Solved

Prevent SO Invoice release by Access Rights

  • 26 October 2023
  • 6 replies
  • 67 views
T
Rank
Userlevel 3
Badge


 

I have Access Rights by Role set up.  I’m trying to find where to prevent the release of SO Invoices and AR invoices by this role.  I have done revoked on every “Release” I can find related to invoices and can’t seem to get it. 

icon

Best answer by Laura02 27 October 2023, 12:36

View original

6 replies

Robert Sternberg
Rank
Userlevel 7
Badge +8

Hi @travislawson follow the steps below to remove access. 

 

Navigate to Access Rights by Screen

In the folder structure find:

  • Sales Orders
    • Invoices
      • AR Invoice/Memo
        • Release

Set the role needing the restriction to ‘Revoked’ 

 

Hope this helps!

Robert Sternberg, Crestwood Associates -- ** Summit 2024 - Visit Us at Booth #600 ** -- If a community member helped you, please *Like* their post/reply. If they provided an answer to your question, please mark it as *Best Answer*.
Laura02
Rank
Badge +18

Hello @travislawson ,

I’m following @Robert Sternberg ‘s answer, because I want to understand the steps for next time.

I’d like to add a little more detail because it was a bit tricky to get this to work, even knowing Robert’s steps. 🤔 

Robert suggested → Laura Added:

In the folder structure find:

  • Sales Orders → Set this Level to GRANTED
    • Invoices → Set this Level to DELETE
      • AR Invoice/Memo → Set this Level to DELETE
        • Release → Set this Level to REVOKED

Good luck,

 

Laura

Laura ~ Klear Systems, Inc. Irvine, CA. ~ Please remember to "Mark Best Answer" to help those who are facing the same problem.~
Robert Sternberg
Rank
Userlevel 7
Badge +8

Thanks @Laura02 for adding some clarity (and color)!  In case anyone is wondering why you need to set each level - it is built into Acumatica’s access right structure. 

To become more specific at lower levels “Inherited” must not be present at higher levels, at higher levels you must explicitly set an Access Right (Granted, Revoked, Delete, Edit, or View Only). 

In our example that means Sales Orders, Invoices, and AR Invoice/Memo levels must be explicit and not “Inherited” to allow for Release to be explicitly set to Revoked

 

Access rights are tricky and take some practice, Laura had a great test setup where a new role of “No Release SO Invoice” was created specifically to test this function.  

 

Also please keep in mind when you set an access right at the Action/Field level it takes precedence over other roles.  Acumatica’s typical structure is “give the user the most permissions available to them based on their assigned roles” that no longer applies and switches to “give the user the most specific permissions available to their assigned roles” when you add access rights at this lowest level. 

Robert Sternberg, Crestwood Associates -- ** Summit 2024 - Visit Us at Booth #600 ** -- If a community member helped you, please *Like* their post/reply. If they provided an answer to your question, please mark it as *Best Answer*.
T
Rank
Userlevel 3
Badge

Thank you @Robert Sternberg and @Laura02.  Worked perfectly and I think I have a better understanding of the permissions.

T
Rank
Userlevel 3
Badge

Also please keep in mind when you set an access right at the Action/Field level it takes precedence over other roles.  Acumatica’s typical structure is “give the user the most permissions available to them based on their assigned roles” that no longer applies and switches to “give the user the most specific permissions available to their assigned roles” when you add access rights at this lowest level. 

 

 

Wanted to expand on this a little.  I have a user that has two roles.  One role had the specific permissions to prevent the release of the SO Invoice but the other had Invoices set as Delete and everything else left inherited.  It did block them from releasing the invoice.  I had to dive down into the hierarchy and set them specifically to allow them to release the invoice. 

Odd behavior in a way since it was inherited.  Shouldn’t seem like I would have to do it so granular to reverse the Revoked on the other role. 

 

 

Robert Sternberg
Rank
Userlevel 7
Badge +8

@travislawson Hi Travis, yes what you experienced is expected.  When Access Rights are assigned at a more granular level the inherited label on other roles is equivalent to ‘not set’ this is a little tricky and I believe there have been some Acumatica ‘ideas’ in the past on how to display this nuance.  

Definitely takes practice, use the ‘Access Rights by User’ screen and test roles until you are comfortable.  My personal advise is to limit the usage of granular roles at the Field/Action level to prevent to ongoing maintenance of Access Rights. 

Hope this helps!

Robert Sternberg, Crestwood Associates -- ** Summit 2024 - Visit Us at Booth #600 ** -- If a community member helped you, please *Like* their post/reply. If they provided an answer to your question, please mark it as *Best Answer*.

Reply


Terms & ConditionsCookie settings
About Acumatica ERP system
Acumatica Cloud ERP provides the best business management solution for transforming your company to thrive in the new digital economy. Built on a future-proof platform with open architecture for rapid integrations, scalability, and ease of use, Acumatica delivers unparalleled value to small and midmarket organizations. Connected Business. Delivered.
© 2008 — 2024  Acumatica, Inc. All rights reserved