View source | Discuss this page | Page history | Printable version   

ERP 2.50:Developers Guide/How to define users roles privileges menus/it



The configuration of an application requires thought and preparation. Before you design your menu structure and role security it is important to understand the requirements of the system you intend to build. The following open questions can help you do this:

The definition of user, role, privilege and menu structure is like the chicken and the egg scenario; what comes first? There is no definitive answer here and perhaps the process is iterative. However, this guide starts with defining a role, as the roles are central to the whole configuration design. The guide assumes that you have designed and configured the organizations of your configuration separately to this section.

For your reference: configuration of users and roles is also discussed in detail in the configuration manual.

Creare un Ruolo

Once you have a plan the creation of users and roles is intuitive.

A good starting point is to define the roles in the organization and the privileges they require. Roles are really central to the whole configuration design as roles are mostly permanent while users are temporary. I.E. An example of a role may be sales clerk or warehouse manager, positions that will always be required, while the individual user who performs these roles may transfer to a different role I.E. Sales Clerk may become Sales Manager. To create a role navigate:

For more information see the AD_Role table description.

Assegnare un Privilegio a un Ruolo

You have now defined a role. The next stage is to assign privileges to that role.

This can be done directly using one of the element tabs or you can assign privileges indirectly by associating the role to a pre-existing menu using the 'Grant Access' button. The third option is to leave the 'Manual' checkbox unselected. This has the effect of assigning all exist privileges to your role. From production systems the only case in which manual is advised is for a super user.

Which way you assign privileges is entirely in your hands. The objective is to build a role which is efficient and effective. I.E. If the computer skill profile of the role user is basic, if speed of data retrieval/entry is important, if the number of functional tasks needed in the role is a < 6 then keep the navigation path of the role simple and use the direct approach to assigning privileges. These types of roles are targeting individual clerk level jobs that need to get done around the enterprise; sales clerk, packing, picking, shipping, manufacturing cells etc.

Each of these role can be individually customized for that particular job very easily. The trick is to ask the appropriated questions to the right people at a granular level during the customer interview process. In many cases this might mean interviewing the people who perform these roles while they are working to ensure your design is correct.

However, if the role is more complicated and the privileges assigned to it require some sort of categorization and organization then the indirect approach is better. Typically these roles require a higher level of computer skill and education; Managers, Analysts, Supervisors, Engineers, Administrators etc. Typically these types of employees are need to have access to many more privileges in some cases spread over several modules. To design these type of roles there is a pre-step; you will need to start by first of all building the menu structure appropriate to each role. Openbravo is shipped with several pre-built menu structures called Modules: Sales Management, Procurement Management, Warehouse Management, Production Management etc. You can modify these or start from scratch and build your own menus.

Once you have defined the menu return to your role definition screen associate the two elements. Select the ┬┤Grant Access┬┤ button. In the resulting dialog you can select both the Menu Modules you want to associate with your role and what type of access privileges the role needs. For example a Sales Manager will need access to all the Windows and Reports of the the 'Sales Management' module. While a Logistics Analyst will need access to all the the reports of the Sales, Procurement, Production and Warehouse modules.

For more information see also the AD_Role_OrgAccess table description.

Creare Moduli di Menu

To customize each job in your application it is very advantageous to organize and structure the tasks required for a role. A good way to do this is to create a menu module and populate it with the elements required for that role according to the sequence of which each task in a process needs to occur.

To add a menu module you need to:

To populate your menu module with tasks (Windows, Reports, Processes...etc), for each task create a record:

To structure the menu items into the menu module

For more information see the AD_Menu table description.

Creare un Utente

A User is related to an individual, while a role is related to a set of tasks. To create a User follow this procedure:

For more information see also the AD_User table description.

Grant Role Access

For the User to be able to do their job they need to be granted access to privileges. This task can be accomplished by associating each user with a preexisting Role/s.

Staying in the User window:

For more information see also the AD_Role_OrgAccess table description.

Il Risultato

Your new user and role configuration will be immediately activated. To check it is what you need:

As you can see Openbravo ERP development have built a flexible system that should meet your user, role and menu requirements.

Retrieved from ""

This page has been accessed 3,139 times. This page was last modified on 14 June 2011, at 11:04. Content is available under Creative Commons Attribution-ShareAlike 2.5 Spain License.