If the ROLESECU installation parameter has been configured as ON, the system will function with the following changes to previous system behavior:
The first major difference in the system when Role Security is enabled, relates to the appearance and behavior of the Role field itself. When the ROLESECU installation parameter is set to ON, Role is no longer assigned a default value (of "*"); and is no longer a protected field for any User record (Organization tab), it therefore becomes available and editable. Permissions for any User will be drawn from the Organization tab of the User screen; but will use the current specified Role for the user to select the User Group for that Role.
While the default Role (*) is a system role and is always available, additional Roles can be defined by the system administrator through the Role Setup screen. Each Role defined through the Role Setup screen documents an association between both a User Group and an Organization; and may include specifications regarding permissions for use of HxGN EAM products including the base application, mobile applications, etc., as well as additional Role Limits (for example, Requisition, Invoice, Purchase Orders and corresponding Approval limits). See the HxGN EAM System Administrator Guide for more details regarding Role Setup functionality.
When Role Security is enabled, if the current Role for a User in an Organization is set to *, both the Menu and page layout will continue to come from those configured for the User Group that is specified for the User in the User record view. This behavior allows the system to continue working as before when Role Security is first enabled. For example, upon release, HxGN EAM assigns the default Role ("*") to be associated with the "R5" User Group, under the Default ("*") Organization. In this case, if an EAM User is assigned to the default role, they will see the corresponding Menu Structure and page layout that have been defined for the R5 Group for the default Organization.
In contrast, if the current Role for a User in an Organization is not set to the default Role but rather any other defined Role within that Organization, then the menu and page layout will be drawn from the User Group that is associated with that specific Role.
It is essential to understand that when Role Security is enabled, it is possible and likely for a User to be associated to an Organization more than once. This may occur only when the User is associated with multiple or different Roles within the same Organization.
Further, it should be noted that each Role to which a user has access must also have access to the default Organization (DEFORG) for the system; as there are many places in the code of HxGN EAM that rely on the User having access to the DEFORG. When a record is added for an Organization that is not the default Organization, the system checks if a record already exists for that Role in the DEFORG. If not, then the system will (in addition to the specified record being inserted) also insert a second record for the DEFORG associated to the same Role and User Group to ensure that the User has access to the default Organization. Similarly, when a record is deleted to remove the association between a User and the default Organization; the system confirms that no other records exist in the same Role as the one being deleted. If other records exist in the same Role as the one being deleted, all other records for the Role must be removed first.
When Role Security is enabled, any EAM User will, upon login, encounter an additional button shown in the System Links portion of the screen, labelled as Switch Roles. This button invokes a popup in which the User can select from a list of values, any other Role to which their User ID is associated. As well, any EAM User may at any time also confirm the Role through which they are currently accessing the system via the ‘About’ System Link. See HxGN EAM System User Guide for more details regarding the functionality of system-level functions.
Visibility to the current value for the Role field for a User through the ‘About’ feature is always available, regardless of the value of the ROLESECU installation parameter.
As an EAM User navigates an environment where ROLESECU is set to ON, it is expected that they will encounter fields wherein they must select one or more records from a list of values (LOV). In determining which records to display in any list of values (LOV), the system will consider only the list of Organizations associated with the current Role (through the Organization tab of the User Group screen). Similarly, when a User creates a report in an environment where Role Security is enabled; the system includes only report data that matches one of the Organizations listed on the Organizations tab of User for the currently selected Role.