webERP Forum

Full Version: howto "auditor" access permissions
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi, is it possible with the security model available to create a "read-only" user?

I would like to give someone, e.g. an auditor, the ability to view anything in the system in the system, but not be allowed to enter, edit, create, or modify anything.

So far, it seems Security Tokens 0 (Main Index Page) and 2 (Basic Reports and Inquiries with selection options) are sufficient, but can anyone say if this will be enough access to see everything? Does this not restrict enough?

Thanks,
Dale
Hi Dale, you can alter what reports and inquiries that user can see by changing the page security settings for individual scripts under the setup module. You can also remove (if there are any) any scripts you do not want the user to see. You can also set users so that they can view GL codes (either all or some) but not update them which would allow certain GL options to be available.

Thanks
Tim
Hi Tim, it's good to hear from you. I created a new "auditor" profile with security tokens 0 and 2 assigned to it, and created a new user with the "auditor" security profile assigned. I poked around the system and wasn't able to do any damage when logged with the auditor security profile. However, I'd like to be a little more confident and was hoping someone with more experience could say if there are any loopholes still open.

Dale
Reference URL's