Possible, but not recommended unless you do not care about the future possibility that maintaining the Sage X3 may be passed back to you for future scalability work.

I am currently fixing this problem started by an initial implementer cutting corners by using row-level permission for 200+ users manually.

Just make the custom function profile for the certain users and charge accordingly per function profile effort.

Do take note of the hard limit of row-level permission entry limit per user. I had to cancel a change due to this since I need to cover up to 15 sites x 5 row level permission codes which by then better to just make a customized function profile in the first place and cleaning up 100 users affected by this change.

Thanks for the answer. I will go that route then.

I have one more question if you can answer. Is there a way to save customized access and options that were set when I merged the old profile to the new profile. It seems the access and options to functions gets defaulted back when I go to Addition - Recall - Force Cancel and replace with the new site/site grouping on the new profile.

Develop an import/export template based on AFP (functional authorization) object:  RE: Importing 100 function profile's functional authorization 

Any mistake, go to Microsoft/Oracle SQL Server to delete.

Thank you all your help! Will look into this

Hi,

For this type of situation, in a company with many users and companies (example 1500 users, 20 profiles and 100 companies), we've created a custom function to manage users and access rights more simply. 

The combination of site/company and function is generally too elaborate for the basiic need. 

Example: An accountant at company A should have the same Function profile as one in company B. 

This approach has several advantages: it's much more efficient, easy to maintain, reduces the number of profiles and makes it easy to tell who has access to which company. You no longer manage access to the site on the Functional authorization but directly on the user.

The only thing to do is to add an entry point on EXEFNC script to control access to sites (and default site) : 

#<AdxTL>@(#)0.0.0.0 $Revision$
$ACTION
Case ACTION
  When "AUTORIS" : Gosub CT_SITE
  When Default
Endcase
Return

$CT_SITE

Local Integer I
[L]I = 0

# Sites access
If clalev([F:YAUB])=0   : Local File AUSRBPR    [YAUB] : Endif
If clalev([F:YAFC])=0   : Local File AFONCTION [YAFC]  : Endif

Read [F:YAFC]CODINT=GFONCTION
If !fstat
  If [F:YAFC]FCYAUZ = 2 and !find(GUSER,"ADMIN")

  For [YAUB]AUB0 Where [YAUB]USR = GUSER and [YAUB]ROL = "FCY"
    [L]I += 1
    GUSRFCY([L]I) = [YAUB]BPR
  Next YAUB

  If [L]I > 0
  GNBAUZ = [L]I
  Endif

  Endif
Endif

# Defaut site
If clalev([F:ZAUS])=0    : Local File AUTILIS    [ZAUS]  : Endif
Read [F:ZAUS]CODUSR=GUSER
If !fstat and dim([F:ZAUS]ZGFCYDEF)>0 and [F:ZAUS]ZGFCYDEF <> ""
For [L]I=0 To 15
  GFCYDEF([L]I) = [F:ZAUS]ZGFCYDEF
Next
Endif

Return