ASSIGN ROLES TO USERS#
The Assign Roles to Users (IMUR) screen is used to assign roles to users, giving them certain security restrictions or other capabilities. The screen provides a listing of all the users and the roles they've been given. After all the roles have been assigned, you will need to assign the users to specific roles using IMUR.
There are several base roles supplied in the application.
P2K_USER | This role is required for all users and provides the user with basic rights and privileges. |
P2K_MASTER | P2K_Master is an application role only with no database rights or privileges assigned. This is an initial startup role that has all screen and report execution rights in it. As such, this role should not be assigned to your regular users, but rather to new roles with execution rights specific to the tasks assigned to that user. |
P2K_DBA | This is the database administrative role that should only be given to a minimum number of users that are part of your technical team and senior users. |
DISC_USER | This is an optional role that can be defined with a system supplied script to create a default role in both the database and the application. This role can now be added to a user and removed inside of the application. This role will allow those users to make use of the Discoverer application with all the database selectivity within the user’s application rights. |
During testing, all users were most likely set-up with the P2K_MASTER role. P2K_MASTER gives the user access to all functions. Once the users have been assigned to their new Execution Rights roles, you would replace the P2K_MASTER role with the correct role for the employee.
DO NOT make any changes to the P2K_MASTER Role as this role will be used by P2K and will have access to everything in the system.The P2K_USER role must remain with each user, as this gives them access to the application. Sequences are very important to define the hierarchy of the roles and are important if a user is assigned to more than one role.
For example, if you have a PR_ROLE and an HR_ROLE and you assign USER-A to both these roles, you need to identify a sequence. Set P2K_USER to 10, PR_ROLE to 20 and HR_ROLE to 30. If in PR_ROLE, you say that for the (IEID) function the P2K_User has no access but in HR_ROLE the user has access, sequence 30 prevails and therefore the user has access to (IEID). Again, the default role is only required if this user needs to have access outside of the application. You must have P2k_User checked as the default role or a parse error occurs.
In the example above the user will have a business role which will give them the standard splash screen when they enter the application. The EP_FOS role sets the specific objects or fields the user can see or update. The EP_DATA role sets the specific data the user may be restricted from or to.
The definition data for the Assign Roles to Users screen is stored in the P2K_AM_USER_ROLES table.
- User
- This field identifies the user you wish to assign the role to.
- Seq #
- If the user profile has been assigned more than one role, this field identifies the order in which the roles will be presented when the user logs in.
- All roles must have unique sequence numbers. This is important as there is a direct correlation between the sequence number and the order in which the icons are displayed in the Self Service header.
- The lowest sequence number will be displayed furthest to the left whereas the role with the highest sequence number will be displayed furthest to the right.
- The role with the highest sequence reflects the default module that the user will be in when they sign into Self Service.
- Role
- This field allows you identify the role you wish to assign to the user.
- Role Type
- The role is categorized into a specific type in this field.
- Business Focus Role
- Default
- If this toggle is checked, the role will be the user’s default role.