Acumatica ERP Secuirty Training - Part 1 -Concepts and Definitions
May 6, 2019
How to Set Up User Security in Acumatica ERP
Concepts Covered
Roles
Users
Access Rights
Most Permissive
Levels of Access Rights: Revoked, View Only, Edit, Insert, Delete, Granted, Inherited. Not Set (How“Not Set” works)
Built-in roles
Administrator - A user with this role has full access to all system objects, and any access restrictions to system objects are not applied to this role. Therefore we recommend that you assign users to this role only during initial system setup so they can define roles and enter users. Then assign the role only in extraordinary cases. We recommend that you create a user role for system administrators with access only to Acumatica ERP suites and modules that are used for configuration and management of the system.
Anonymous - This role is reserved for system use.
Dashboard Designer - The system automatically designates this role as a dashboard owner role for dashboards that were created in previous versions of Acumatica ERP. We recommend that you create specific roles for users who should own particular dashboards. For details, see Dashboard Pages.
BI - A user with this role can access the BI Views—that is, the pre-configured generic inquiries that are exposed through the OData protocol, such as BI-Opportunities. For more information, see OData Support.
Customizer - A user with this role can customize Acumatica ERP applications. For details, see To Assign the Customizer Role to a User Account
Field-Level Audit - A user with this role can view the audit trail directly from an audited form. For details, see Management of Access to Field-Level Audit Functionality.
Guest - This role is used for backward compatibility.
Internal User - A user with this role can change personal settings, and view Help. It is automatically assigned to all user accounts linked with the Employee user type.
Portal Admin - A user with this role can access the Acumatica Self-Service Portal Configuration suite and configure Self-Service Portal. For more information about Acumatica Self-Service Portal, see Self-Service Portal.
Portal User - A user with this role can access Self-Service Portal. You should assign this role only to contacts who must have access to Self-Service Portal. For more information about Acumatica Self-Service Portal, see Self-Service Portal.
Report Designer - A user with this role can publish reports in Acumatica ERP. Any user can create reports in Report Designer, but for publishing reports in Acumatica ERP, the user needs to be granted this role.
Wiki Admin - A user with this role can set other users’ access rights to wikis. For details, see Wiki Access Management.
Wiki Author
Administrator
BusinessDateOverride: A user with this role can change the business date in the info area of Acumatica ERP. This role appears only if the Secure Business Date feature is enabled on the Enable/Disable Features (CS100000) form. For details, see To Change the Business Date.
Data Privacy Controller: A user with this role has access to the compliance tools for General Data Protection Regulation. For details, see Handling Personal Data.
Financial Supervisor: A user with this role can post to closed financial periods, while all other users are not able to work with these periods (when the Restrict Access to Closed Periods check box is selected on the General Ledger Preferences (GL102000) form). A financial supervisor can also reopen Closed periods and unlock Locked periods.