System Data - Define Roles

Sample of the Define Roles screen

Pgm: ROLES –Roles; standard Treeview path: System > Security > Roles > Define Roles

Role, Name

Enter a code and name for the role being defined. CMiC comes with three designated system-defined roles: ADMIN, SECURITY, and TRANSACTN.

Insert, Update, Delete, Report User, Report Administrator – Checkbox

Each new role will automatically allow for the insert, update and deletion of data. To create a role with limited access to data, uncheck the required boxes.

NOTE: The 'Report User' and 'Report Administrator' checkbox options are related to accessing and administration of Jasper Reports.

Notes

Enter any notes that are relevant to this role.

[System Privileges] – Button

Screenshot of Privilege pop-up.

Pop-up window launched from the [System Privileges] button on the Roles screen (standard Treeview path: System > Security > Roles > Define Roles)

Click the [System Privileges] button to launch a pop-up window where the user can indicate the access rights to specific options within the system as they apply to the role being defined.

Check the box beside the option to which access is to be granted for the role being defined. The system default does not check any of these privileges when setting up a new role, so it is incumbent upon the user to check these options if they are desired.

Once a set of privileges have been checked for a role, the system will ask the user if they want to “Update the Users?” on this role. If [Yes] is selected, the system will update the users with the privileges assigned to the role.

Click on the Query By Example icon Query by Example icon in the Block Toolbar to search for application specific system privileges, as shown in the screenshot below.

Screenshot of Privilege pop-up.

Example of using Query By Example to search for application specific system privileges

The system allows for the specification of the following privileges:

Privilege

Description

AXSBANKACS AP: All bank accounts in Manual Checks and Void Checks
APDCCEMPD AP: Allow User to delete Credit Card Employee Details
APVCCEMPD AP: Allow User to view Credit Card Employee Details
APJOINTUPD AP: Allow to update joint payee data after voucher has been selected for payment.
APRGINVALL AP: Allows the forms user access to Registered Invoices created using Imaging
APPB AP: Allows the user access to AP batches belonging to other users
VOUPMTB AP: Allows the user to access the Payment Button in Voucher Entry
PSTCHGAP AP: Allows the user to change post dates on transactions
APCVCDA AP: Allows the user to change the Cash Department/Account on voucher status screen.
NEGMANCHK AP: Allows the user to enter negative manual checks
APVOUHLD AP: Allows the user to modify the Voucher Hold flag in Enter Voucher Form
IMOVERPQTY AP: Allows the user to overpay quantity when entering Material Invoices
IMOVERRIDE AP: Allows the user to override Production Quantity when entering Material Invoices
APBCHAMT AP: Allows the user to post a batch where the control amount does not equal the batch amount
UNPRECHK AP: Allows the user to unprepare already printed checks
APUPDEFCHQ AP: Allows the user to update EFT cheque sequence number in AP Control File
APVOUDISC AP: Allows the user to update discount amount on Adjust Voucher Status screen
APPOSTCUR AP: Allows user to post current users AP batches
APJOINTPAY AP: For partially paid voucher, allow total joint payee amount to exceed current outstanding amount.
CHQRELBT AP: Prevent access to Check Release/Unrelease All buttons.
VOUST AP: Set Voucher Status to Express
ARJBINMEM AR: Allows The User To Apply AR Memos to JB Bill Invoices
ARPB AR: Allows the user access to AR batches belonging to other users
ARINVBANK AR: Allows the user to add Bank Details on AR INVOICE program
PSTCHGAR AR: Allows the user to change post dates on transactions
ARJBINACPH AR: Allows the user to enter AR and JB transactions to Inactive Phase/Categories
ARBCHAMT AR: Allows the user to post a batch where the control amount does not equal the batch amount
ARJBINPHPS AR: Allows the user to post billings to inactive phases when AR control setting is off.
ARPOSTUPD AR: Allows the user to update due date and description on posted invoices.
ARVOIDRECN AR: Allows user to void reconciled checks.
ARCRSUP AR: Privilege designates the user as an AR Front Office Receipt Supervisor
UIDGNTOOL Allow to Run the Diagnostic Tools.
ABOUTUSERL Allow user to see "User List" button when accessing Help->About
SYSDATASHT Allows the user to load the Data Sheet screen
UIDWNLOGS Allows to Download Server Logs
UISCRREC Allows to Record the Screen
UIDETDEBUG Allows to Run Detailed Debugging
CIPB CI: Allows the user access to CI batches belonging to other users
PSTCHGCI CI: Allows the user to change post dates on transactions
CMLGDSCPCI CM: Allows To Modify The Long Description On the Posted PCI
CMPB CM: Allows the user access to CM batches belonging to other users
PSTCHGCM CM: Allows the user to change post dates on change orders
AIUPDBSINS CMIC AI: Allows the user to modify Business Instructions.
AIASKAL CMIC AI: Allows the user to use "Al" functionality
BICTLGBLDR CMIC BI: Allows the user to access BI Catalog Builder.
BIBOARDCRT CMIC BI: Allows the user to create BI Canvas.
BIUDFOLDER CMIC BI: Allows the user to create User-Defined Folders
BICALCFLD CMIC BI: Allows the user to create calculated fields and modify their calculation.
BILOGCRT CMIC BI: Allows the user to create user-defined logs.
BIDBRDEDIT CMIC BI: Allows the user to create, edit and delete Dashboards
BIMODJOINS CMIC BI: Allows the user to modify Folder Join Conditions in BI Catalog Builder.
BICFDRFLTR CMIC BI: Allows the user to modify folder filters in BI Catalog Builder.
BISECMNG CMIC BI: Allows the user to modify security
BIUDFSETUP CMIC BI: Allows the user to modify setup for User Defined Fields definitions.
BISCHDEXPT CMIC BI: Allows the user to schedule data exports
PYADMMSTCD E-TIME: Administer Master Access Codes
ETACCESSCD E-TIME: Allows the user to define Access Codes
EMPB EM: Allows the user access to EM batches belonging to other users
EMACTRATE EM: Allows the user to activate or inactivate equipment rates
GEIMPUSRIV EM: Allows the user to see and edit the imported GE Fleet data by other users
EMAUREPLVL EM: Allows the user to update Replacement Value for Equipment
FAPB FA: Allows the user access to FA batches belonging to other users
FACHGACVAL FA: Allows the user to adjust the Asset Acquisition value
GLUINADPT GL: Allow User To Update Inactive Departments
GLVINADPT GL: Allow User To View Inactive Departments
GLREOPENYR GL: Allow to Reopen Previous Year.
GLPB GL: Allows the user access to GL batches belonging to other users
GLRECENT GL: Allows the user access to GL recurring entries belonging to other users
SUBLGACC GL: Allows the user to post to GL Subledger Control Accounts
GLPOSTCUR GL: Allows user to post current users GL batches
HCMAPPLIC HCM: Allows Applicant Management module access by employee security
HCMCOMPENS HCM: Allows Compensation Management module access by employee security
HCMHIRING HCM: Allows Hiring Requisitions module access by employee security
HCMPERFORM HCM: Allows Performance Management module access by employee security
HCMTRAIN HCM: Allows Training module access by employee security
HCMPYEMP HCM: Allows employee access by employee security
HCMAPLACS HCM: Allows user to access Construct Applicant
HCMCIOACS HCM: Allows user to access Construct Clock In/Out
HIRE HR: Allows the user to hire an applicant
HRSSNSEC HR: Allows the user to view SSN of the Employees.
HRASTRK HR: Allows user to Track Assets (Personnel Asset Tracking) without Employee Security.
HRNCDNTDEL HR: Allows user to delete an incident report
JBJCREFUPD JB: Allow to update reference description on Cost Transaction screen when prepare billing.
JBCONTEDIT JB: Allows the User to change the Contract code in Job Setup Screen
JBPB JB: Allows the user access to JB batches belonging to other users
PSTCHGJB JB: Allows the user to change post dates on transactions
JBACTIVEBC JB: Allows the user to modify the Active bill code flag in Enter Contract
JBCONTBUDG JB: Allows the user to override budget on the contract
JCCTRLJOB JC: Allow control jobs to be created in the job maintenance screen
JCLOCKCC JC: Allows User To Modify Locked Cost Code Category
JCPYSECTOT JC: Allows the User to See Un-Secure Totals in JC for Secure Pay Groups
JCPYUNBREV JC: Allows the User to See Unbilled Revenue Amount in JC for Secure Pay Groups
JCPB JC: Allows the user access to JC batches belonging to other users
JCWOJOBS JC: Allows the user to access Work Order Jobs in JC
PSTCHGJC JC: Allows the user to change post dates on transactions
JCPHSINS JC: Allows the user to create a new Phase/Category on the fly
JCTPFOVERV JC: Allows the user to override Earned Revenue Amount in Time Phased Forecast Screen
JCGLPER JC: Allows the user to post transactions to a closed period
JCEXQRY JC: Allows the user to see Employee Name in JC Executive Query
JCPYINFO JC: Allows the user to see PY info in JC for Secure Pay Groups
JCPYSRC JC: Allows the user to see Source Code in JC for Secure Pay Groups
JCIMPUSRFB JC: Allows the user to see and edit the imported Foreign Budget by other users
JCPYAMT JC: Allows the user to see pay amount in JC for secure pay groups
JCUNOTECHG JC: Allows user to change the Units Complete Transactions Notes
JCAECCAT

JC: Allows user to override the category for AP/SC/AR vouchers.

NOTE: This system privilege allows user to override the category for AP vouchers and SC commitments including any PCIs linked to the vendor/subcontract or any subcontract change orders that are then used to create RFPs (not SC vouchers).

JCMUSRIFBH JC: Allows user to see and edit the imported foreign batch data of other users
JCMUSRIPQC JC: Allows user to see and edit the imported phase qty completion data of other users
JCLCS JC: LIMIT CATEGORY SELECTION TO A SINGLE CATEGORY IN JOB COST TRANSACTION ENTRY SCREEN
JCELINE JC: Restricts user to not enter E-line in Enter Cost Transactions
JCGLINE JC: Restricts user to not enter G-line in Enter Cost Transactions
JCJLINE JC: Restricts user to not enter J-line in Enter Cost Transactions
JCWLINE JC: Restricts user to not enter W-line in Enter Cost Transactions
MSMRUPDPRC MS: Allow override of Price on MS Material Receipt.
MSLOCKPDTL MS: Allows the user to lock and unlock a price list detail
MSPRICEOVR MS: Allows the user to modify the unit price on ticket entry
MSIMPUSRSO MS: Allows the user to see and edit the imported sales orders by other users
MSIMPUSRTK MS: Allows the user to see and edit the imported tickets by other users
OMNOREQFLD OM: Allow User To Bypass Conditionally Required Fields That Are Setup By Sales Stage.
PMOWNEQUIP PM: Access Own Equipment tab in the PM Daily Report form.
PMSYSOPT PM: Allows the user access to PM System Options
PMTRNQ PM: Allows the user to access Transmittal Records belonging to other users
PMJOUROLAB PM: Allows the user to access the Labor Tab within the Daily Journal
PMPROJQST PM: Allows the user to access the Questionnaire Tab within the Project Maintenance
PMBIDCRT PM: Allows the user to create a bid job from within Project Management
PMJOBCRT PM: Allows the user to create a job from within Project Management
PMCRTVEN PM: Allows the user to create a vendor from a BP on the fly
PMCMPINF PM: Allows user to change overall participation information
PMMRALLJOB PM: Allows user to create markup rules for ALL jobs
POUNRECINV PO: Allow to unreceive invoiced items.
PORCPTVAR PO: Allows The User To Exceed Variance On Receipts
POPB PO: Allows the user access to batches belonging to other users
POCL PO: Allows the user to Open a Closed PO
APPOVAR PO: Allows the user to exceed PO Variance when matching PO to Vouchers
PORPOSCM PO: Allows the user to post receipts within Construct PM
POCOQTY PO: Validate CO quantity against PO original quantity
PSTCHGPRM PRM: Allows the user to change post dates on transactions
PYETIMEDIT PY: ALLOWS USER TO CHANGE E-TIME DATA IN REGULAR TIMESHEET
PYHISTADJC PY: Allow user to change data on Employment History Adjustment screen
PYIMPTSRT PY: Allow user to import payroll rates in timesheet import
PYEMPDEL PY: Allows User To Delete an Employee Profile
PYIMPUSRBN PY: Allows User to Validate/Edit PY Bonus - Adjustments Imported by other Users
PYIMPUSREM PY: Allows User to Validate/Edit PY Employees Imported by other Users
PYIMPUSRTM PY: Allows User to Validate/Edit PY Timesheet Imported by other Users
PYSUBPPRVW PY: Allows User to access Sub Period created by other Users
PYEDITPOS PY: Allows User to lock the editing of Job Title
PYPB PY: Allows the user access to batches belonging to other users
PYTM PY: Allows the user access to timesheets belonging to other users
PSTCHGPY PY: Allows the user to change post dates on transactions
PYRATE PY: Allows the user to see pay rates in the HR Employee Query for Secure Pay Groups
PYLBRTR PY: Allows the user to transfer timesheet entries to actual timesheet table
PYPAYRATVW PY: Allows the user to view pay rates in timesheet screen and reports.
PYEDITINV PY: Allows user to change system generated AP invoice code before creating and posting AP voucher.
PYIMPUSREH PY: Allows user to see and edit the imported employee history of other users
PYSUBPER PY: Allows user to use sub period field in payroll processing screen
PSTCHGPYC PYC: Allows the user to change post dates on transactions
RPFULLACCS Resource Planning: Full Access
RPREADONLY Resource Planning: Read Only Access
PSTCHGSC SC: Allows the user to change post dates on transactions
SCPWP SC: Allows the user to override the Pay When Paid flag in both AP and SC
SCEBAPST SC: Allows the user to post the subcontract or RFP even if exceeds the subcontract budget.
SCIMPUSRIC SC: Allows the user to see and edit the imported Insurance Compliance by other users.
SCSEPRFPCO SC: Allows user to modify "Separate Request for Payment for Change Order" on Posted Subcontracts
VENCOMPL SC: Update Vendor Compliance
EDREMITADD SD: Allow Edit of Secured Remit-To Address
SYSASGNFL SD: Allow User To Launch Assignment Form For Form Letters.
SCHREPORT SD: Allows the User to Schedule Reports
SESSKILL SD: Allows the user permission to Kill Sessions
PRNTFILE SD: Allows the user the to Print to File and Send to Spread Sheet
FIELDSEC SD: Allows the user to apply field security
CHGDBPSW SD: Allows the user to change database password of other users
SYSUSRCRE SD: Allows the user to change preferences of other users
UNLCKBYOTH SD: Allows the user to change the status of an attachment belonging to other users
ALERTDEF SD: Allows the user to define alerts for all users and groups
HSTP SD: Allows the user to define host program paths
RELEDIT SD: Allows the user to define security on related screens
RPACTDEL SD: Allows the user to delete Report Action Status records
EXPINVISBL SD: Allows the user to export invisible columns to spreadsheet
ASSIGNROLE SD: Allows the user to modify their own security access (excluding User Maintenance Form)
REPACTRUN SD: Allows the user to rerun Reports from the Report Action Status Screen
SDSLDELJOB SD: Allows the user to unschedule other people's jobs in the Scheduler Logs
MRGPARTCON SD: Allows the user to use the Partner and Contact Merge Utility
RPACTION SD: Allows the user to view Report Action Status records for other users
SDCNTPHOTO SD: Contact Photo - Upload and Remove
SDDADCSIBP SD: Do Not Allow To Delete CSI Record On Business Partner
SDDADCLBP SD: Do Not Allow To Delete Classification Record On Business Partner
SDDADMSBP SD: Do Not Allow To Delete Market Sector Record On Business Partner
SDDADTERBP SD: Do Not Allow To Delete Territory Record On Business Partner
SDDAICSIBP SD: Do Not Allow To Insert CSI Record On Business Partner
SDDAICLBP SD: Do Not Allow To Insert Classification Record On Business Partner
SDDAIMSBP SD: Do Not Allow To Insert Market Sector Record On Business Partner
SDDAITERBP SD: Do Not Allow To Insert Territory Record On Business Partner
SDDAUCSIBP SD: Do Not Allow To Update CSI Record On Business Partner
SDDAUCLBP SD: Do Not Allow To Update Classification Record On Business Partner
SDDAUMSBP SD: Do Not Allow To Update Market Sector Record On Business Partner
SDDAUTERBP SD: Do Not Allow To Update Territory Record On Business Partner
SHWINACCNT SD: Show Inactive Contacts when System Option set to hide them
SSELEVDSBD SSE: Allows unrestricted access to the Leave Dashboard Module
SSELEVMGMT SSE: Allows unrestricted access to the Leave Management module (Based on Payroll Security)
SSERESETEN SSE: Allows user to reset enrollment in benefit enrollment screen
TENANTADM SYS: Allow Access to Tenant Administration
TENANTCRT SYS: Allow Access to Tenant Creation
TENANTEDIT SYS: Allow Editing in Tenant Administration
DAPUSRADM SYS: Allow Maintaining User DAP (Digital Adoption Platform) data
SYSLICPOOL SYS: Allows the user to edit License Pool data in User Maintenance Screen
SYSNOTES SYS: Allows the user to modify notes created by other users
SYSCBPNAME SYS: Allows user to change the Customer (Business Partner) Name
UPDCONTPK SYS: Change Company/Partner On Contacts
SYSLOGFORM SYS: Implement the Forms Security Within Syslogs Forms
TMACCESS Translation Manager: Allow access to Translation Manager
UICONSNOTE UI CONSOLE: Allow User to Add/Edit Notes.
UICONSNOTH UI Console: Allows the User to Edit/Remove Notes created by other Users.
UIRPDSSEL UI Report: Allows the user to Select Data Source for Reports
UIREXPORT UI Runtime: Allows the user to Export data
UIRIMPORT UI Runtime: Allows the user to Import data
UIRPROPOVR UI Runtime: Allows the user to Override Property Default value - Impacts All Programs
UIRFTOVER UI Runtime: Allows the user to Override Runtime Features - Impacts All Programs
UIREXCLMIP UI Runtime: Allows the user to load Excel Template Maintenance Screen
UIRIMPALLU UI Runtime: Allows the user to work with other users import data
UACACCESS User Admin Central: Allow access to (UAC) User Admin Central
UACMODIFY User Admin Central: Allow modify records on User Maintenance, Templates, Onboarding Error Log
UACCREATE User Admin Central: Allow to create records on User Maintenance and Templates
UACAZURE User Admin Central: Allow users to create and modify Azure Integration fields
UACDELTMPT User Admin Central: Allow users to delete Permission templates
UACONBOARD User Admin Central: Allow users to modify and retry records on the Error Onboarding Log
WKF_ABORT WKF: Allows the user to abort a workflow
WKF_BUILD WKF: Allows the user to access Workflow Builder.
WKF_ADDST WKF: Allows the user to add approvers and steps to an active Workflow
WKF_APPRV WKF: Allows the user to assign Workflow approvers and templates
WKF_LAUNCH WKF: Allows the user to launch a Workflow
PSTOVRRIDE WKF: Allows the user to post a non-postable object.

[Configuration Privileges] – Button

Sample of the pop-up window launched from the [Configuration Privileges] button

Pop-up window launched from the [Configuration Privileges] button on the Roles screen (standard Treeview path: System > Security > Roles > Define Roles)

Click the [Configuration Privileges] button to launch a pop-up window where the user can indicate the access rights to specific options within the system as they apply to the role being defined (related to Console, ADFs and other items).

To add a configuration privilege, in the Privilege section of the pop-up window, click the privilege’s corresponding 'Select' checkbox.

If customization levels are required for a configuration privilege, they can be defined in the lower half of the pop-up window. Select the configuration privilege in the Privilege section of the pop-up window, then click [Insert] in the Block Toolbar of the Configuration Privilege Levels section.

Configuration privileges are related to the ability of users to modify various UI Runtime related objects such as Console Layout, UI Logs, UI Treeviews, UI Program Builder, etc.

NOTE: In order to finalize setup of Configuration Privileges, the final settings are required to be defined in the UI Runtime version of User Maintenance (standard Treeview path: System > Security > Users > User Maintenance – Configuration Privileges tab).

The system allows for the specification of the following configuration privileges:

Privilege

Description

CONSOLEDT

Console: Allow User To Edit Console Definition.

UIHTMLREG

Console: Allow to create/edit region with embedded HTML.

UIADDLEUDF

UI Lite Editor: Allow User To Add User Defined Fields Via Lite Editor.

UIRLITEEDT

UI Lite Editor: Allow User To Edit Program Definition Via Lite Editor.

UILOGCRT

UI Logs: Allow User To Create A New Log.

UILOGEDT

UI Logs: Allow User To Save Log Layout.

UIPRCBCRT

UI Process Builder: Allow User To Create/Edit Custom Process Definition.

UIPRGCRT

UI Program Builder: Allow User to Create/Edit Program Definition.

UIREPPRMMD

UI Report: Allow User to Modify Report Parameters Definition.

UITRVEDT

UI Treeview Builder: Allow User To Edit Treeview Definition.