I have Access Rights by Role set up. I’m trying to find where to prevent the release of SO Invoices and AR invoices by this role. I have done revoked on every “Release” I can find related to invoices and can’t seem to get it.
I have Access Rights by Role set up. I’m trying to find where to prevent the release of SO Invoices and AR invoices by this role. I have done revoked on every “Release” I can find related to invoices and can’t seem to get it.
Hi
Navigate to Access Rights by Screen
In the folder structure find:
Set the role needing the restriction to ‘Revoked’
Hope this helps!
Hello
I’m following
I’d like to add a little more detail because it was a bit tricky to get this to work, even knowing Robert’s steps.
Robert suggested → Laura Added:
In the folder structure find:
Good luck,
Laura
Thanks
To become more specific at lower levels “Inherited” must not be present at higher levels, at higher levels you must explicitly set an Access Right (Granted, Revoked, Delete, Edit, or View Only).
In our example that means Sales Orders, Invoices, and AR Invoice/Memo levels must be explicit and not “Inherited” to allow for Release to be explicitly set to Revoked.
Access rights are tricky and take some practice, Laura had a great test setup where a new role of “No Release SO Invoice” was created specifically to test this function.
Also please keep in mind when you set an access right at the Action/Field level it takes precedence over other roles. Acumatica’s typical structure is “give the user the most permissions available to them based on their assigned roles” that no longer applies and switches to “give the user the most specific permissions available to their assigned roles” when you add access rights at this lowest level.
Thank you
Also please keep in mind when you set an access right at the Action/Field level it takes precedence over other roles. Acumatica’s typical structure is “give the user the most permissions available to them based on their assigned roles” that no longer applies and switches to “give the user the most specific permissions available to their assigned roles” when you add access rights at this lowest level.
Wanted to expand on this a little. I have a user that has two roles. One role had the specific permissions to prevent the release of the SO Invoice but the other had Invoices set as Delete and everything else left inherited. It did block them from releasing the invoice. I had to dive down into the hierarchy and set them specifically to allow them to release the invoice.
Odd behavior in a way since it was inherited. Shouldn’t seem like I would have to do it so granular to reverse the Revoked on the other role.
Definitely takes practice, use the ‘Access Rights by User’ screen and test roles until you are comfortable. My personal advise is to limit the usage of granular roles at the Field/Action level to prevent to ongoing maintenance of Access Rights.
Hope this helps!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.