Understanding User Roles
As part of the system setup, you must define the roles for users in the organization. Roles define the tasks that users see when they work in EnterpriseOne Menus and determine what authority the users have in EnterpriseOne.
After you have defined a role, you can associate users with it and apply security to it to provide the appropriate level of access to EnterpriseOne functions. You can assign more than one user to a role, or you can assign more than one role to a user. To establish a role relationship, you use the Role Relationships application (P95921), which enables you to add, remove, or revise a role relationship for a user. Role relationships are revised by removing an assigned role or by changing the expiration date for an assigned role.
Assigning roles accomplishes these purposes:
Users see only those tasks and perform only those activities that relate to their jobs.
For example, a user acting in the role of accounts payable clerk might not need to see all of the tasks that an accounts payable manager would need to see. You can create both of these roles and define a different set of tasks for each one.
Users can have multiple roles.
Within an organization, a user might have many responsibilities, none of which are defined by a single role. A user who is assigned multiple roles can switch roles according to the work required.
Note: Security for a user is not affected when a user changes a role after signing in to EnterpriseOne; only menu filtering and the display of menu information is affected for that user. The security applied to a user is based on how a user signs in to the system.Administrators can set up security based on user roles.
A user's access to applications, forms, table columns, data sources, and so on is based on one or more roles to which the user is assigned.
This table summarizes the steps an administrator must perform to set up roles for users:
Administrative Step |
Applications Used |
Forms Used |
Tables Used |
|---|---|---|---|
Populate the User Profile table with roles that are stored in UDC H95/RL during Roles Phase I. |
R89959211, R89959212 |
Not applicable (NA). |
F00926, F0092 |
Run an application to populate the Role Relationships table. |
R8995921 |
NA. |
F0092, F95921 |
Create roles. |
P0092 (User Profile Revisions) |
W0092A (User Profile Revisions); Form exit from the Work With User Profiles form (W0092D). |
F0092 |
Sequence the roles. |
P0092 |
W0092L (Work With Role Sequences); Form exit from the Work With User Profiles form. |
F00926 |
Create role relationships that associate users with roles. |
P95921 (Role Relationships) |
W95921A (Work With Role Relationships). |
F95921 |
Add security to roles. |
P00950 (Security Workbench) |
Various, depending on type of security to be applied to each role. |
F00950 |
The Portal, Solution Explorer, and EnterpriseOne clients use the role relationships data in the F95921 table (Role Relationships) and various APIs to retrieve data and allow users to have assigned roles.
You use EnterpriseOne to administer defined roles for which you have created role relationship records. You can add large numbers of roles to a single user, and you can add large numbers of users to a single role relationship record. You can also use EnterpriseOne to specify the language that is used for the description of a new role.
After you have created one or more role relationships for a user, you can revise the relationships. Role relationships are revised by removing an assigned role or by changing the expiration date for an assigned role. You can also exclude an assigned role from *ALL or add a role to *ALL that was previously excluded.
In addition, you might want to delegate one or more of the roles to another user if a particular user will be unavailable. When you delegate the role relationship records, you can copy existing records to another user. You cannot add role relationships to another user unless those roles are already assigned to you.