I’m looking to assign a user(IT Manager) in Acumatica with access limited strictly to User Management—specifically, the ability to create, edit, and reset passwords.
This user will only use the system in case I’m unavailable, such as during emergencies, to reset passwords or manage user access. I want to ensure they don’t have broader administrative or system-level permissions.
Is there a recommended way to configure this using roles or access rights?
Any guidance or best practices would be greatly appreciated!
Best answer by MichaelShirk
@ashokkumarraja
If you navigate to the “Users”node on the “Access Rights by Screen” screen, grant the role that you want controlling this, Edit access at the “Users” level, then expand that node, and note the “Login Type Allow Role” node. Change that to Revoked, or View Only.
This would allow a user with that role to edit existing users, but not grant them additional roles, or revoke existing ones.
You can also edit permissions for that role, for specific fields on the users record to lock it down even more.
Here you can read a detailed response I left about how to find and set access rights down to the field level.
I’d recommend creating a custom role with just the access for this screen that is just for this user. You may also want to look at revoking access to specific features/buttons (i.e. log in as user).
If you navigate to the “Users”node on the “Access Rights by Screen” screen, grant the role that you want controlling this, Edit access at the “Users” level, then expand that node, and note the “Login Type Allow Role” node. Change that to Revoked, or View Only.
This would allow a user with that role to edit existing users, but not grant them additional roles, or revoke existing ones.
You can also edit permissions for that role, for specific fields on the users record to lock it down even more.
Here you can read a detailed response I left about how to find and set access rights down to the field level.
