5. #FUELGOOD18
Steps to Establish Permission and Sets
• Make ongoing maintenance as easy as possible
• Permissions worksheet to define what are the user roles and functions
• Split up functions such as “create” and “post”
• Use standard Sparkrock permission sets where possible
• Review permissions on standard permission sets
• Create or amend if needed
6. #FUELGOOD18
Separating Read Permissions
• Pros
• Give broader read permissions to reduce maintenance
• Makes for easier use of security filters
• Cons
• Careful use especially when HRP is in the mix
• May need several to have the benefit of reduced menu options
8. #FUELGOOD18
New Tools
• User groups
• Assigning permissions to user groups
• Assigning user to user groups
• Assigning permissions to users
• Using the recorder
9. #FUELGOOD18
Super Users
• Best Practice for Super Users
• Super user has ‘Super Powers’ for good or evil
• Should be limited
• Can be super in one company, but then can’t manage
permissions
11. #FUELGOOD18
Change Log
• Change log Best Practice
• NOT for transactional tables
• Master data – don’t go overboard
• Monthly sign off on critical tables
12. #FUELGOOD18
Work Flows
• NAV Work flows add to security
• Approvals help especially where overlapping permissions weaken security
• Notifications make the process smoother
• Clear indicator of who approved and who posted
13. #FUELGOOD18
Role Centre
• Custom Role Centres to limit users view of the system
• Custom built by developers
• Use the configuration mode
Take 5mins to give the audience a bit of background about you
Highlighted topics covered today
Go through the worksheet and the permissions workings to show how to edit, Show permissions on system and how to amend –
Show read all with wild card – explain wild card and why care must be taken. For restricted read permissions add in custom tables
Most common is to limit to dimensions or vendor posting groups – needs to be planned from the beginning, re-dimension codes – can use <> Can be super in one – can’t change permissions or add to users in other companies
Multi tenant can’t edit permissions or create new ones without Sparkrock – across all tenants