User Privileges are maintained in System Setup within the Users & Groups node, under the Privilege Rules tab.
A privilege rule specifies a set of permitted actions that members of a specific group can perform on a specified set of data. There is no limit to the number of privilege rules that can by applied to the same group so you can be as granular as needed regarding specific actions for specific objects, attributes and so on.
Important: Privilege rules applied at the group level affect all users and sub-groups within that level.
To add a privilege to a group:
-
From the System Setup menu, open the Users & Groups node and select the relevant user group.
-
Click the Privilege Rules tab.
-
In the User Privileges flipper, click the Add Privileges link.
-
The Add Privilege Rule dialog box displays as shown in the image below.
-
Set the relevant parameters as defined in the following table, and then click Save.
Add Privilege Rule Options
|
Parameter |
Description |
|---|---|
|
Apply to Object Creation |
Administrators select this option to give permission for users to create new objects in STEP via the Object Creation parameter which is available when configuring user privileges. More information about this parameter can be found in Object Creation Privileges
|
|
Apply to Node |
Select the allowed classification or product node for the group, which includes also specific sub-nodes. If a specific object type and node is selected, the users in the group can only access objects within that selection. For example, a specific classification or product node, or products of a certain object type. However, if a product not included in the selection is linked to a classification node to which the user has access, the user can access the product, but not edit it.
|
|
Apply to Workflow State |
When you create a user privilege rule for a STEP Workflow state, the group will have that privilege for nodes in that particular state in the STEP Workflow. More information about this parameter can be found in Configuring Workflow Privileges
|
|
Apply to User Group |
Select a group that needs the privilege being created. Web UI user impersonation enables a privileged user to act as another user, but using their own password so that the impersonated user's password is not revealed. This is done through selecting a user group. More information about this parameter can be found in Web UI User Impersonation
|
|
Action Set |
Select the permitted action set(s) for the group. Action sets should be very specific to the privileges that you want the user group to have. For more information about action sets, refer to Action Sets in System Setup documentation
|
|
Attribute Group |
Optional. Select the permitted attribute group. Select if the group should only be allowed to work with attributes in a specific attribute group. If there are attributes within a group that should not be valid for a user to access, a separate group should be maintained containing the attributes the users should have access to. Consider creating attribute groups to be used only for privileges and link allowable attributes into the user privilege groups (approve, view and modify). Separate privilege rules can handle the category specific attribute group or sub-groups if they exist.
|
|
Valid for Object type |
Optional. Select the permitted object type. For more information about object types, refer to Object Types and Structures topic
|
|
Apply to Group |
Select the user group that the privilege rules should be applied to. This is not necessary if you are already on the group that you are applying privilege rules for. |
|
Dimensions |
Optional. Select the permitted language or country dimension. If a privilege rule to modify an attribute value is restricted to a dimension:
Note: The default of Any allows the group to work with all dimension points. For more information about dimension points, refer to the Dimensions and Dimension Points topic
|
