Easy Security: Maintaining Logins

Logins is best maintained by using groups of roles. This makes it easy to get an overview of the high level permissions for a user. Instead of 50 individual roles is maybe only a few Role Groups needed. By making groups like "BASE", "SALES", "ACCOUNTING" and "WAREHOUSE" are the groups referring to functional areas. When later adding another customization or add-on requiring more roles for a user, it only would affect the Role Group and not each individual user. Certifying users with Sarbanes-Oxley is also easier when using the Role Groups, compared to many individual roles.

Role Groups can also be nested by Including Role Groups inside a Role Group. This can be used for build a setup with a user only having 1 Role Groups in each Company.

The "SUPER" or "SUPER (DATA)" should normally not be included in Role Groups since these are really important and needs to be visible directly under the Login.

A Role Group "BASE" is very useful to add permissions that all users need. The Role "ALL" and "BASIC" can be included in the Role Group. But also Roles required by add-ons to be added to every user can be added to the Role Group.

If many users work in a similar role in a company and need the same permissions the "Permissions as User ID" should be used. This allows for only maintaining one user and has all the other warehouse employees be similar for example.

Company Groups can save a lot of complexity by having multiple test companies in a single Company Group. New test companies are typically created on a regular basis and adding the permissions to users would only be adding the Company in the Company Group and then publish permissions.

Don't Like

Related resources

Download software from Mergetool.com