Setting Read, Create, Edit, and/or Delete Access to Records
Issues: Users assigned to a role do not have the required access to read, create, edit and/or delete a specific record--or assigned users have access to one or more functions they should not.
Troubleshooting Tips:
Users are able to Read, Create, Edit and/or Delete a record if the proper authorization is set up on the related policy screen. For example, users assigned to a role are able to open the Holiday screen and Read records, Create new records, and Edit existing records because the access for these functions are set to Yes. They cannot Delete a record because that function is set to No.
- Check the Employee record>TCS screen>Employee Authorization Information Card to view the policies assigned to an employee, and to determine the role granting access to that policy.
The Employee Authorization Information card displays the policies and roles assigned to an employee. This card is found in the TCS screen in the employee record.
Note: If this card is not visible, it can be added to the TCS by going under the Preferences section>My Preferences card>Time Card Screen and dragging the Employee Authorization Information card to the Selected column.
- Run the Authorization Control report for the specified role to view the details, including the level of override allowed.
- If users do not have the required authorization level for the required functionality:
- The user can be assigned to another role with the required functionality access. More About Adding An Employee Role
- An existing non-standard role can be updated to grant the required access. More About Updating an Existing Role
- Remember that any changes to a role will update the access for ALL employees assigned to that same role.
- Standard roles cannot be edited--a new role must be created and modified.
- A new role can be created which has the required access and assigned to the user. More About Creating New Roles
New roles can be created by adding a role or by replicating an existing role that has most of the required attributes, and then modifying it to change the access.
- For more information on creating a new role, see Steps for Creating a New Role.
- A replicated role can also be replicated again, and modified to create another role with different attributes. For more information on replicated roles, see Steps for Replicating a Role.
Setting the Allowed Functionality:
In the example below, the Holiday screen is being set for users to be able to read, edit and create records. They are not allowed to delete existing records.
- From the Configuration section>System card>Role screen, open the record to be updated, or create a new role.
- Click on the Authorization Controls button in the left pane.
- Expand the folders in the Authorization Policy Hierarchy to find the screen or policy to be updated. Note: In order to access a specific screen, the user must grant access to each of the levels above the selected screen. In the example below, the users are first given access to the Configuration Section and then the Assignments Card. The Holiday screen is then available to set up by selecting the Add button to the left of the record. More About Setting up Access to Parent Structure Levels
The steps to set up the access to parent structure levels are as follows:
- From the Configuration section>System card>Roles screen, locate and open the Role record to update.
- Select the Authorization Controls button in the left pane to access the Authorization Policy Hierarchy tree.
- In the Authorization Policy Hierarchy tree, highlight the Root level. The Section options are displayed in the right pane.
- For the parent Section record, click on the Add button to add this policy to the role. The button action is changed to Remove. In the example below, the Configuration Section is made accessible to this role.
- In the Authorization Policy Hierarchy tree in the left pane, highlight the parent Section option. The related Card options are displayed in the right pane.
- For the parent Card record, click on the Add button to add access to this card to the role. The button is changed to Remove. In the example below, the Assignments Card is made accessible to users in this role.
- In the Authorization Policy Hierarchy tree, highlight the parent Card of the policy to be viewed. The related Screen options are displayed in the right pane.
- For the parent Screen record, click on the Add button to add access to this card to the role. The button is changed to Remove. In the example below, the Holiday screen is made accessible to users in this role.
- Open the policy record by clicking the card arrow on the record.
- For each function, set the value to Yes or No by clicking on the arrow to the left of the field and then selecting the setting.
- Save the record.