Introduction
Your level of security within the application is a combination of three settings: in the workflow, users and application settings. The workflow is by default set-up by the consultants/support of Onventis and can only be changed by them. The users are linked security levels and can differ per user. The application settings are used to determine where in the organisation transactions are visible. In this chapter, for customer available settings are mentioned. There are five levels which can be set for a user in three settings in the application.
Security level of the user
In the user maintenance screen of users, you can set the security level for a specific user. This can be found in the section ‘Account’.
There are five security levels in the scale of 0 – 100.
| Description | Explanation | |
| 100 | Personal | User can see all transactions. |
| 90 | Board of directors | User can see all transactions which have security level ‘no protection’, ‘ internal resources’, ‘ management’ or ‘board of directors’ and transactions the user was involved in. |
| 40 | Management | User can see all transactions which have security level ‘no protection’, ‘ internal resources’ or ‘ management’ and transactions the user was involved in. |
| 20 | Interne resources | User can see all transactions which have security level ‘no protection or ‘internal resources’ and transactions the user was involved in. |
| 0 | No protection | User can only see the transactions in which the user was involved and transactions which have security level ‘no protection’. |
Next to this security level, an user can also be limited based on cost center or company. This will be explained further on.
In the default set-up, expense claims have security level ‘management’ and all other processes have security level ‘internal resources’. It is common to assign user to security level ‘internal resources’, unless it is desirable that they can only see the transactions they were involved in.
General security level
In the application setting ‘UserAccess’, the default rights are determined.
Two things can be done here:
- Define general settings for all employees
- Define employee specific level
There are three levels defined in the application:
| Description | Explanation | |
| 1 | Limit by linked Cost Centers | User can see its own transactions and transactions of linked cost centers, when the personal security level is equal to or higher than the security level of the transaction. |
| 2 | Limit by linked Companies | User can see its own transactions and transactions of linked companies, when the personal security level is equal to or higher than the security level of the transaction. |
| 3 | Unlimited access | User can see all transactions, when the personal security level is equal to or higher than the security level of the transaction. |
The default value will be level ‘limit by cost centers’, but can be changed in your application.
Linking via authorization matrix or the user
There are two ways cost centers and companies can be linked to a user: At the maintenance of the user or by using the authorization matrix. Start by implementing the authorization matrix by defining the approvers per cost center. When additional rights are needed, set this up per user.
When the user has approval rights for a certain cost center, the user automatically can see all transaction for this specific cost center (it does take security level of the user into account). Also transactions of child cost centers are visible to that user.
In the maintenance screen of a user, on the left side you have a section ‘company’ which contains the default company and cost center of the user. The give values in here, are used to determine if one has access to the transactions as described above.
In this case the user can see transactions on cost center ‘BO’.
In the maintenance screen of a user, on the upper right you can see what the default access level is of the user. You can also add additional lines here.
If on top of the earlier assigned rights, you want to give view rights for a specific cost center or company (next to the additional company/ cost center of the user), you can add additional lines in this section. You have two options:
- Add a line with only the company. The user gets access to this company to, for example, create a purchase order or to be involved in a transaction when the user is involved via the button ‘expert’. (when setting is set to ‘limit by linked cost center’). If the user setting is set to ‘limit to linked company’ the user can see all transactions for this company if his personal security level is equal to or higher than the security level of the transaction.
- Add a line with company and cost center. If the user setting is set to limited to linked company, the user can see al invoices on this specific cost center within this company (if he has the same or higher security level). This does not give access to child cost centers.