Skip to main content

User Groups

You can set permissions for several users together using groups.

Each user belongs to one or more groups. Each group specifies the functions that members of the group have access to (and may also specify functions that members of the group are denied access to).

You can define the permissions on a group by building them up from the permissions on other groups. This means you can create sub groups that give access to related functions, and list the appropriate sub groups on each "main" group. See Main Groups and Subgroups.

You can specify groups of functions, using wildcards, to provide a "broad brush" set of access permissions; you can then "fine tune" this by specifying additional functions to which the group has or does not have access.

For example:
You might set up a group for people using Accounts Payable, allowing them access to all except the Maintenance, Administration and Set-up options. Everyone who belongs to this group would, by default, be able to access these options. You might have one user in the group who only needs to use the inquiries options, so you would restrict the individual access for that user. You might also have a supervisor, who needs access to the Maintenance, Administration and Set-up options, so you could extend the individual access for that user.

Prime Groups

Each user is assigned to a prime group. In conjunction with the user's security level, this controls whether the user has access to reports and batches created by other users. You have access to another users' reports and batches if:

  • that user's prime group is included in your group list, and

  • your security level is higher than the other user's security level (or the security levels are equal, if the SY parameter EQUACESS is set to Y).

Because of this, we recommend that you have separate groups for data access (batches and reports) and for function access.

Did this answer your question?