Restrict Data Accessibility using Generic Inquries

Hi Everyone,

In this article I want share with you one more idea of how can you use Acumatica Generic Inquires.

Acumatica Generic Inquires

Generic Inquires in Acumatica is key part of reporting and have plenty of usage examples:

And many others. Today I would like to add here scenario with restricting access right to data based on custom filtering conditions in the Generic Inquiry.
 
Lets assume we have two departments who is using opportunities for Products and Services. But we would like to disallow them see opportunities of each other.
Acumatica Generic Inquires
 

Acumatica does not have data level security for opportunities, so we need to use other ways:

To set this up without GIs lets do following:
 
  1. Create 2 generic inquires for Products and for Services. Filtering conditions are embedded in GI on the conditions tab.
    1. Productsinquires for Products
    2. Servicesinquires for Products
  2. Each GI is added to Sitemap and Linked with Opportunities screen
  3. We also add ability to insert new Opportunity from GI with default value – SERVICE or PRODUCT to opportunity class depend on inquiry name.
    1. Services inquires for Products
  4. Now we also want to restrict user from selecting Opportunity and Class manually using access rights. Using the same access rights we disable navigation buttons.
    1. Access Rights inquires for services
  5. Next step is to restrict access rights for Services and Product team to appropriate generic inquires.
    1. Access Rights inquires for services
  6. Finally we are ready to test it. I’m going to login as user who works only on products.
    1. I can see only Product related opportunities.
      Access Rights
    2. I also can drill down but cannot select anything else except allowed.
      Access Rights
    3. If I create new opportunity than services type will be populated automatically from generic Inquiry settings.

Done. Now you can split work of your teams and restrict data visibility with generic inquires even if there is no data level security configurations. Nice thing that it can be done without any customization at all.

Few tips and issues you may face during this configurations:

  • If you revoke access rights from Opportunities screen at all than users from services/product team cant be able to drill down as entry screen is not accessible. So better to put GIs in separate folder or add opportunities screen to hidden section of sitemap to hide it but not disable.
  • If you have issue with “Back” button from data-entry screen to GI, than try to set “Replace Entry Screen” parameter on GI configurations and than override it with another GI. In my case after that manipulation back button used to work correctly.

Warning!

This design is not real restriction. Even you cannot see some data using UI elements, you still can open hidden data using Browser URL To have a real restrictions you will have to apply it on the code level.

Have a nice configurations!

4 Replies to “Restrict Data Accessibility using Generic Inquries”

  1. Thanks Sergey. I’d included the limitation from comments into the article itself, since it could be big deal and some people don’t read comments especially if it appears to be working from the first try.

  2. Tim,
    That is true, most probably they can. It is not real data restriction. They also can export it with generic inquires or import scenarios if they have access
    and they will see all opportunities in selectors related to opportunity.
    But this is the way how can you split work between departments without customization.

  3. Even though you can't use the magnifying glass lookup on the Opportunities screen, what would prevent someone from putting a random opportunity ID in the URL of the Opportunities screen? I think they still could right?

Leave a Reply

Your email address will not be published. Required fields are marked *