AX2578

The Everyone role

The Everyone role is a built-in role for each Axiom Budgeting and Performance Reporting system. The purpose of this role is to define security settings that apply to every user in the system. All users automatically belong to the Everyone role.

The Everyone role has the following default settings:

• Document reference tables. When a new document reference table is created, the Everyone role is automatically granted full read access to that table. This permission grants all users the right to query the data in document reference tables. In most cases, this is the desired level of rights. If you have some particular document reference tables that you do not want every user to have access to, then you can do one of the following:

  • Modify the Everyone role to remove access to those tables, and instead grant access directly to specific users and roles.

    OR

  • Leave the Everyone role at the default of full access, and instead modify certain users to ignore role inheritance for that table.

• On-demand file groups. When a new on-demand file group is created, the Everyone role is automatically granted the Create New Records permission for that file group. Effectively, this means that any user who also has access to plan files in the file group will also have permission to create new plan files. If you do not want this behavior—meaning that you want some users to be able to access plan files in the file group without being able to create new plan files—then you can remove the permission from the Everyone role and instead grant it to individual users and roles as needed.

• Startup task panes. By default, the Everyone role is configured to open the Explorer and Process task panes on startup, as non-closeable task panes. You can modify the Everyone role to remove any of these task panes, and instead grant access directly to specific users and roles (or do not grant access to anybody, if you do not want to use these task panes at all). Only the Explorer task pane will open automatically for all users; the Process task pane only displays when it is relevant to the user.

  NOTE: In systems with installed products, your Everyone role may have been modified to not open these task panes on startup, and instead open different task panes.

• Startup ribbon tabs. By default, the Everyone role is configured to open the Axiom and Axiom Designer ribbon tabs on startup.

  • The Axiom ribbon tab shows for all users and provides the default menu for the Desktop Client. You should not remove this tab from the Everyone role unless you have created one or more custom ribbon tabs that you plan to assign to the necessary users and/or roles instead.

  • The Axiom Designer ribbon tab is limited to administrators only. You can modify the configuration of the startup file so that it displays to other users, or you can remove it from the Everyone role and instead grant access directly to specific users and roles (or do not grant access to anybody, if you do not want to use the ribbon tab at all).

  NOTE: In systems with installed products, your Everyone role may have been modified to not open these task panes on startup, and instead open different task panes.

If desired, you can modify the Everyone role to grant additional rights to every user. Any right granted at the Everyone level will be inherited by every user, except for rights that have been overridden at the user level. Subsystem restrictions, if applicable to the user, still apply.

Note the following about the Everyone role:

• The Everyone role cannot be renamed or deleted. The security settings for the role can be modified in either the Security Management dialog or by using Open Security in Spreadsheet.

• Users cannot be explicitly assigned to the role, nor can they be removed from the role. All users permanently belong to this role.

• The Everyone role is not recognized by GetSecurityInfo("InRole") or when querying security tables via Axiom query. It is assumed that all users belong to the role; therefore it is not listed as a role assignment.