Solved

Read only access to an entire SITE

ZTC ZTC JGOTA
Rank
Userlevel 6
Badge +14

Hello, IFS community.

Our company has four sites; each of the sites shares the same EU_ROLES permissions.

I wonder if there is a way to set up one of the sites to be read-only access to IFS or read-only to  Inventory Transactions, Customer Order, WO without me recreating all the permission set manually?

I will appreciate your advice.

Thanks,
JL

icon

Best answer by VivekBhandiwad 17 April 2022, 18:45

View original
JL

11 replies

S
Rank
Userlevel 7
Badge +28

No, there is no way to make one site read only when the person has access to do transactions in any other site.  One of the many sought after features that isn’t present in IFS.  You can only control it via monitoring history.  You could create a custom logical unit to validate who can do transactions or not in that site, but you would need an event for each different table or module you want to control.

ZTC ZTC JGOTA
Rank
Userlevel 6
Badge +14

IFS Community,


I want to be clear with my question above.


I need to freeze transaction “Read-Only” Inventory Transactions, Customer Order, and WO, except for HR and Finance. I need to apply the read-only to the entire employees that belong to one of the sites. It will be painful to go employee by employee and manually create each EU view only role. 


Is there a way to apply a global view only EU Permission to a SITE?

 

Thanks,

JL

 

JL
S
Rank
Userlevel 7
Badge +28

No - you can’t apply profiles or permissions to a site, global or otherwise.  They are granted or applied to users.

 

K
Rank
Userlevel 5
Badge +15

Hi @ZTC ZTC JGOTA

 

Here You have got another discusstion regarding this:

 

You can achive that by two seperate application accounts but it affects license usage.

Piotr --> https://www.linkedin.com/in/piotr-skowronek-8425aa6/
dsj
Rank
Userlevel 7
Badge +20

Hi @ZTC ZTC JGOTA 

 

If you need read only access for handful of objects, one thing you can do is that create event actions on Modify for each object and give an error when someone tries to modify an object.

 

Eg event action for Customer order:
 

BEGIN

IF ('&NEW:CONTRACT' = 'ABC') THEN

Error_SYS.Record_General('CustomerOrder', 'CORAMODERR1: This site is read only, changes are not allowed.');

END IF;

END;


Hope it helps!

Damith

DSJ - https://dsj23.me
ZTC ZTC JGOTA
Rank
Userlevel 6
Badge +14

Hello All,

 

The workaround that I found was the one described from @ShawnBerk 

I created a custom event that will not allow the users to save. 

JL
VivekBhandiwad
Rank
Userlevel 4
Badge +8

Hi JL

Please find some of my notes, and if this helps , then use the same.

 

  1. As indicated by @ShawnBerk, there is no direct possible way, to make one site as read only, while being a user who is allowed transactions in the others.  The same is feasible for Finance Only Users at a company level ( multi company scenario) , but not at Site level.
  2. This may be possible in the future versions, where Oracle Row Level data security is being pursued as feature , probably similar to History Logging setup . We know it is being discussed, but not yet a full fledged solution, and is not available currently.
  3. You can expand on the event options presented by @ShawnBerk with an additional tweak.

Here are some steps

  1. Create a EU ROLE, with complete Read Only rights. ( see the tips below to create one, for full IFS ). Since you have specific components in mind ( like WO, CO, Inventory etc, I recommend using the “Permission sets by Component” tab when creating the permission sets. The naming convention can be ABC_EU_ROLE_Limited_read, where ABC is the site.
  2. Connect this role , to the users, to whom you want to give the Read_only access for specific Site 
  3. Expand the Event, and limit it to users, to whom this Permission set is connected as follows

----recopied from Shawn text, and added a few additional items -----

BEGIN

IF ( ('&NEW:CONTRACT' = 'ABC')  and (‘&New:User_id’ in (‘select user_id from ifsapp.end_user_role where End_user_role = ‘ABC_EU_ROLE_Limited_read’)) THEN

Error_SYS.Record_General('CustomerOrder', 'CORAMODERR1: This site is read only, changes are not allowed.');

END IF;

END;

PS: Query will need some more cleanup. 

This approach only gives a bit more control over the users, using permission sets, and not by naming each user, in the query.

 

 

Refer

How to grant permission sets - for read only. 

  1. Create a permission set.
  2. Go to details
  3. Go to Permission sets by Component
  4. Select each component and RMB, and grant Query All - see screenshot.
  5. Ensure there is a review on the Database objects, and Activities list, where essential, to ensure error free usage .

 

 

Regards

Vivek

VIBHIN
ZTC ZTC JGOTA
Rank
Userlevel 6
Badge +14

Hello @VivekBhandiwad 

Your answer is the best.

 

I do not know how could I change the best answer to yours.

 

Thanks,

JL

JL
S
Rank
Userlevel 7
Badge +28

@ZTC ZTC JGOTA you can send a private message to @KristenGastaldo and she can switch the answer selected.

KristenGastaldo
Rank
Userlevel 7
Badge +18

@VivekBhandiwad @ztcjdettman - Best answer has been switched! 

VivekBhandiwad
Rank
Userlevel 4
Badge +8

Dear @ShawnBerk @ZTC ZTC JGOTA

This is nice of you guys. Its Shawn's response itself. Didn't know what to say earlier about best answer, then, and don't know what to say now.

 

Glad to be of help. Stay safe. 

Regards 

Vivek

VIBHIN

Reply


Terms & ConditionsCookie settings