!!!ASSIGN EXECUTION RIGHTS

The Assign Execution Rights (IMER) form is used for setting the execution rights for each role and user for each function.  

IMER determines the functions for the new role(s) and what those roles can do within the function (i.e. Create, Update, Retrieve, Delete).  You can define the user or role (but not both) to have execution to the function. We supply by default the [P2K_MASTER] role. When you start up you may have this role assign to a few core users, but when you go live you will have [P2K_MASTER] assigned to [P2K_USER].

[P2K_USER] role itself should not be used here except for emergencies. Otherwise you may end up losing the ability to audit which user did what changes to the system.

If you wanted to take away rights from someone who had a role with full execution rights to a function, you would do that by specifying that user and removing the toggle to the execution right you wish removed. This will override the CRUD they have in their role.

!Assign Functions to Roles
There are two ways to assign functions to roles:
# In IMER, call up the function and give the role access to the specifics you want them to have based on CRUD.
# In the Define Roles ([IMRO]) screen for the specific Execution Rights role, go to the Execution Rights tab and add the function you wish that role to have access to.
# Now log out and then log back. This step is needed in order for the changes to security to take affect. It is important that security is setup with all users off the system.

%%warning The rights assigned to the [P2K_MASTER] role must NOT be changed.  These are generated by script and gives the master capability to the role (and thus P2K user) to be able to access all parts of the system.%% 

The definition data for the Assign Execution Rights screen is stored in the [P2K_AM_SECURITY_RIGHTS] and [P2K_AM_FUNCTIONS] tables.

;[User|USER_NAME] or [Role|ROLE_NAME]: These fields allow you to chose the individual or role you wish to assign execution rights to. 


These toggles allow you to indicate the specific execution rights you wish grant to the user or role. 
;[Create|CREATE_ALLOWED]:If both role and function execution rights are set to “Yes”, a user with this role may create data in this function.
;:If the boolean for either the Role Execution Rights or the Function Execution ‘Allowed’ Rights are “No”, then the user will not be able to create data in the function.
;[Retrieve|RETRIEVE_ALLOWED]:If both role and function execution rights are set to “Yes”, a user with this role may retrieve data in this function.
;:If the boolean for either the Role Execution Rights or the Function Execution ‘Allowed’ Rights are “No”, then the user will not be able to retrieve data in the function.
;[Update|UPDATE_ALLOWED]:If both role and function execution rights are set to “Yes”, a user with this role may update data in this function.
;:If the boolean for either the Role Execution Rights or the Function Execution ‘Allowed’ Rights are “No”, then the user will not be able to update data in the function.
;[Delete Allowed|DELETE_ALLOWED]:If both role and function execution rights are set to “Yes”, a user with this role may delete data in this function.
;:If the boolean for either the Role Execution Rights or the Function Execution ‘Allowed’ Rights are “No”, then the user will not be able to delete data in the function.