In an organization, there are segregated responsibilities and activities for all involved parties (Employees) to keep the machine (Company) oiled (Operations) to ensure success. The operations of the business needs different departments with diverse roles working together to perform different tasks for the holistic success of the business.

Most organizations use role-based access control to provide their employees with varying levels of access based on their roles and responsibilities. This protects sensitive data and ensures employees can only access information and perform actions they need to do their jobs. Sage 200 Evolution has a detailed role-based access control functionality which can be implemented via Administrative Access to assign user permissions and responsibilities to individual agents and agent groups.

This blog explores the setup for access permissions for individual users, groups and other options regarding access permissions.

 Ways to Manage Access

Agents with the same responsibilities can be grouped and access controlled per Agent group.

Permissions can be assigned by access permissions and/or system tree for both Agent and Agent groups. When a module or node is removed from the system tree of the agent, the module/node will not appear on their system tree. When access is removed from access permissions, the module/node will appear however access will be blocked for functionality.

Important:

The Admin agent and the Administrators agent group do not have the Access Permission tabs on their records, as they have access to the whole system.

Navigate to Administration | Agent Administration | Agents /Agent groups

Edit agent or agent group.

 Access Permissions

Access permissions are set at the agent group and agent level, using the Access Permissions tabs of these functions. Access permissions determine the tasks agents can or cannot perform.

On the screenshot below, there is a checked, shaded, and unchecked box, see below for an explanation of their meanings.

Shaded - access is set at a higher level (Agent group)

Unchecked - access is off

Checked - access is on

When assigning access on the agent level, keep in mind whether the agent is linked to a group or not. Where possible, use the default states rather than customizing functions at every level. It will make your access level maintenance far simpler.

Example:

Looking at the screenshot below, agent ‘Monica Jansen’ is not permitted to delete or save grid on the Inventory warehouse transfer batch. However, agent can edit batch properties. For processing the batch, the agent will have access if not linked to an agent group. If the agent is linked to a group, the group access permissions take precedence.

System tree

The system tree can be customized to simplify the display of program options for agents. This also lets you prevent unauthorized access to transaction, report, and enquiry options by these agents.

A different mechanism is used to control how agents access master file maintenance screens. The reason is that whenever an agent uses a master file record, such as a customer or supplier record, the data entry field allows authorized agents to access that master file's maintenance functions.

You can customize the system tree at different levels:

System Tree - This customization is the default for every agent in the company.

Agent Group - This applies to each agent who belongs to the agent group. If an agent belongs to more than one group, the system will merge each group's custom system tree, if there is one, into a single system tree for the user.

Agent - You can create a system tree for an individual agent.

More details are offered on the help menu for a deep dive into Revert, Rebuild, Default, Insert Standard Node and more. You can access the Help menu on this function by pressing F1 on the keyboard for more details.

Other Access Control Options

There are various other permissions and access controls which can be implemented at agent or agent group level. Refer to the image below with a description of these permissions and controls.

Options tab

Incident options

Accessible Document categories and category groups

Accessible Incident types and type groups

Accessible process flows

Retail/Point of Sale tab

Discount maximum percentages

Supervisor agent

Visible Item Details

Defaults tab

Customer discount percentage limits

Accessible Sales reps and Projects

Accessible Warehouses for Purchases, Sales and other transactions

Accessible customer and supplier groups

Batch defaults tab

New Cashbook and Journal batch permission defaults

Purchase Order tab

Authorizations