Skip to main content
Question

How access rights are defined in MYOB Acumatica?


Forum|alt.badge.img

Hi Community, I am struggling to maintain data security in MYOB because a user can see other users’ purchase request and so on. Please help me out. I want to manage it properly and document it. However, I am confused as it is complex to understand.

 

In our scenario, there are 3 types of access rights.

  1. Access Rights by License Type
  2. Access Rights by Role
  3. Access Rights by Screen

There are modules, forms, functions and what not.

Example: If we grant ‘Employee’ License and ‘Administrator’ role to them. And both have different level of access rights.

In this case,

  • Which access right over-rides to each other?
  • Is there a hierarchy ?
  • Admins cannot modify access rights by license type as it is purchased accordingly.
  • How does this all work 

Is there anyone experts here regarding this topic?

Regards

Abhishek

 

8 replies

Laura02
Captain II
Forum|alt.badge.img+19
  • Captain II
  • 3101 replies
  • December 9, 2024

Hello,

My experience is with Acumatica, not MYOB. I’ll assume security is similar between the two, for this reply.

If needed, I hope an MYOB user will help make a distinction between the security features of Acumatica versus MYOB.

  1. Suppose a User is in two roles.  One Role Grants access to Bills & Adjustments screen, and the other Revokes access to Bills & Adjustments screen.  The User will not see Bills & Adjustments screen. The most restrictive role controls access in this case.
  1. Access Rights by Role and Access Rights by Screen are two ways of looking at the same Access Rights.
  • Do you want to see all the Roles that can access Bills & Adjustments screen? Use Access Rights by Screen.
  • Do you want to see all the Screens & Reports that AR Manager Role can see?  Use Access Rights by Role.

To Learn about Configuring System Security, use this link

Start Here to Learn System Security

Laura


Chris Hackett
Community Manager
Forum|alt.badge.img
  • Acumatica Community Manager
  • 2546 replies
  • December 9, 2024

Hi ​@abhishekkc - In addition to ​@Laura02 ‘s help, I’m going to move this to the MYOB forum for better visibility.

 


Forum|alt.badge.img
  • Author
  • Freshman I
  • 15 replies
  • December 10, 2024

Hi ​@Laura02 , Thanks for the reply. I will check that document. any idea about access rights by license type ?


Laura02
Captain II
Forum|alt.badge.img+19
  • Captain II
  • 3101 replies
  • December 10, 2024

Hello,

Can you give an example, or screen shot, showing what you mean by “Access Rights by License Type”?

Some features need to be purchased, added to the license, before anyone can see the screens on the menu. Is this what you are referring to?

Examples of screens that you need to purchase a license for are Avalara Sales Tax calculation, Avalara Address verification, Expense Claims and Construction module (only appears in Construction Edition).

 

Laura


  • Freshman II
  • 6 replies
  • December 10, 2024

@Laura02  In MYOB, there is an extra level of granularity because it is sold with a fixed number of users per user license type e.g. “Full” vs “Sales & CRM” vs “Warehouse”.  They’re like mandatory predefined roles and then Acumatica’s standard role system is layered on top of that, being able to restrict users further but unable to grant access to features the user license type doesn’t have.

@abhishekkc You’re going to have a challenge if you need to restrict access to documents based on the user who created it, as Roles and Licenses cover only system features and screens. 

You can have the requisition screen customized to compare current user to the creating user, see an example of somebody doing it for Approval documents here

That thread also discusses Row level security of Restriction Groups for Entities(Customers/Vendors/GL#s).  If your users are responsible for specific Vendors, you could restrict them to see only PO/s and Requisitions for those Vendors. But restriction groups are a topic some find even more complicated than Roles, so I would recommend testing them in a sandbox first.  Especially since you can’t delete Restriction Groups and you only get 256 of them.


Forum|alt.badge.img
  • Author
  • Freshman I
  • 15 replies
  • December 10, 2024

Hi ​@bmonaghan , Thanks for your response. Can we say that Access Rights by License Type is first level of authorization. If license denies the access, even the highest level of access right via role/screen can’t grant the access to the user. 

Please correct me if I am wrong if this is the hierarchy for a user’s authorization to MYOB:

Access Rights by License > Access Rights by Screen> Access Rights by Role


  • Freshman II
  • 6 replies
  • December 11, 2024

@abhishekkc you are correct that Access Right by License Type is the first level and that role/screen can’t grant more access to system features.  There is a minor misunderstanding that Access Right by Screen and Access Rights by Role refer to the same rights, just different views of it, as Laura mentioned.

 

If you go into Access Rights by Screen and pick a particular Screen, you’ll see a list of Roles and their access to that Screen.  It is good for comparing how different roles see the system.

If you  go into Access Rights by Role and pick a Role at the top dropdown, you’ll see that same list of Screens and that Role’s Access to them. It’s quicker to update a single Role’s access.

 

There is also be an Access Rights by User that will show the effective access for a user with multiple roles, but it is read-only. 


Graeme Laughton-Mutu
Freshman II
Forum|alt.badge.img

An extra tip about the Access Rights by User (SM201055) screen.

Use the View Roles button to see how each of the user’s roles contribute to their final level of access.

Great for troubleshooting access issues, and identifying which roles need to be added/removed/modified to give the user what they need (or don’t need).

 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings