There are several kinds of permissions in Q360 that allow you to control user access to locations and resources in the system.

For a complete list of permissions and descriptions, check out the User Permissions Reference Page.

To learn how to assign individual and group permissions, refer to Assign User Permissions.

User ID Permissions

These are the individual permissions that are either automatically added when assigning group permissions for a user, or they can be individually assigned as needed.

UserID permission are administered in the Maintenance > User Maintenance > Permissions/Groups tab > User Permissions grid.

In the User Permissions grid, permission types (View, Create, Edit, Delete, Exec) are colorized based on the following:

• Green – Permission is already granted because the user has a group permission with that access
• Blue – Permission is automatically granted to ADMIN type users

ADMIN type users are automatically granted all permissions, except for the following:

• INVOICECHG
• VOUCHERCHG
• TIMEBILLDB
• WORKFLOWSQL
• LIVEDATASQL

For a complete list User ID permissions, see the topic All User Permissions.

 

Group Permissions

Because there are an extensive number of user permissions in the system, Group permission combine sets of permissions based on users roles within an organization. Group permissions are essential for assigning and updating access for groups of users consistently and accurately.

Group permission are administered in the Maintenance > User Maintenance > Permissions/Groups tab > Group Maintenance grid.

 

Live Data Report Permissions

To allow users and groups access to the various Live Data reports in the system, permission must be assigned within the reports themselves. There are multiple ways in which access can be granted.

Live Data permissions are administered in the Live Data > Live Data Reports > Permissions tab.

• In Permissions tab > Users grid you can assign access to a report to a user by name or a group
• In Permissions tab > Permissions grid, you can assign access to users that have access to a specific permission and type. For example, an accounts receivable report can be designated to users who have the permission INVOICE create, edit, and delete permissions, but exclude users who only have access to the INVOICE view permission.

In order for users to view the Live Data Reports > Design SQL option that displays data sources, access to those data sources must be configured in the Maintenance > User Maintenance > SQL Designer Perms tab.

 

Dashboard Permissions

To allow users and groups access to the various Dashboards in the system, permission must be assigned.

Dashboard permissions are administered in the Maintenance > Define Dashboards. This option is only currently available in the windows client. Open the dashboard you want to view and add the users or groups in the Tool Bar tab. This displays the Dashboard main menu for the user as well as the granted dashboard. Without any dashboards assigned, users will not see the Dashboard menu display.

External User Permissions

For users that are external to your company such as customers, you can grant limited access to various areas from the web client only.

External User accounts and permissions are administered in the Maintenance > External Users.

For more information about External User permissions, see Setting Up External Users.

 

Workflow Permissions

To allow users and groups access to the various workflows in the system, permission must be assigned within the workflow themselves.

Workflow permissions are administered in the Workflows > Workflow Definitions > Permissions tab. In Permissions tab. From here, you can assign access to a report to a user by user ID or a group.

 

Field Permission Level

Access to fields within a form can be administered at both the group and individual user level. 0 is the lowest level of access and 9 is the highest, and by default most fields are set to 0. A use case example would be a scenario where all users within the HR group can be granted access to the Employee form but some users might not be allowed access to Salary Amount field.

The following locations are used to administer field permissions levels:

• Q360Admin > File > Database Maintenance > Data Dictionary. Form field permissions levels (0-9) are defined in the View and Edit columns.
• Windows client: Maintenance > User Maintenance form > User Perms tab > Field Permission Level field. The permission level can be set for both User Type USER or GROUP.
• Web client: Maintenance > User Maintenance > Field Perm Level field. The permission level can be set for both User Type USER or GROUP.

In the above example, the administrator might set the Data Dictionary, Employee form View and Edit columns for SALARYAMOUNT to 9. The user group HR could be setup to provide a default permission level to the Salary Amount field with 0. Then for each User ID requiring view and/or edit access to the Salary Amount field, a User ID permission for HREMPLOYEE would be set with the field permission level 9. Users prohibited from viewing and editing the field would be automatically granted a field permission level of 0.