Solved

PO Document access for all organizational users


Userlevel 7
Badge +12

Hi All

 

I created a Document class under which I plan to connect a certain set of documents to either PO header or line (or both) in the future. Now I need to give all IFS users in my organization ‘View Only’ access to this Doc Class.

 

I read the following post and the answer by @Thilini Kumarasinghe and noticed that PO is not among the standard object types available for access control. 

 

 

Can anybody guide me through the steps on how should I do this with regards to the access setup? Thank You

icon

Best answer by Mathias Dahl 4 August 2021, 22:42

View original

13 replies

Userlevel 6
Badge +14

Hi Enzo,

 

For this purpose you can use access templates.

 

  1. Open Document Management\Basic Data\Document Basic.
  2. Open Access template tab.
  3. Here select the document class you need.
  4. Enter either person IDs of each user, or you can group all users in a person group (in person groups tab) and enter that person group here. Select View access only.

 

Kinldy note that this will give the users view access for new documents created for the document class but not for existing ones.

If you need to give access for existing documents as well, you can use a person group that is already connected to this document class (not a new person group) and then add the users to that person group.

 

Best Regards,

Thilini Kumarasinghe

Userlevel 7
Badge +13

Hi,

If you really want ALL persons to have access, use Person ID = * in the access template for the document class. If you want many but not all I am afraid you need to maintain a person group with the persons that should have access, and use that group on your template. With some clever use of custom events, if the data (the list of persons) is available elsewhere, you might be able to keep such a person group updated automatically. That is left as an exercise for the reader :)

Good luck!

/Mathias

 

Userlevel 7
Badge +13

Firstly, to be clear: if you change the access template, it does not affect existing documents that uses that template. The change only applies to new documents.

The Generate Results is a feature you use when you want to check if the resulting access it what you thought it would be, given the definition on the document revision itself. If you in the definition have set * as Person ID, then, naturally, you will see all persons get access (or, if a person also has its own access line, that person will get the access from that line instead).

If you find this is not how it is working, I suggest you file a proper support case with us.

Thanks!

 

Userlevel 6
Badge +14

Hi Enzo,

I have to agree with @Mathias Dahl . He is the product architect for Document management area who helps with clearing out our doubts as well, so obviously his answer should be correct :)

Best Regards,

Thilini

Userlevel 7
Badge +13

I'm glad we could help out.

There is really only one caveat to consider when using the Person ID = * functionality, and that is if you happen to have a user (often this is IFSAPP) that has got the person ID = * assigned. This will not work together with the mentioned feature in Docman. If possible, change the person of that user. It is generally a bad idea to run the system as the application owner anyway.

Other than that, it is a very useful feature.
 

Userlevel 6
Badge +14

Hi Enzo,

 

You are most welcome.

Kinldy find below clarification.

 

  1. Here adding person ID * will not grant all users with access to that document class.
  • Either you have to create a person group like below and add it to the access template OR
  •  

  • Enter person ID s directly.
  1. And I do not think it will be possible to give view access to users only if that particular document is connected to Purchase order. Access for object type Purchase Order cannot be specifically defined as per the previous community post.

 

Best Regards,

Thilini Kumarasinghe

 

Userlevel 7
Badge +12

Posting this comment to have a proper closure for this thread. 

Like @Thilini Kumarasinghe and @Mathias Dahl correctly highlighted, newly added users won’t get access to the old documents under the relevant Doc Class. So my technical colleague plans to run a script that grants access to all users. This way I think I’ll also manage to keep my system admin who dosen’t want to disconnect Person * from the user IFSAPP, happy. :)

Userlevel 7
Badge +12

@Mathias Dahl one last question though. After I controlled the access through the Access Template, what’s the effect of this ‘Generate results’ button in the individual document level? 

 

 

I tried that and then it populated a list of persons not included in the definition tab. Looks to me that if we click ‘generate results’, it gives access to all IFS users despite the fact that we have controlled it through the Access Template. 

Userlevel 7
Badge +12

@Mathias Dahl thank you. I was a bit confused since @Thilini Kumarasinghe ‘s explanation was a bit contrary to yours. (I do understand both of you are IFS experts - no doubt there) Yes, getting all persons access (since all IFS users have a person setup) is my expectation. So I think I can have * setup under person ID for the access template of the doc class with ‘view access’ ticked will do the trick for me. 

 

Hope @Thilini Kumarasinghe also agrees? :)

Userlevel 7
Badge +12

Thank You both @Thilini Kumarasinghe and @Mathias Dahl 

Userlevel 7
Badge +12

Thanks @Thilini Kumarasinghe , a couple of questions here 

 

  1. Assuming you meant something like below, * sign under the person ID will cover all users right? Will this sort the issue for both new and existing documents, do you think?
     

 

  1. Since I am thinking that PO header and line levels only (assuming that there might be some users who might use this specific Doc Class connected to other objects than the PO - that’s why I would give view only access only when its connected to PO) won’t I need to set up ‘Document defaults per object’ or ‘Default Object Access Levels’? 
Userlevel 7
Badge +12

Thanks for clarifying Thilini. I will do some testing and come back. Have a great day!

Userlevel 7
Badge +12

@Thilini Kumarasinghe so I will have to add all IFS users to this person group, one by one, manually right?

 

Also per the previous community post, with a little customization / configuration, I might be able to have the PO object connection to this document class right?

Reply