Authorization Groups are designed to contain authorizations for a group of users and then attached to each user. When the need to update the authorizations arise, the authorization group can be updated instead and this will automatically flow through to the user(s) attached to it.
Authorizations are the second control (after the license type itself) that determines whether a user has access to a particular function in Orchestrated. For example: if you wish to block a user from having the ability to print or void checks, you may set this up under the authorization group, and then attach this group to the user.
For more information on how to set up authorizations on a per-user basis, see Setting Authorizations.
NOTE: We strongly suggest that you only make one or two changes at a time, then test and verify that these settings work. Making too many changes at once can make it harder to troubleshoot an issue if a user has access issues.
Also, authorizations are cumulative so the user's authorizations themselves must be set to "no authorization" when authorization groups are used. If the default of "Full Authorization" is not changed, this user will have authorization to everything, regardless of the authorization group settings.
- Go to Administration->System Initialization->Authorizations>General Authorizations
- Click on the "Groups" tab
- Highlight the authorization group you wish to adjust*
- On the right hand window, expand the options (set up by module or "Subject") to grant "Full Authorization", "Read Only" or "No Authorization"
- You will want to expand the modules to restrict appropriately
- Once the Authorization Groups are set up, you will then need to attach users to the groups themselves. This can be done in one of two places:
- Directly on the user (Administration > Setup > General > Users)
- By attaching multiple users at once on the Authorization Group itself (Administration > System Initialization > Authorizations > Authorization Groups)
*Note: to create additional Authorization Groups, go to this same location (Administration > System Initialization > Authorizations > Authorization Groups) to "Create Group."
An example of authorizations would be to give the production team access to all functions related to production & inventory, with read-only access to Items, BOMs, POs., and no authorization to financials and banking.
- Only a Super User or Power Users with the proper authorizations will be able to make these changes
- Some authorizations are dependent on others, you'll want to review the How To Authorizations file to see how it will be affected
- You can copy authorizations from one user to another by pressing and holding down the user code for one user and dragging it onto another (this is useful if two users preform the same or similar job functions)
- If you don't know what user code is associated to which user, go to Administration->Setup->General->Users. In the new window, switch to find mode with the binoculars on the menu bar. Then type in '*' in the User Code field and press Find. That will bring up the User Name associated with the User Code (See Screen Shot)