What is user authorization? How to enable privileges and lock modules in ERP software? How to deny access to modules in ERP?
By definition that I snitched from Wikipedia, Authorization is the function of specifying access rights/privileges to resources related to information security and computer security in general and to access control in particular. More formally, “to authorize” is to define an access policy. For example, human resources staff are normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authentication) shall be approved (granted) or disapproved (rejected). Resources include individual files or an item’s data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer Software and other Hardware on the computer.
In most systems, in ERPAG as well, there are 3 main types of users:
• Customer portal.
Admin has full access. Access to everything. Each and every module, price, option, each corner of the software. In the system, there has to be at least one Admin. One Admin to rule them all, one admin to limit them. One admin to assign them privileges and access to ERPAG.
Operator and Customer portal have limited view/access.
Customer portal (B2B) portal is used to enable your customers to access the software you use, to have an insight into your inventory and place orders themselves. These orders go straight to your sales orders list, so you are free of all the hassle of ordering by phone and mishearing something (What, I thought I ordered 5 dozen Karen, not 50!).
For operators, there are 3 settings:
1. Full access (access everything you allow them to);
2. Read-only (they can see the document, open a document, but they can’t edit the document);
3. Denied (the unchecked modules/reports/document lists won’t even be visible to them).
User authorization for operators
Edit: Another user – allows them (or doesn’t) to edit documents that other user(s) created. For example, Mike can’t edit the document that Karen created.
Edit: After an hour – this forbids operators to edit documents after an hour has expired. This is a great feature if you want to give them a time limit within which they can alter the quantity or price. Well, Karen, you had an hour to reduce the price, it’s your fault you took a long lunch break!
Edit: Selling price – forbids/allows operators to edit selling price in sales orders, invoices or products.
Edit: Rebate – forbids/allows operators to edit rebate (discount) in sales orders and purchase orders.
Edit: Purchase price – same as with selling price, this option forbids/allows operators to edit the purchase price in documents or products.
Edit: Terms of payment – forbids/allows operators to edit terms of payment in documents, customers, or suppliers. This means that if and Admin assigns NET 7 as a term of payment, the operator can’t change it to be NET 30 (for example).
Edit: Cost per hour – enables/disables the operator to edit cost per hour for work operations in work orders.
Edit: Estimated cost – enables/disables the operator to edit estimated cost in work orders.
Search scope: All suppliers – by disabling this option, the user will only see the items that can be purchased from the selected supplier in the PO. With this option, the search scope for the products that can be selected in the PO is limited to the items appearing in the supplier’s price list.
Show: Purchase price – by disabling this option the user won’t be able to see the purchase prices in any documents (supplier invoices, purchase orders, purchase report etc.). Note that they can still see the prices from journal vouchers in the accounting module, so you might want to lock that option too.
This option limits users to see the items, documents and create documents only from specific warehouses. In case you have multiple warehouses: A and B, and you allow your operator only to see warehouse B, in that case, each purchase order, sales order, work order, that is generated for warehouse A won’t be visible to your user.
When you limit shelves to your users, they will only be able to sell items from those shelves. In ERPAG, one item can only belong to one shelf. If you are selling clothes, for example, you will stock your dresses on shelf A, your shirts on shelf B, your handbags on shelf C. With shelf authorization you can limit your operator to only sell certain products from the selected shelf. If you assign only shelf C to Maria, she will only have handbags in her dropdown menu when she is creating a sales order.
With this limitation, you are enabling your operator to see certain bank account reports or to record payments to specific bank accounts. If you have Stripe and PayPal, and you lock PayPal for Elena. She will be able to only record payments on Stripe.
With this option you can easily hide entire business year from your operators. This will hide every document and journal voucher generated in deselected year.
Locking up entire modules (sales, purchasing, inventory, manufacturing, accounting, mobile app, administration) will hide the button from the left-hand menu. To lock-up entire module you need to uncheck each box to be ‘Denied’ in the module.
If you want to partially lock the module, you just need to uncheck the boxes in front of the features you don’t want to be visible. You can leave just reports to be visible in the sales module, instead of the entire sales order list, webshops, quotations, POS etc.
You can even prevent your employees from importing new products by making import options non-visible to them just by unchecking the boxes in the administration panel.
Note that in some cases users can reach specific data with a workaround. For example, they can find out the selling price by opening the Sales Report, or opening a corresponding journal voucher for that Invoice/Sales Order. So always make sure you locked each and every way of finding out the data you want to hide.
ERPAG will automatically recognize your IP address and populate the ‘Your current IP address’ field.
You can block connection from other IP addresses by simply entering them in the box, and allow only specific IP addresses, again by entering them in the corresponding box. This filter comes in handy In case you want to forbid your users from logging in outside the company (for example from their home).
Important note: If your ISP assigns a dynamic IP address, which changes from time to time, then you won’t be able to use this option.
2019. ERPAG Inc