Defining application permissions

The following methods of defining permissions are available:

• In Role Templates - this is the preferred method for granting users or groups application permissions.
  Note:

  • Both application permissions and ACLs are included in the role definition process. When a role is assigned to a user or a group on any business entity or security context point, that user or group automatically acquires the application permissions defined in that role template.
  • When a user or group is assigned multiple roles, the user or group accumulates the application permissions that are defined in the various roles. Application permissions are granted by the role (not the security context point) and apply in all situations where the user has the correct ACL access. For example, users with Read permission to Business Entities and the Audit Trail application permission are able to view the Activity tab for those Business Entities.

  For more information, see Role templates.

• As part of an organizational group definition - this method is provided for backward compatibility for upgrade customers and for administering system-wide organizational groups. Organizational groups can be created under the Workflow, Reporting and Others root folder on the Users, Groups and Domains page. For more information, see Creating an organizational group.