Access Control

Access Control

There are key access control constructs that enable you to manage data access and functionality that is available to users:

Privilege

Ability to perform an operation. For example, View Users is a privilege that enables you to view user information.

Scope

Where an operation can cause an effect. For example, CorporateHQ scope indicates that an operation can alter information for corporate headquarters.

In the Procurement application, there are the following types of scope:

User

Operate on their own information.

Buying Organization

(BORG)

Operates on:

Their own information, and

Information for users in their Buying Organization.

Super-Buying Organization

(SuperBORG)

can operate on:

Their own information,

Information for users in their Buying Organization,

Information for users in child-organizations of their Buying Organization,

Users in children of those child-organizations,

And so on.

Enterprise

can operate on information for an enterprise, and all items in an enterprise.

User	Operate on their own information.
Buying Organization (BORG)	Operates on: Their own information, and Information for users in their Buying Organization.
Super-Buying Organization (SuperBORG)	can operate on: Their own information, Information for users in their Buying Organization, Information for users in child-organizations of their Buying Organization, Users in children of those child-organizations, And so on.
Enterprise	can operate on information for an enterprise, and all items in an enterprise.

Role

A Role is a set of privilege and scope combinations. A role represents a set of actions that a particular job or position requires. For example, the Branch Administrator role may require the ability to review purchase orders for several buying organizations.