You can manage the default security of your users easily by using user profiles. These allow you to apply the same default security setting to several users at once and can even update the security on records that the users have already created.
User profiles are found in System Setting under User Information, from here you can add, edit, and delete user profiles.
Adding a New Profile
From the User Profiles page press “Add a Profile” this will take you to a fresh User Profile. You can also open an existing one and use the arrow next to the “Save” button to “Save As” and use the existing profile as base for a new one.
You will need to start by filling out the Profile Settings section, see below:
- Profile Name: Every Profile needs a unique name. If using “Save As” be sure to change this first or you will get an error.
- Description: This will display on the User Profiles page to help identify what this profile is for.
- Copy Settings from User: This feature allows you to select a user and copy their security setting and permission into this profile as a base.
- Populate: Once you select the user to copy from, press this button to apply those settings to the user profile. This does not save the profile.
- Is Admin?: This sets whether the users in this profile are marked as admins or not. As a result, you cannot have admins and users in the same profile but you can build one profile from the other using “Save As” or Copy Setting From User. Admins can bypass security on all records, but their access can still be limited based on permissions and which record types are hidden from them.
There are four tabs that allow you to set permissions, default security, groups, and users.
The Permissions tab allows you to set the permission for the users in this profile. You have the same options as in the user’s page in User List and you have the options “Additional Permissions” that are in the PC Admin Tool. Check the boxes for the permissions that the users need.
Record Security Tab
This tab allows you to set the Default security when users create new records. It also allows you to hide record types from their Navigation bar and set whether or not they are allowed to create records or not.
- Select All: Checking the top box in this column selects all record types and allows you to change the security setting for all of them at once. You can also use this to select all then unselect a minority of record types.
- Select Record for Multiselect: Check or uncheck this box to add the record type to a multi-select setting.
- Record Type: Click on the blue text to select that record type.
- Hidden: If checked this will hide that record type from the user’s navigation bar. This does not prevent the user from viewing this record type if they can link to a record from another record type they will allow to view it if they have view permission on that record.
- Allowed to Create: This has to be checked for the user to be able to create a record of this type. Users can still have permission to edit or delete records of this type even with this unchecked.
- Owner: By default, this is the creator, you can change this to another user so that when users in this group create a record that record is owned by someone else. For Example, if you want all bills to be owned by one billing manager or if you want records owned by a user group.
- Access: This is the level of access that users have to records created by users in this profile. There are four options:
- Public: Everyone has full access to view, link, edit, and delete these records.
- Read Only: The creator/owner has full access, and everyone else only has permission to view the records.
- Private: Only the owner can access the record. No one else can view the record and it will be hidden from normal searches from other users.
- Custom: This is the catch-all for any settings that are set by an admin that are not one the above. When setting this a user gets the highest access that they can have for any of their groups, so if User A only has view permission but they are in Group X and Group X has view, link, and edit permission then User A also has link and edit permission. An unchecked box means that access was not given not that access was denied. More on this below.
- Owner: Same as point 6 but this will set the default owner for all record types selected.
- Access: Same as point 7 but this will set the default access for all record types selected.
- This is used to add a user to the list below. You only need this when making custom security. You can select users or groups and there are three special selection.
- Creator: This sets the access of the creator of the record.
- Everyone: This is a special group that includes every user.
- Admin: This is the Centerbase System Admin user. They have full access to your system so there is no reason to include it on any custom setting.
- Permissions detail list: This is a detailed list of what actions different users or groups can take for records of this type that are created by users in this profile. These can be a basic as “Public” where everyone can view, link, edit, and delete the record. And they can be as complicated as having every user and group listed with their own setting. One key to remember is that a user gets the highest level of access that they are granted either individually or through group membership.
Group Membership Tab
This tab is used to set which groups users in this profile will be in. Groups are different than Profiles and have to be set up in the PC Admin Tool. When you save this profile, it will add the users in the Included Users tab to the selected groups and remove them from all other groups. When using User Profiles it is best practice to have one group for each profile.
Included Users Tab
This tab lists all users on your system. It filters first by Profile, with the users in this profile at the top, then users without a profile then users in another profile. Each profile group sorts users alphabetically. Simply click the checkbox in the “Apply Profile to User?” column to have that user added to this profile on save.
When you press Save a dialog box will pop up and ask if you want to apply this to existing records or only to new records. If applied to existing records it will not change records that are currently marked private. Record security will be updated based on who created the records not who currently owns them. For example, if A/P or A/R clerk has added billing or accounting records that are now owned by the billing/account supervisor their security will be updated if the clerk’s profile updates existing records and will not update if the supervisor’s profile update’s existing records.
- User Groups and User Profiles are not the same things.
- Admins and non-admins can not be in the same group.
- Record Security set who has access to records created by users within a profile.
- If existing records are updated it is base on who created them not who owns them.
- Users will be moved to the groups that you select and removed from all other custom groups.
User Profiles: System Settings > User Information > User Profiles