Posted on by dale

webERP User Security System

Click to search for other posts here on webERP

Updated for webERP v5.

It is important each user has their own login with a password only they know. Also, each user must be assigned a suitable Security Role which allows only those operations within their scope of work to be performed. This is especially important if you will be using webERP in a regulated or controlled environment.

Default (out-of-the-box) security permissions generally satisfy a common demonitor of the webERP community, but eventually may be found lacking. Should that happen, it may be more efficient to develop bespoke security roles and security token assignments based on the structure, staff and relationships of the company, than to re-define the default implemention.

The webERP security model is comprised of four components:

  • Security Role
    • Security Roles are user roles with assigned security tokens (each user role has it’s own security role, and more than one security role can have the same security tokens. The webERP system administrator can edit the default security roles and create additional roles if needed for more selective control.
    • Each user (login ID) is assigned a Security Role.
      • To edit the Security Role assigned to a user, click [Main Menu > Setup > General > Users Maintenance] and edit the desired user (as a security role Administrator user).

Don’t think of the access a specific user requires to do their job, think of the role or job they perform, and assign it group (a “security role”) and make them a member of it, and then provide the group (the security role) with the necessary access.

  • Security Token
    • Security Tokens are used by webERP to control access to a page.
    • A Security Role is assigned one or more Security Tokens.
      • To view or edit the Security Tokens assigned to a Security Role, click [Main Menu > Setup > General > Access Permissions Maintenance] and edit the desired role.
  • Page Security Level
    • Each webERP script is assigned a Page Security Level, which is a Security Token a user must have to be given access to run the script.
    • To edit the Page Security Level, click [Main Menu > Setup > General > Page Security Settings] and edit the desired page.
  • In-Page Security
    • Pages (scripts) control the data, buttons and links presented according to any or all of the Security Tokens assigned to the Security Role of the user.

Users and assigned Security Roles

Default (out-of-the-box) Security Roles

  • Accountant
  • AP Clerk
  • AR Clerk
  • Inquiries/Order Entry
  • Manufact/Stock Admin
  • Purchasing Officer
  • Customer (login only)
  • Supplier (login only)
  • System Administrator

SCC Employees and Security Role

The following organisation chart shows SCC employees with their assigned security role.

E.g. Miquel DeLazes > Security Role: Manufac/Stock Admin [Main Menu > Setup > General > Users Maintenance]

Security Roles and Security Tokens

Miquel Delazes, by being assigned the role “Manufact/Stock Admin”, is given security tokens 0 (Main Index Page), 1 (Order Entry/Inquiries customer access only), 2 (Basic Reports and inquiries with selection options) and 11 (Inventory Management and Pricing)

To create or edit a user Security Role: [Main Menu > Setup > General > Access Permissions Maintenance]

Examining the security role “Manufact/Stock Admin” shows which Security Tokens are assigned to Miquel Delazes through his Security Role “Manufact/Stock Admin”.

In his role as “Manufact/Stock Admin”, Miquel will need to search, create and edit Items, which is accomplished using the “SelectProduct.php” script.

E.g. [Main Menu > Inventory > Maintenance > Select an Item] and click [Seach Now].

Access to the SelectProduct.php script is controlled by the Page Security Level.

Page Security Levels

To view or edit the page security levels (aka script security levels), click [Main Menu > Setup > General > Page Security Settings].

It can be see that the SelectProduct.php script (aka page) has been assigned “Basic Reports and Inquirires with selection options”, which is assigned to the “Manufact/Stock Admin” security role assigned to Miquel as we saw previously.

In-Page Security

A page itself can restrict access and fine-tune security role, security token assignment and security level script assignment.

For example, examine the SelectProduct.php script. User Miquel will not be shown pricing, supplier purchasing or cost information because his “Manufact/Stock Admin” security role does not have Security Token 12 (Prices Security), Security Token 9 (Supplier centre – Supplier access only) or Security Token 18 (Cost authority).

One Reply to “webERP User Security System”

  1. Pingback: webERP Tutorials – dalescott.net

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.