Solved

How to configure User can restrict to see his only approval documents

  • 11 March 2023
  • 6 replies
  • 388 views

Userlevel 3
Badge

Hello Community,

We have configured the Approval Maps for the Bills and Adjustments screen and it is working fine. However, the Approver is currently able to see other documents as well. How can we configure it so that the Approver only sees the documents that require their approval?

 

Any help highly appreciated!!

icon

Best answer by aaghaei 12 March 2023, 01:47

View original

6 replies

Badge +16

Hello,

It helps to know whether the approval map is routing the Bills to individual people or to a Workgroup (a node on the Company Tree).

If the approval is routed to individual people, there is a filter “@Me” on the My Approvals tab. If the approval is routed to the WorkGroup, there is a filter on the My WorkGroup tab. If you are using a Work Group then the User will see all approvals for the WorkGroups where she is a member.

Can you show the Rules of the Approval and the Filters on the tabs of Approval PL screen? Thanks.

Userlevel 3
Badge

Hi @Laura02  Thanks for the response.

But if I try to access the Bill document with DocType and RefNbr in the URL, approver can able to see the other documents as well.

https://InstanceURL/Main?CompanyID=Company&ScreenId=AP301000&DocType=INV&RefNbr=ER00000232

 

How can we restrict this?

Userlevel 7
Badge +8

The short answer is if a user have access to a screen, you cannot prevent them from opening documents via url. They can open but they cannot perform unauthorized actions on documents. The only possible way to limit the access to some degree is row-level security on some applicable objects like Company, Branch and Vendor.

Userlevel 3
Badge

@aaghaei Understood. Can you please let me know how can we apply the row level security on Company, Branch and etc

Userlevel 7
Badge +8

@nsmith51 First activate the “Row-Level Security” in the “Enable/Disable Features” screen and then when it is enabled in your left main navigation panel, you can configure the Restricted Entities and set up the Restriction Profiles. In each of these screens if you click on the help icon (?) on the top right corner of your screen you can read through the help.

The only exception is Company/Branch. for this you will need to set up the User Roles “SM201005” (for example the group of companies that users should have access), assign the users to each Role, and then in Company/Branch screen you select the related “Access Role” for each company. Basically, you are educating the system what is the associated Role to each company and who are the users which are part of the role.

 

Hi @Laura02  Thanks for the response.

But if I try to access the Bill document with DocType and RefNbr in the URL, approver can able to see the other documents as well.

https://InstanceURL/Main?CompanyID=Company&ScreenId=AP301000&DocType=INV&RefNbr=ER00000232

 

How can we restrict this?

Took me week or so, but I have achieved something “acceptable” to prevent this.

        public PXApprovalProcessing<EPOwned, Where<True, Equal<True>>, OrderBy<Desc<EPOwned.docDate, Asc<EPOwned.approvalID>>>> Records;

protected virtual void APInvoice_RowSelected(PXCache cache, PXRowSelectedEventArgs e, PXRowSelected del)
        {
            if (del != null)
            {
                del(cache, e);
            }

APInvoice row = (APInvoice)e.Row;
if (row == null) return;

var userName = Base.Accessinfo.UserName;
var userID = Base.Accessinfo.UserID;

List<UsersInRoles> userRoles = SelectFrom<UsersInRoles>
.Where<UsersInRoles.username.IsEqual<@P.AsString>>
.View.Select(Base, userName)
.RowCast<UsersInRoles>().ToList();
EPEmployee userEmployee = SelectFrom<EPEmployee>
.Where<EPEmployee.userID.IsEqual<@P.AsGuid>>
.View.Select(Base, userID);

List<UsersInRoles> redirect = userRoles.Where(x => x.Rolename == "PURCHASING").ToList();
List<ApproverEmployee> currentOwnwer = Base.Approval.Select().RowCast<ApproverEmployee>().ToList();


List<EPOwned> invoices = Records.Select().RowCast<EPOwned>().ToList();

bool ownsInvoice = invoices.Where(x => x.RefNoteID == row.NoteID).ToList().Count > 0;
if(!ownsInvoice && Base.Accessinfo.ScreenID != "EP.50.30.10" && row.RefNbr != " <NEW>")

{

                Base.Clear();
                Base.Document.AllowSelect = false;
                Base.Document.View.Clear();
                Base.Document.Cache.Clear();
                PopupNoteManager.Message = "Access Denied.";
                PopupNoteManager.ShowMessageAfterRedirect();

}

}

So… This code does some permission checking, and where the user came from to this Bill.

That in itself took me a while to figure out. The hard part was once a user typed in a URL they are not allowed to see, to get them to a “decent” page. All my PXRedirect attempts ended up on a spinning blue circle. The way here, results in on an Empty Bill that the user can not do anythign with, and a decent pop up, and Acumatica is responsive. 

I hope this is clear and helpful.

.a

Reply


About Acumatica ERP system
Acumatica Cloud ERP provides the best business management solution for transforming your company to thrive in the new digital economy. Built on a future-proof platform with open architecture for rapid integrations, scalability, and ease of use, Acumatica delivers unparalleled value to small and midmarket organizations. Connected Business. Delivered.
© 2008 — 2024  Acumatica, Inc. All rights reserved