You can administer the permissions that a user group has
throughout the Console and Applications Manager applications. You
can allow or disallow permissions for an entire module or on a screen-by-screen
or function-by-function basis. These permissions apply to all of the
users in the user group.
About this task
Note: The user administering
the permissions is only able to administer permissions for those action
and views that he or she has rights to administer. Therefore, it is
suggested that each organization have one single user who administers
permissions for his or her own organization.
To
set up user group permissions:
Procedure
- From the tree in the application rules side
panel, choose Security > Groups. The Groups window
displays in the work area.
- From the Group Details window, choose the
Permissions tab.
- Locate the module that you want to add and/or
revoke permissions for and choose the Permission button. The Permissions
tree for the corresponding module displays.
- If you want to allow permissions for an entire
module, highlight the module you want to allow permissions for and
choose the Grant All icon. To disallow permissions for an entire module,
highlight the module and choose the Revoke All icon.
You
can also view the list of users who have permission to access the
entity by performing a right-click and choosing the Zoom In icon.
Note: If you want to revoke permissions to a particular menu
for a given user group, you need to revoke all of the permissions
for screens that can be selected under the menu option for which you
are revoking permissions. For example, if you uncheck the System Management
Console and all of its associated screens and functions, users do
not see the System Management Console menu option in the Application
Console.
- If you want to allow permissions on a screen-by-screen
or function-by-function basis, expand the application that you want
to allow permissions for and highlight the screens that you want to
allow and choose the Grant icon. To disallow permissions on a screen-by-screen
or function-by-function basis, highlight the screens and choose the
Revoke icon.
Note: The permissions tree displays the pricing screens and functions for both the new
and old pricing functionalities. If you are using the new pricing functionality, permissions should
be assigned to the new pricing functions. If you are using the old pricing functionality,
permissions should be assigned to the old pricing screens.
- If you are configuring permissions for a
group that has access to the Application Console, choose the Cross
Application Permission button and expand the Application > Sterling Selling and
Fulfillment Foundation Console >
Override branch and enable any of the following permissions as needed:
- The Display Decrypted Primary Payment Attributes permission determines whether
sensitive payment information such as credit card name, credit card expiration date, customer
account number or primary payment reference is displayed or masked in the Application Console.
If Sterling Selling and
Fulfillment Foundation is
configured to encrypt primary payment attributes, and the Display Decrypted Primary Payment
Attributes permission is granted, the Application Console determines whether to call the
getDecryptedString API to decrypt and display sensitive payment information.
Note: Encryption and decryption of credit card numbers and stored value card numbers
has been deprecated. IBM® recommends that
credit card numbers, debit card numbers, and stored value card numbers should not be encrypted.
Instead, they should be tokenized and stored securely in an external vault system. As a result,
credit card numbers, debit card numbers, and stored value card numbers cannot be viewed in the
Application Console.
- To
grant the Application Console the ability to make modifications to
documents that are normally not allowed based on the status modification
rules you have configured (reference), grant the Override Modification
Rules permission. For example, you may not allow regular users to
modify the instructions of a released sales order. However, specific
users should be able to add instructions on exception conditions.
When this permission is granted, the user is able to make the appropriate
overriding modifications in the order console.
Note: To indicate that a particular field can be only be modified
through this user group permission, the Sterling Selling and
Fulfillment Foundation Console
displays this field as editable, with a blue background.
- To
grant the Application Console the ability to view the stack trace
error messages, grant the Display Error Details permission.
- Choose the Save icon after configuring
the permissions.
Note: If you are configuring
permissions for a group that has access to the Application Console,
choose the Cross Application Permission button and expand the Application > Sterling Selling and
Fulfillment Foundation Console >
Override branch. Select Display Sensitive Payment Information if you
want the users in this group to be able to see sensitive payment information,
such as credit card name, credit card expiration date, customer account
number, or primary payment reference in the Application Console. Select
Override Modification Rules if you want the permissions that you have
configured for this group to override any modification rules that
you have configured. Otherwise, leave this box unchecked and the configured
modification rules are always applied.