There are 3 levels of data access control within the Maintenance Application of time@work and expense@work. This article summarises how these are controlled.
Users can be limited to specific system screens and procedures using Access Profiles.
Users can be limited to specific functions within screens and procedures using Access Profiles.
Users can be limited to particular Employees, Clients, Projects and Value Tables using Data Access Categories and Values.
A User can be associated with a particular Access Profile.
Within an Access Profile you can specify Access Rights (Create, Edit, Delete) for each system screen or procedure.
Data Access Categories & Values
Employees, Clients, Projects and Value Tables (the four most sensitive tables in the system) can be classified in whatever ways you want, and access can be granted to Users based on these classifications.
For example you might classify Projects by Department.
First you must set up a Data Access Category:
You must then set up some values for this Data Access Category.
– Services Delivery
– Services Sales
And then specify for a User the Data Access Values to which he/she has access:
Before you can mark each Employee, for example, as belonging to one of these values you must switch on Data Access Control for the Employee table.
You can then associate each Employee with a value:
You may set up any number of Data Access Categories and Data Access Values.
As long as there is one value in one Category to which a User has access then that record is accessible to the User. It is not necessary for there to be an ‘accessible’ value in all existing Data Access Categories.