System Data - Define Roles
Pgm: ROLES –Roles; standard Treeview path: System > Security > Roles > Define Roles
Role, Name
Enter a code and name for the role being defined. CMiC comes with three designated system-defined roles: ADMIN, SECURITY, and TRANSACTN.
Insert, Update, Delete, Report User, Report Administrator – Checkbox
Each new role will automatically allow for the insert, update and deletion of data. To create a role with limited access to data, uncheck the required boxes.
NOTE: The 'Report User' and 'Report Administrator' checkbox options are related to accessing and administration of Jasper Reports.
Notes
Enter any notes that are relevant to this role.
[System Privileges] – Button
Pop-up window launched from the [System Privileges] button on the Roles screen (standard Treeview path: System > Security > Roles > Define Roles)
Click the [System Privileges] button to launch a pop-up window where the user can indicate the access rights to specific options within the system as they apply to the role being defined.
Check the box beside the option to which access is to be granted for the role being defined. The system default does not check any of these privileges when setting up a new role, so it is incumbent upon the user to check these options if they are desired.
Once a set of privileges have been checked for a role, the system will ask the user if they want to “Update the Users?” on this role. If [Yes] is selected, the system will update the users with the privileges assigned to the role.
Click on the Query By Example icon
in the Block Toolbar to search for application specific system privileges, as shown in the screenshot below.
Example of using Query By Example to search for application specific system privileges
The system allows for the specification of the following privileges:
|
Privilege |
Description |
|---|---|
| AXSBANKACS | AP: All bank accounts in Manual Checks and Void Checks |
| APDCCEMPD | AP: Allow User to delete Credit Card Employee Details |
| APVCCEMPD | AP: Allow User to view Credit Card Employee Details |
| APJOINTUPD | AP: Allow to update joint payee data after voucher has been selected for payment. |
| APRGINVALL | AP: Allows the forms user access to Registered Invoices created using Imaging |
| APPB | AP: Allows the user access to AP batches belonging to other users |
| VOUPMTB | AP: Allows the user to access the Payment Button in Voucher Entry |
| PSTCHGAP | AP: Allows the user to change post dates on transactions |
| APCVCDA | AP: Allows the user to change the Cash Department/Account on voucher status screen. |
| NEGMANCHK | AP: Allows the user to enter negative manual checks |
| APVOUHLD | AP: Allows the user to modify the Voucher Hold flag in Enter Voucher Form |
| IMOVERPQTY | AP: Allows the user to overpay quantity when entering Material Invoices |
| IMOVERRIDE | AP: Allows the user to override Production Quantity when entering Material Invoices |
| APBCHAMT | AP: Allows the user to post a batch where the control amount does not equal the batch amount |
| UNPRECHK | AP: Allows the user to unprepare already printed checks |
| APUPDEFCHQ | AP: Allows the user to update EFT cheque sequence number in AP Control File |
| APVOUDISC | AP: Allows the user to update discount amount on Adjust Voucher Status screen |
| APPOSTCUR | AP: Allows user to post current users AP batches |
| APJOINTPAY | AP: For partially paid voucher, allow total joint payee amount to exceed current outstanding amount. |
| CHQRELBT | AP: Prevent access to Check Release/Unrelease All buttons. |
| VOUST | AP: Set Voucher Status to Express |
| ARJBINMEM | AR: Allows The User To Apply AR Memos to JB Bill Invoices |
| ARPB | AR: Allows the user access to AR batches belonging to other users |
| ARINVBANK | AR: Allows the user to add Bank Details on AR INVOICE program |
| PSTCHGAR | AR: Allows the user to change post dates on transactions |
| ARJBINACPH | AR: Allows the user to enter AR and JB transactions to Inactive Phase/Categories |
| ARBCHAMT | AR: Allows the user to post a batch where the control amount does not equal the batch amount |
| ARJBINPHPS | AR: Allows the user to post billings to inactive phases when AR control setting is off. |
| ARPOSTUPD | AR: Allows the user to update due date and description on posted invoices. |
| ARVOIDRECN | AR: Allows user to void reconciled checks. |
| ARCRSUP | AR: Privilege designates the user as an AR Front Office Receipt Supervisor |
| UIDGNTOOL | Allow to Run the Diagnostic Tools. |
| ABOUTUSERL | Allow user to see "User List" button when accessing Help->About |
| SYSDATASHT | Allows the user to load the Data Sheet screen |
| UIDWNLOGS | Allows to Download Server Logs |
| UISCRREC | Allows to Record the Screen |
| UIDETDEBUG | Allows to Run Detailed Debugging |
| CIPB | CI: Allows the user access to CI batches belonging to other users |
| PSTCHGCI | CI: Allows the user to change post dates on transactions |
| CMLGDSCPCI | CM: Allows To Modify The Long Description On the Posted PCI |
| CMPB | CM: Allows the user access to CM batches belonging to other users |
| PSTCHGCM | CM: Allows the user to change post dates on change orders |
| AIUPDBSINS | CMIC AI: Allows the user to modify Business Instructions. |
| AIASKAL | CMIC AI: Allows the user to use "Al" functionality |
| BICTLGBLDR | CMIC BI: Allows the user to access BI Catalog Builder. |
| BIBOARDCRT | CMIC BI: Allows the user to create BI Canvas. |
| BIUDFOLDER | CMIC BI: Allows the user to create User-Defined Folders |
| BICALCFLD | CMIC BI: Allows the user to create calculated fields and modify their calculation. |
| BILOGCRT | CMIC BI: Allows the user to create user-defined logs. |
| BIDBRDEDIT | CMIC BI: Allows the user to create, edit and delete Dashboards |
| BIMODJOINS | CMIC BI: Allows the user to modify Folder Join Conditions in BI Catalog Builder. |
| BICFDRFLTR | CMIC BI: Allows the user to modify folder filters in BI Catalog Builder. |
| BISECMNG | CMIC BI: Allows the user to modify security |
| BIUDFSETUP | CMIC BI: Allows the user to modify setup for User Defined Fields definitions. |
| BISCHDEXPT | CMIC BI: Allows the user to schedule data exports |
| PYADMMSTCD | E-TIME: Administer Master Access Codes |
| ETACCESSCD | E-TIME: Allows the user to define Access Codes |
| EMPB | EM: Allows the user access to EM batches belonging to other users |
| EMACTRATE | EM: Allows the user to activate or inactivate equipment rates |
| GEIMPUSRIV | EM: Allows the user to see and edit the imported GE Fleet data by other users |
| EMAUREPLVL | EM: Allows the user to update Replacement Value for Equipment |
| FAPB | FA: Allows the user access to FA batches belonging to other users |
| FACHGACVAL | FA: Allows the user to adjust the Asset Acquisition value |
| GLUINADPT | GL: Allow User To Update Inactive Departments |
| GLVINADPT | GL: Allow User To View Inactive Departments |
| GLREOPENYR | GL: Allow to Reopen Previous Year. |
| GLPB | GL: Allows the user access to GL batches belonging to other users |
| GLRECENT | GL: Allows the user access to GL recurring entries belonging to other users |
| SUBLGACC | GL: Allows the user to post to GL Subledger Control Accounts |
| GLPOSTCUR | GL: Allows user to post current users GL batches |
| HCMAPPLIC | HCM: Allows Applicant Management module access by employee security |
| HCMCOMPENS | HCM: Allows Compensation Management module access by employee security |
| HCMHIRING | HCM: Allows Hiring Requisitions module access by employee security |
| HCMPERFORM | HCM: Allows Performance Management module access by employee security |
| HCMTRAIN | HCM: Allows Training module access by employee security |
| HCMPYEMP | HCM: Allows employee access by employee security |
| HCMAPLACS | HCM: Allows user to access Construct Applicant |
| HCMCIOACS | HCM: Allows user to access Construct Clock In/Out |
| HIRE | HR: Allows the user to hire an applicant |
| HRSSNSEC | HR: Allows the user to view SSN of the Employees. |
| HRASTRK | HR: Allows user to Track Assets (Personnel Asset Tracking) without Employee Security. |
| HRNCDNTDEL | HR: Allows user to delete an incident report |
| JBJCREFUPD | JB: Allow to update reference description on Cost Transaction screen when prepare billing. |
| JBCONTEDIT | JB: Allows the User to change the Contract code in Job Setup Screen |
| JBPB | JB: Allows the user access to JB batches belonging to other users |
| PSTCHGJB | JB: Allows the user to change post dates on transactions |
| JBACTIVEBC | JB: Allows the user to modify the Active bill code flag in Enter Contract |
| JBCONTBUDG | JB: Allows the user to override budget on the contract |
| JCCTRLJOB | JC: Allow control jobs to be created in the job maintenance screen |
| JCLOCKCC | JC: Allows User To Modify Locked Cost Code Category |
| JCPYSECTOT | JC: Allows the User to See Un-Secure Totals in JC for Secure Pay Groups |
| JCPYUNBREV | JC: Allows the User to See Unbilled Revenue Amount in JC for Secure Pay Groups |
| JCPB | JC: Allows the user access to JC batches belonging to other users |
| JCWOJOBS | JC: Allows the user to access Work Order Jobs in JC |
| PSTCHGJC | JC: Allows the user to change post dates on transactions |
| JCPHSINS | JC: Allows the user to create a new Phase/Category on the fly |
| JCTPFOVERV | JC: Allows the user to override Earned Revenue Amount in Time Phased Forecast Screen |
| JCGLPER | JC: Allows the user to post transactions to a closed period |
| JCEXQRY | JC: Allows the user to see Employee Name in JC Executive Query |
| JCPYINFO | JC: Allows the user to see PY info in JC for Secure Pay Groups |
| JCPYSRC | JC: Allows the user to see Source Code in JC for Secure Pay Groups |
| JCIMPUSRFB | JC: Allows the user to see and edit the imported Foreign Budget by other users |
| JCPYAMT | JC: Allows the user to see pay amount in JC for secure pay groups |
| JCUNOTECHG | JC: Allows user to change the Units Complete Transactions Notes |
| JCAECCAT |
JC: Allows user to override the category for AP/SC/AR vouchers. NOTE: This system privilege allows user to override the category for AP vouchers and SC commitments including any PCIs linked to the vendor/subcontract or any subcontract change orders that are then used to create RFPs (not SC vouchers). |
| JCMUSRIFBH | JC: Allows user to see and edit the imported foreign batch data of other users |
| JCMUSRIPQC | JC: Allows user to see and edit the imported phase qty completion data of other users |
| JCLCS | JC: LIMIT CATEGORY SELECTION TO A SINGLE CATEGORY IN JOB COST TRANSACTION ENTRY SCREEN |
| JCELINE | JC: Restricts user to not enter E-line in Enter Cost Transactions |
| JCGLINE | JC: Restricts user to not enter G-line in Enter Cost Transactions |
| JCJLINE | JC: Restricts user to not enter J-line in Enter Cost Transactions |
| JCWLINE | JC: Restricts user to not enter W-line in Enter Cost Transactions |
| MSMRUPDPRC | MS: Allow override of Price on MS Material Receipt. |
| MSLOCKPDTL | MS: Allows the user to lock and unlock a price list detail |
| MSPRICEOVR | MS: Allows the user to modify the unit price on ticket entry |
| MSIMPUSRSO | MS: Allows the user to see and edit the imported sales orders by other users |
| MSIMPUSRTK | MS: Allows the user to see and edit the imported tickets by other users |
| OMNOREQFLD | OM: Allow User To Bypass Conditionally Required Fields That Are Setup By Sales Stage. |
| PMOWNEQUIP | PM: Access Own Equipment tab in the PM Daily Report form. |
| PMSYSOPT | PM: Allows the user access to PM System Options |
| PMTRNQ | PM: Allows the user to access Transmittal Records belonging to other users |
| PMJOUROLAB | PM: Allows the user to access the Labor Tab within the Daily Journal |
| PMPROJQST | PM: Allows the user to access the Questionnaire Tab within the Project Maintenance |
| PMBIDCRT | PM: Allows the user to create a bid job from within Project Management |
| PMJOBCRT | PM: Allows the user to create a job from within Project Management |
| PMCRTVEN | PM: Allows the user to create a vendor from a BP on the fly |
| PMCMPINF | PM: Allows user to change overall participation information |
| PMMRALLJOB | PM: Allows user to create markup rules for ALL jobs |
| POUNRECINV | PO: Allow to unreceive invoiced items. |
| PORCPTVAR | PO: Allows The User To Exceed Variance On Receipts |
| POPB | PO: Allows the user access to batches belonging to other users |
| POCL | PO: Allows the user to Open a Closed PO |
| APPOVAR | PO: Allows the user to exceed PO Variance when matching PO to Vouchers |
| PORPOSCM | PO: Allows the user to post receipts within Construct PM |
| POCOQTY | PO: Validate CO quantity against PO original quantity |
| PSTCHGPRM | PRM: Allows the user to change post dates on transactions |
| PYETIMEDIT | PY: ALLOWS USER TO CHANGE E-TIME DATA IN REGULAR TIMESHEET |
| PYHISTADJC | PY: Allow user to change data on Employment History Adjustment screen |
| PYIMPTSRT | PY: Allow user to import payroll rates in timesheet import |
| PYEMPDEL | PY: Allows User To Delete an Employee Profile |
| PYIMPUSRBN | PY: Allows User to Validate/Edit PY Bonus - Adjustments Imported by other Users |
| PYIMPUSREM | PY: Allows User to Validate/Edit PY Employees Imported by other Users |
| PYIMPUSRTM | PY: Allows User to Validate/Edit PY Timesheet Imported by other Users |
| PYSUBPPRVW | PY: Allows User to access Sub Period created by other Users |
| PYEDITPOS | PY: Allows User to lock the editing of Job Title |
| PYPB | PY: Allows the user access to batches belonging to other users |
| PYTM | PY: Allows the user access to timesheets belonging to other users |
| PSTCHGPY | PY: Allows the user to change post dates on transactions |
| PYRATE | PY: Allows the user to see pay rates in the HR Employee Query for Secure Pay Groups |
| PYLBRTR | PY: Allows the user to transfer timesheet entries to actual timesheet table |
| PYPAYRATVW | PY: Allows the user to view pay rates in timesheet screen and reports. |
| PYEDITINV | PY: Allows user to change system generated AP invoice code before creating and posting AP voucher. |
| PYIMPUSREH | PY: Allows user to see and edit the imported employee history of other users |
| PYSUBPER | PY: Allows user to use sub period field in payroll processing screen |
| PSTCHGPYC | PYC: Allows the user to change post dates on transactions |
| RPFULLACCS | Resource Planning: Full Access |
| RPREADONLY | Resource Planning: Read Only Access |
| PSTCHGSC | SC: Allows the user to change post dates on transactions |
| SCPWP | SC: Allows the user to override the Pay When Paid flag in both AP and SC |
| SCEBAPST | SC: Allows the user to post the subcontract or RFP even if exceeds the subcontract budget. |
| SCIMPUSRIC | SC: Allows the user to see and edit the imported Insurance Compliance by other users. |
| SCSEPRFPCO | SC: Allows user to modify "Separate Request for Payment for Change Order" on Posted Subcontracts |
| VENCOMPL | SC: Update Vendor Compliance |
| EDREMITADD | SD: Allow Edit of Secured Remit-To Address |
| SYSASGNFL | SD: Allow User To Launch Assignment Form For Form Letters. |
| SCHREPORT | SD: Allows the User to Schedule Reports |
| SESSKILL | SD: Allows the user permission to Kill Sessions |
| PRNTFILE | SD: Allows the user the to Print to File and Send to Spread Sheet |
| FIELDSEC | SD: Allows the user to apply field security |
| CHGDBPSW | SD: Allows the user to change database password of other users |
| SYSUSRCRE | SD: Allows the user to change preferences of other users |
| UNLCKBYOTH | SD: Allows the user to change the status of an attachment belonging to other users |
| ALERTDEF | SD: Allows the user to define alerts for all users and groups |
| HSTP | SD: Allows the user to define host program paths |
| RELEDIT | SD: Allows the user to define security on related screens |
| RPACTDEL | SD: Allows the user to delete Report Action Status records |
| EXPINVISBL | SD: Allows the user to export invisible columns to spreadsheet |
| ASSIGNROLE | SD: Allows the user to modify their own security access (excluding User Maintenance Form) |
| REPACTRUN | SD: Allows the user to rerun Reports from the Report Action Status Screen |
| SDSLDELJOB | SD: Allows the user to unschedule other people's jobs in the Scheduler Logs |
| MRGPARTCON | SD: Allows the user to use the Partner and Contact Merge Utility |
| RPACTION | SD: Allows the user to view Report Action Status records for other users |
| SDCNTPHOTO | SD: Contact Photo - Upload and Remove |
| SDDADCSIBP | SD: Do Not Allow To Delete CSI Record On Business Partner |
| SDDADCLBP | SD: Do Not Allow To Delete Classification Record On Business Partner |
| SDDADMSBP | SD: Do Not Allow To Delete Market Sector Record On Business Partner |
| SDDADTERBP | SD: Do Not Allow To Delete Territory Record On Business Partner |
| SDDAICSIBP | SD: Do Not Allow To Insert CSI Record On Business Partner |
| SDDAICLBP | SD: Do Not Allow To Insert Classification Record On Business Partner |
| SDDAIMSBP | SD: Do Not Allow To Insert Market Sector Record On Business Partner |
| SDDAITERBP | SD: Do Not Allow To Insert Territory Record On Business Partner |
| SDDAUCSIBP | SD: Do Not Allow To Update CSI Record On Business Partner |
| SDDAUCLBP | SD: Do Not Allow To Update Classification Record On Business Partner |
| SDDAUMSBP | SD: Do Not Allow To Update Market Sector Record On Business Partner |
| SDDAUTERBP | SD: Do Not Allow To Update Territory Record On Business Partner |
| SHWINACCNT | SD: Show Inactive Contacts when System Option set to hide them |
| SSELEVDSBD | SSE: Allows unrestricted access to the Leave Dashboard Module |
| SSELEVMGMT | SSE: Allows unrestricted access to the Leave Management module (Based on Payroll Security) |
| SSERESETEN | SSE: Allows user to reset enrollment in benefit enrollment screen |
| TENANTADM | SYS: Allow Access to Tenant Administration |
| TENANTCRT | SYS: Allow Access to Tenant Creation |
| TENANTEDIT | SYS: Allow Editing in Tenant Administration |
| DAPUSRADM | SYS: Allow Maintaining User DAP (Digital Adoption Platform) data |
| SYSLICPOOL | SYS: Allows the user to edit License Pool data in User Maintenance Screen |
| SYSNOTES | SYS: Allows the user to modify notes created by other users |
| SYSCBPNAME | SYS: Allows user to change the Customer (Business Partner) Name |
| UPDCONTPK | SYS: Change Company/Partner On Contacts |
| SYSLOGFORM | SYS: Implement the Forms Security Within Syslogs Forms |
| TMACCESS | Translation Manager: Allow access to Translation Manager |
| UICONSNOTE | UI CONSOLE: Allow User to Add/Edit Notes. |
| UICONSNOTH | UI Console: Allows the User to Edit/Remove Notes created by other Users. |
| UIRPDSSEL | UI Report: Allows the user to Select Data Source for Reports |
| UIREXPORT | UI Runtime: Allows the user to Export data |
| UIRIMPORT | UI Runtime: Allows the user to Import data |
| UIRPROPOVR | UI Runtime: Allows the user to Override Property Default value - Impacts All Programs |
| UIRFTOVER | UI Runtime: Allows the user to Override Runtime Features - Impacts All Programs |
| UIREXCLMIP | UI Runtime: Allows the user to load Excel Template Maintenance Screen |
| UIRIMPALLU | UI Runtime: Allows the user to work with other users import data |
| UACACCESS | User Admin Central: Allow access to (UAC) User Admin Central |
| UACMODIFY | User Admin Central: Allow modify records on User Maintenance, Templates, Onboarding Error Log |
| UACCREATE | User Admin Central: Allow to create records on User Maintenance and Templates |
| UACAZURE | User Admin Central: Allow users to create and modify Azure Integration fields |
| UACDELTMPT | User Admin Central: Allow users to delete Permission templates |
| UACONBOARD | User Admin Central: Allow users to modify and retry records on the Error Onboarding Log |
| WKF_ABORT | WKF: Allows the user to abort a workflow |
| WKF_BUILD | WKF: Allows the user to access Workflow Builder. |
| WKF_ADDST | WKF: Allows the user to add approvers and steps to an active Workflow |
| WKF_APPRV | WKF: Allows the user to assign Workflow approvers and templates |
| WKF_LAUNCH | WKF: Allows the user to launch a Workflow |
| PSTOVRRIDE | WKF: Allows the user to post a non-postable object. |
[Configuration Privileges] – Button
Pop-up window launched from the [Configuration Privileges] button on the Roles screen (standard Treeview path: System > Security > Roles > Define Roles)
Click the [Configuration Privileges] button to launch a pop-up window where the user can indicate the access rights to specific options within the system as they apply to the role being defined (related to Console, ADFs and other items).
To add a configuration privilege, in the Privilege section of the pop-up window, click the privilege’s corresponding 'Select' checkbox.
If customization levels are required for a configuration privilege, they can be defined in the lower half of the pop-up window. Select the configuration privilege in the Privilege section of the pop-up window, then click [Insert] in the Block Toolbar of the Configuration Privilege Levels section.
Configuration privileges are related to the ability of users to modify various UI Runtime related objects such as Console Layout, UI Logs, UI Treeviews, UI Program Builder, etc.
NOTE: In order to finalize setup of Configuration Privileges, the final settings are required to be defined in the UI Runtime version of User Maintenance (standard Treeview path: System > Security > Users > User Maintenance – Configuration Privileges tab).
The system allows for the specification of the following configuration privileges:
|
Privilege |
Description |
|---|---|
|
CONSOLEDT |
Console: Allow User To Edit Console Definition. |
|
UIHTMLREG |
Console: Allow to create/edit region with embedded HTML. |
|
UIADDLEUDF |
UI Lite Editor: Allow User To Add User Defined Fields Via Lite Editor. |
|
UIRLITEEDT |
UI Lite Editor: Allow User To Edit Program Definition Via Lite Editor. |
|
UILOGCRT |
UI Logs: Allow User To Create A New Log. |
|
UILOGEDT |
UI Logs: Allow User To Save Log Layout. |
|
UIPRCBCRT |
UI Process Builder: Allow User To Create/Edit Custom Process Definition. |
|
UIPRGCRT |
UI Program Builder: Allow User to Create/Edit Program Definition. |
|
UIREPPRMMD |
UI Report: Allow User to Modify Report Parameters Definition. |
|
UITRVEDT |
UI Treeview Builder: Allow User To Edit Treeview Definition. |