I have a question about conflicting role access. as far as I can tell from reading in the forums it doesn't seem like there should be any access that is able to be conflicting as it should default to whatever role has more access. All of that being said we continually have issues Where our roles are conflicting with each other and the access that they have. has anyone else had this issue? like i said reading through the forums it doesn't seem like it should be an issue. but we’ve seen it time and time again when assigning roles.
Answer
conflicting role access
Best answer by MichaelShirk
We’ve run into this issue as well. I would go so far as to call it a bug, though we haven’t reported it to Acumatica as a bug, so it hasn’t been confirmed.
Even though the documentation says that “Most Permissive” wins, that is not always the case.
It appears from my experience that a user’s roles are evaluated in alphabetical ascending order. When a user has a LESS permissive role, AFTER (alphabetical) the more permissive role, the user will sometimes lose access that they should have, based on their more permissive role.
The work around is to create an additional role with the most permissive, COMBINED permissions of the two roles that are conflicting, and assigning that role to the user instead of the two conflicting roles.
Make sense?
+15Acumatica does default to most access. Prior to 24 R1, ‘Not Set’ was a neutral role if used properly. It would allow access if greater access was permitted or deny it if not (and as long as one other role had access rights to that node set explicitly to something other than ‘Not Set’).
+15(I edited my first answer. I was wrong.)
+15Could you give an example of a conflict?
Thanks for taking the time to respond. I really appreciate it. I think the most basic example i can give is with a sales order.
we currently have three levels of access: (Ill use our sales department as an example.)
sales order admin
sales order entry
sales order view
if we give them admin then they have access to everything that is needed within that role. however, if we have either of the other two activated in connection with the sales order admin role. then we start getting issues where they start to lose access to certain almost random things like the approval button to approve the sales order.... that's more of a general overview so I hope that makes sense.
this most recent issue that is causing me to reach out to the community is that I recently changed the access for one of the managers to reflect as Sales order admin in connection with other roles, he has which are all admin level roles and for some reason it caused it to where he can't access any invoices he can click on them and the page pulls up but the invoice wont populate. I did confirm that the roles he has would have access to those pages. So I’m just stuck in troubleshooting right now.
+15Have you confirmed that none of the child elements of those pages are explicitly set to a lesser permission that would cause inconsistency?
Daryl ⚡Freelance Acumatica Developer (MVP🏆) for hire ⏩ linkedin.com/in/darylbowman
+5
We’ve run into this issue as well. I would go so far as to call it a bug, though we haven’t reported it to Acumatica as a bug, so it hasn’t been confirmed.
Even though the documentation says that “Most Permissive” wins, that is not always the case.
It appears from my experience that a user’s roles are evaluated in alphabetical ascending order. When a user has a LESS permissive role, AFTER (alphabetical) the more permissive role, the user will sometimes lose access that they should have, based on their more permissive role.
The work around is to create an additional role with the most permissive, COMBINED permissions of the two roles that are conflicting, and assigning that role to the user instead of the two conflicting roles.
Make sense?
Michael Shirk, Pine View Buildings, LLC - If a member helped you, please *Like* their post. If a member provided an answer to your question, please mark it as *Best Answer*.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.