AX2606
Configuring feature permissions (Permissions tab)
On the Permissions tab of the Security Management dialog, you can specify which features a user or role has access to. The Permissions tab works slightly differently depending on whether you are defining rights for a user or a role.
NOTE: If you are defining permissions for a subsystem, see Defining maximum permissions for subsystems.
Setting permissions for users
For users, each permission has three available settings:
-
Inherited: The permission is not set for the user. The permission is grayed out and the text "inherited from role" appears to the right of the permission name. If the user is assigned to a role, this permission can be inherited from the role.
-
Denied: If the Override check box is selected, but the Permission check box is not selected, this means that the user explicitly does not have access to the feature. The user will not inherit the permission from any roles.
-
Allowed: If the Override check box and the Permission check box are selected, this means that the user explicitly has access to the feature, regardless of any role settings.
By default, all user permissions are left unset and are inherited from any role assignments. If you want to override role inheritance and explicitly set a permission for the user, then you must select the Override check box and then leave the permission unchecked (to deny the permission) or checked (to allow the permission).
NOTES:
-
When a permission is inherited from a role, it displays the effective permission for the user. For example, if a user is assigned to a role that has the Administer Imports permission, and that permission is eligible for inheritance, then the check box for that permission displays as grayed out and selected. The name of the role from which the permission is inherited is also listed. For example:
-
If a user has administrator rights to the system, that user has all permissions. In this case, the permissions list is grayed out and cannot be edited, and all permissions display as selected. The text "user is an admin" displays next to the permission names.
-
If the user belongs to a subsystem, and the subsystem settings do not allow a particular permission to be granted to users in the subsystem, then the permission is grayed out and cannot be edited. The text "disallowed by subsystem" (including the subsystem name) displays next to the permission name.
Setting permissions for roles
For roles, the Permission box for each permission is either checked or unchecked. If a permission is checked for a role, then users who have that permission set to "inherited" will inherit rights to that permission when they are assigned to that role.
Permissions
The following permissions are available:
| Permission | Description |
|---|---|
|
Administer Announcements |
The user can create, edit, and delete announcements and announcement categories. The user must have access to a form-enabled file with an Announcements component in order to use this permission. |
|
Administer Axiom Explorer |
The user can access the Axiom Explorer dialog. The user's other security permissions determine what folders they can view within this dialog and what actions they can perform on them. NOTE: This permission has no impact on the availability of the Explorer task pane. Any user can use the Explorer task pane. |
|
Administer Exports |
The user can create exports in the Exports Library. The user must also have read/write permissions to at least one folder within the Exports Library (as configured on the Files tab), or else they will have no place to save their created exports. Execute permissions are also managed on the Files tab. |
|
Administer File Groups |
The user has general administrative permissions to all file groups. The user can:
NOTE: Generally speaking, this permission does not grant access to any files within the file groups, such as plan files, templates, and drivers. The user must be granted access to these files separately if the user is expected to manage or use these files. There are two exceptions: the user can delete any on-demand plan file using Delete Plan Files, and the user can restore any plan file when using restore points. |
|
Administer Imports |
The user can create import utilities. The user must also have read/write permissions to at least one folder within the Imports Library (as configured on the Files tab), or else they will have no place to save their created imports. Execute permissions are also managed on the Files tab. |
|
Administer Locked Items |
The user can remove file locks on documents and tables, and can remove save locks on Axiom forms. The list of locked items is limited to the files and tables that the user has some level of access to. The user cannot see or unlock items that the user does not have access to. |
|
Administer Picklists |
The user can administer picklist tables using the Web Client Table Manager. The user can create new picklist tables. For existing picklist tables, the user can edit table properties and delete tables (as long as the user has at least read-only permission to the table, otherwise the table does not display in the table manager). Administer Picklist users do not gain access to the table administration features in the Desktop Client. |
|
Administer Security |
The user can access and edit security settings for the current system. The user can also access security-related tools such as System Access and Logged in Users. The Administrator check box is not available to users with this permission. |
|
Administer Tables |
The user has general table administration permissions. The user can:
The user's read and write filters (as set on the Tables tab) are honored for purposes of viewing and saving table data. |
|
Administer Task Panes |
The user can create and edit task panes and ribbon tabs, as allowed by the user's folder / file access rights defined for the Task Panes Library and the Ribbon Tabs Library (as set on the Files tab). |
|
Administer Updates |
The user can apply product updates to the Axiom Financial Planning installation. |
|
Create Web Reports |
The user can create web reports and fixed row structures. The user must also have read/write access to at least one folder in the Reports Library in order to save any newly created web reports. This permission only controls creation of new web reports and fixed row structures. Users with the appropriate read/write access can still edit and delete existing web reports and fixed row structures. NOTE: Currently, this is the only report type with an explicit permission to control creation of new reports. For all other report types, any user can create a report as long as they have access to a location to save the report. |
|
Browse Audit History |
The user can view audit history for the system. NOTE: Users with this permission can see audit records for all changes, including changes made to tables that the user does not otherwise have access to. Use caution in granting this permission. |
|
Excel Client Access |
The user can launch and use the Axiom Financial Planning Excel Client. If the user does not have this permission, the Excel Client icon does not display on the Quick Launch menu or the default Home page. |
|
PowerPoint Add-In Access |
The user can launch and use the PowerPoint Add-In for Axiom Financial Planning. If the user does not have this permission, the PowerPoint Add-In icon does not display on the Quick Launch menu. |
|
Remove Protection |
The user can remove workbook and worksheet protections, for any Axiom file that the user can access. NOTE: Alternatively, you can grant unprotect rights for individual report files and folders on the Files tab, or for plan files on the File Groups tab. |
|
Scheduled Jobs User |
The user can access the Scheduler dialog for the purposes of working with scheduled jobs. The user can create jobs, edit jobs, run jobs, and delete jobs, as allowed by the user's folder and file access rights defined for the Scheduled Jobs Library (as configured on the Files tab of Security). For example, you might create a sub-folder for each user and only grant the user rights to that folder. The user can view the results of jobs that the user has executed. Other job history is not available to the user. The user cannot manage Scheduler servers, edit system jobs, or use other Scheduler administration features. NOTE: Generally speaking, task-level security is not applied to users with this permission, within the context of Scheduler. However, file-level rights are enforced. For example, the user can create and/or run a Process Plan Files task within a Scheduler job, even if the user does not have the Process Plan Files permission. But within that task, the user can only process file groups and plan files that the user otherwise has access to. |
| User Documents Folder Access |
The user can access a My Documents folder in their My Files section. The user can save files to My Documents. The user has read/write access over any file saved to this area. Typically this permission is only granted to power users who may need a place to save their own "personal" reports or an area to temporarily save "in progress" files. Administrators can access any user's My Documents folder. Other users cannot access it. NOTE: If a user has this permission and then later it is removed, the user's existing My Documents folder is not deleted; it is simply hidden from the user in Explorer dialogs. If desired, an administrator can delete the folder in |
|
Windows Client Access |
The user can launch and use the Axiom Financial Planning Windows Client. If the user does not have this permission, the Windows Client icon does not display on the Quick Launch menu or the default Home page. |
|
Word Add-In Access |
The user can launch and use the Word Add-In for Axiom Financial Planning. If the user does not have this permission, the Word Add-In icon does not display on the Quick Launch menu. |
NOTE: Generally speaking, if a user does not have rights to a feature, the menu item associated with that feature does not show on that user's ribbon tabs or other applicable areas.
