent access to any accounting information. | IsShowAcct
CHAR(1) YesNo |
Access all Orgs | Access all Organizations (no org access control) of the client | When selected, the role has access to all organizations of the client automatically. This also increases performance where you have many organizations. | IsAccessAllOrgs
CHAR(1) YesNo |
Organization Tree | Tree to determine organizational hierarchy | Trees are used for (finanial) reporting and security access (via role) | AD_Tree_Org_ID
NUMBER(10) Table |
Use User Org Access | Use Org Access defined by user instead of Role Org Access | You can define the access to Organization either by Role or by User. You would select this, if you have many organizations. | IsUseUserOrgAccess
CHAR(1) YesNo |
Can Report | Users with this role can create reports | You can restrict the ability to report on data. | IsCanReport
CHAR(1) YesNo |
Can Export | Users with this role can export data | You can restrict the ability to export data from Adempiere. | IsCanExport
CHAR(1) YesNo |
Personal Lock | Allow users with role to lock access to personal records | If enabled, the user with the role can prevent access of others to personal records. If a record is locked, only the user or people who can read personal locked records can see the record. | IsPersonalLock
CHAR(1) YesNo |
Personal Access | Allow access to all personal records | Users of this role have access to all records locked as personal. | IsPersonalAccess
CHAR(1) YesNo |
Confirm Query Records | Require Confirmation if more records will be returned by the query (If not defined 500) | Enter the numer of records the query wil return without confirmation to avoid unnecessary system load. If 0, the system default of 500 is used. | ConfirmQueryRecords
NUMBER(10) Integer |
Max Query Records | If defined, you cannot query more records as defined - the query criteria needs to be changed to query less records | Enter the numer of records a user will be able to query to avoid unnecessary system load. If 0, no restrictions are imposed. | MaxQueryRecords
NUMBER(10) Integer |
Connection Profile | How a Java Client connects to the server(s) | Depending on the connection profile, different protocols are used and tasks are performed on the server rather then the client. Usually the user can select different profiles, unless it is enforced by the User or Role definition. The User level profile overwrites the Role based profile. | ConnectionProfile
CHAR(1) List |
Allow Info Account | Allow_Info_Account
CHAR(1) YesNo | ||
Allow Info Asset | Allow_Info_Asset
CHAR(1) YesNo | ||
Allow Info BPartner | Allow_Info_BPartner
CHAR(1) YesNo | ||
Allow Info CashJournal | Allow_Info_CashJournal
CHAR(1) YesNo | ||
Allow Info InOut | Allow_Info_InOut
CHAR(1) YesNo | ||
Allow Info Invoice | Allow_Info_Invoice
CHAR(1) YesNo | ||
Allow Info Order | Allow_Info_Order
CHAR(1) YesNo | ||
Allow Info Payment | Allow_Info_Payment
CHAR(1) YesNo | ||
Allow Info Product | Allow_Info_Product
CHAR(1) YesNo | ||
Allow Info Resource | Allow_Info_Resource
CHAR(1) YesNo | ||
Allow Info Schedule | Allow_Info_Schedule
CHAR(1) YesNo |
Tab: Org Access
Description : Maintain Role Org Access
Help : Add the client and organizations the user has access to. Entries here are ignored, if User Org Access is selected or the role has access to all roles.
Note that access information is cached and requires re-login or reset of cache.
Table Name : AD_Role_OrgAccess
Fields
Name | Description | Help | Technical Data |
---|---|---|---|
Client | Client/Tenant for this installation. | A Client is a company or a legal entity. You cannot share data between Clients. Tenant is a synonym for Client. | AD_Client_ID
NUMBER(10) TableDir |
Organization | Organizational entity within client | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID
NUMBER(10) TableDir |
Role | Responsibility Role | The Role determines security and access a user who has this Role will have in the System. | AD_Role_ID
NUMBER(10) TableDir |
Active | The record is active in the system | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive
CHAR(1) YesNo |
Read Only | Field is read only | The Read Only indicates that this field may only be Read. It may not be updated. | IsReadOnly
CHAR(1) YesNo |
Tab: User Assignment
Description : Users with this Role
Help : The User Assignment Tab displays Users who have been defined for this Role.
Table Name : AD_User_Roles
Fields
Name | Description | Help | Technical Data |
---|---|---|---|
Client | Client/Tenant for this installation. | A Client is a company or a legal entity. You cannot share data between Clients. Tenant is a synonym for Client. | AD_Client_ID
NUMBER(10) TableDir |
Organization | Organizational entity within client | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID
NUMBER(10) TableDir |
Role | Responsibility Role | The Role determines security and access a user who has this Role will have in the System. | AD_Role_ID
NUMBER(10) Search |
User/Contact | User within the system - Internal or Business Partner Contact | The User identifies a unique user in the system. This could be an internal user or a business partner contact | AD_User_ID
NUMBER(10) Search |
Active | The record is active in the system | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive
CHAR(1) YesNo |
Tab: Window Access
Description : Window Access
Help : The Window Access Tab defines the Windows and type of access that this Role is granted.
Table Name : AD_Window_Access
Fields
Name | Description | Help | Technical Data |
---|---|---|---|
Client | Client/Tenant for this installation. | A Client is a company or a legal entity. You cannot share data between Clients. Tenant is a synonym for Client. | AD_Client_ID
NUMBER(10) TableDir |
Organization | Organizational entity within client | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID
NUMBER(10) TableDir |
Role | Responsibility Role | The Role determines security and access a user who has this Role will have in the System. | AD_Role_ID
NUMBER(10) TableDir |
Window | Data entry or display window | The Window field identifies a unique Window in the system. | AD_Window_ID
NUMBER(10) TableDir |
Active | The record is active in the system | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive
CHAR(1) YesNo |
Read Write | Field is read / write | The Read Write indicates that this field may be read and updated. | IsReadWrite
CHAR(1) YesNo |
Tab: Process Access
Description : Process Access
Help : The Process Access Tab defines the Processes and type of access that this Role is granted.
Table Name : AD_Process_Access
Fields
Name | Description | Help | Technical Data |
---|---|---|---|
Client | Client/Tenant for this installation. | A Client is a company or a legal entity. You cannot share data between Clients. Tenant is a synonym for Client. | AD_Client_ID
NUMBER(10) TableDir |
Organization | Organizational entity within client | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID
NUMBER(10) TableDir |
Role | Responsibility Role | The Role determines security and access a user who has this Role will have in the System. | AD_Role_ID
NUMBER(10) TableDir |
Process | Process or Report | The Process field identifies a unique Process or Report in the system. | AD_Process_ID
NUMBER(10) TableDir |
Active | The record is active in the system | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive
CHAR(1) YesNo |
Read Write | Field is read / write | The Read Write indicates that this field may be read and updated. | IsReadWrite
CHAR(1) YesNo |
Tab: Form Access
Description : Form Access
Help : The Form Access Tab defines the Forms and type of access that this Role is granted.
Table Name : AD_Form_Access
Fields
Name | Description | Help | Technical Data |
---|---|---|---|
Client | Client/Tenant for this installation. | A Client is a company or a legal entity. You cannot share data between Clients. Tenant is a synonym for Client. | AD_Client_ID
NUMBER(10) TableDir |
Organization | Organizational entity within client | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID
NUMBER(10) TableDir |
Role | Responsibility Role | The Role determines security and access a user who has this Role will have in the System. | AD_Role_ID
NUMBER(10) TableDir |
Special Form | Special Form | The Special Form field identifies a unique Special Form in the system. | AD_Form_ID
NUMBER(10) TableDir |
Active | The record is active in the system | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive
CHAR(1) YesNo |
Read Write | Field is read / write | The Read Write indicates that this field may be read and updated. | IsReadWrite
CHAR(1) YesNo |
Tab: Workflow Access
Description : Workflow Access
Help : The Workflow Access Tab defines the Workflows and type of access that this Role is granted.
Table Name : AD_Workflow_Access
Fields
Name | Description | Help | Technical Data |
---|---|---|---|
Client | Client/Tenant for this installation. | A Client is a company or a legal entity. You cannot share data between Clients. Tenant is a synonym for Client. | AD_Client_ID
NUMBER(10) TableDir |
Organization | Organizational entity within client | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID
NUMBER(10) TableDir |
Role | Responsibility Role | The Role determines security and access a user who has this Role will have in the System. | AD_Role_ID
NUMBER(10) TableDir |
Workflow | Workflow or combination of tasks | The Workflow field identifies a unique Workflow in the system. | AD_Workflow_ID
NUMBER(10) TableDir |
Active | The record is active in the system | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive
CHAR(1) YesNo |
Read Write | Field is read / write | The Read Write indicates that this field may be read and updated. | IsReadWrite
CHAR(1) YesNo |
Tab: Task Access
Description : Task Access
Help : The Task Access Tab defines the Task and type of access that this Role is granted.
Table Name : AD_Task_Access
Fields
Name | Description | Help | Technical Data |
---|---|---|---|
Client | Client/Tenant for this installation. | A Client is a company or a legal entity. You cannot share data between Clients. Tenant is a synonym for Client. | AD_Client_ID
NUMBER(10) TableDir |
Organization | Organizational entity within client | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID
NUMBER(10) TableDir |
Role | Responsibility Role | The Role determines security and access a user who has this Role will have in the System. | AD_Role_ID
NUMBER(10) TableDir |
OS Task | Operation System Task | The Task field identifies a Operation System Task in the system. | AD_Task_ID
NUMBER(10) TableDir |
Active | The record is active in the system | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive
CHAR(1) YesNo |
Read Write | Field is read / write | The Read Write indicates that this field may be read and updated. | IsReadWrite
CHAR(1) YesNo |
Tab: Document Action Access
Description : Define access to document type / document action / role combinations.
Help : Define access to document type / document action / role combinations.
Table Name : AD_Document_Action_Access
Fields
Name | Description | Help | Technical Data |
---|---|---|---|
Client | Client/Tenant for this installation. | A Client is a company or a legal entity. You cannot share data between Clients. Tenant is a synonym for Client. | AD_Client_ID
NUMBER(10) TableDir |
Organization | Organizational entity within client | An organization is a unit of your client or legal entity - examples are store, department. You can share data between organizations. | AD_Org_ID
NUMBER(10) TableDir |
Role | Responsibility Role | The Role determines security and access a user who has this Role will have in the System. | AD_Role_ID
NUMBER(10) TableDir |
Document Type | Document type or rules | The Document Type determines document sequence and processing rules | C_DocType_ID
NUMBER(10) TableDir |
Reference List | Reference List based on Table | The Reference List field indicates a list of reference values from a database tables. Reference lists populate drop down list boxes in data entry screens | AD_Ref_List_ID
NUMBER(10) TableDir |
Active | The record is active in the system | There are two methods of making records unavailable in the system: One is to delete the record, the other is to de-activate the record. A de-activated record is not available for selection, but available for reports.
There are two reasons for de-activating and not deleting records: (1) The system requires the record for audit purposes. (2) The record is referenced by other records. E.g., you cannot delete a Business Partner, if there are invoices for this partner record existing. You de-activate the Business Partner and prevent that this record is used for future entries. |
IsActive
CHAR(1) YesNo |