Monday, 27 November 2017

Restrict Data Accessibility using Generic Inquries

Hi Everyone,

In this article I want share with you one more idea of how can you use Acumatica Generic Inquires.
Generic Inquires in Acumatica is key part of reporting and have plenty of usage examples:
And many others. Today I would like to add here scenario with restricting access right to data based on custom filtering conditions in the Generic Inquiry.

Lets assume we have two departments who is using opportunities for Products and Services. But we would like to disallow them see opportunities of each other.
Acumatica does not have data level security for opportunities, so we need to use other ways:
To set this up without GIs lets do following:
  1. Create 2 generic inquires for Products and for Services. Filtering conditions are embedded in GI on the conditions tab.
    1. Products
    2. Services
  2. Each GI is added to Sitemap and Linked with Opportunities screen
  3. We also add ability to insert new Opportunity from GI with default value - SERVICE or PRODUCT to opportunity class depend on inquiry name.
    1. Services 
  4. Now we also want to restrict user from selecting Opportunity and Class manually using access rights. Using the same access rights we disable navigation buttons.
    1. Access Rights 
  5. Next step is to restrict access rights for Services and Product team to appropriate generic inquires.
    1. Access Rights 
  6. Finally we are ready to test it. I'm going to login as user who works only on products.
    1. I can see only Product related opportunities.
    2. I also can drill down but cannot select anything else except allowed.
    3. If I create new opportunity than services type will be populated automatically from generic Inquiry settings. 
Done. Now you can split work of your teams and restrict data visibility with generic inquires even if there is no data level security configurations. Nice thing that it can be done without any customization at all.

Few tips and issues you may face during this configurations:
  • If you revoke access rights from Opportunities screen at all than users from services/product team cant be able to drill down as entry screen is not accessible. So better to put GIs in separate folder or add opportunities screen to hidden section of sitemap to hide it but not disable.
  • If you have issue with "Back" button from data-entry screen to GI, than try to set "Replace Entry Screen" parameter on GI configurations and than override it with another GI. In my case after that manipulation back button used to work correctly.
Have a nice configurations!

No comments: