1. Security Administration Guide
  2. Sequencing Roles

Sequencing Roles

The Work With Role Sequences form contains all of the roles that you defined and enables you to assign a sequence to the roles. The sequence defines a hierarchy of roles and determines which role is used when a security conflict exists among roles when a user signs in as *ALL.

The EnterpriseOne Windows client and Web client differ as to how they use the role sequence to determine which security record is applied. The Web client only checks the first role in the role sequence to determine the security for an application, form, column, row, and so forth. The Windows client checks all the roles in *ALL for security, but uses the role sequence to determine which role to use when there are duplicate security records.

This is an example of duplicate security records in which the Windows client is forced to use the role hierarchy to determine which security record to apply:

A user signs in as *ALL. The *ALL has two roles associated with it—Role 1 and Role 2.

  • Role 1 = Form A is secured; no access allowed.

  • Role 2 = Form A is not secured; access allowed.

Because of the conflict in security between these two roles, EnterpriseOne uses the information in the role sequence to determine which role to use for security. If Role 1 was higher in the sequence, then the security for that role is applied.

In this same example, if each of these roles had different security records for the same security type, the system would apply the security as defined by both records. For example, if Role 1 does not allow users to view column A and Role 2 does not allow users to view column B, the user would not be able to view either column on the form.

You can configure the EnterpriseOne Web client to use the same role sequencing functionality as the Windows client. This is recommended if you are migrating from the Windows client to the Web client. To enable this functionality in the Web client, use Server Manager to configure the following setting in the [OWWEB] section of the JAS.INI:

userRoleHierarchy=true

To sequence roles:

In the Fast Path, enter P0092 to access the User Profiles application.

  1. On the Work With User/Role Profiles form, from the Form menu, select Role Sequence.

  2. On Work With Role Sequences, select a role from the tree structure and drag it to the point in the sequence that you want.

    Note: The system checks the sequence of roles in descending order.

  3. After you have set the order that you want, select Set Sequences from the Form menu and click Close.

  4. If you decide you do not want to change the sequence, select Close Without Set from the Form menu and click Close.