Search Tips
Pgm: ROLES –Roles; standard Treeview path: System > Security > Roles > Define Roles
Role, Name
Enter a code and name for the role being defined. CMiC comes with three designated system-defined roles: ADMIN, SECURITY, and TRANSACTN.
Insert, Update, Delete, Report User, Report Administrator
Each new role will automatically allow for the insert, update and deletion of data. To create a role with limited access to data, uncheck the required boxes.
Note The Report User and Report Administrator checkbox options are related to accessing and administration of Jasper Reports.
System Privileges
Pop-up window launched from the [System Privileges] button on the Roles screen (standard Treeview path: System > Security > Roles > Define Roles)
Click the System Privileges button to launch a pop-up window where the user can indicate the access rights to specific options within the system as they apply to the role being defined.
Check the box beside the option to which access is to be granted for the role being defined. The system default does not check any of these privileges when setting up a new role, so it is incumbent upon the user to check these options if they are desired.
Once a set of privileges have been checked for a role, the system will ask the user if they want to “Update the Users?” on this role. If [Yes] is selected, the system will update the users with the privileges assigned to the role.
Click on the Query By Example icon 
in the Block Toolbar to search for application specific system privileges, as shown in the screenshot below.
Example of using Query By Example to search for application specific system privileges
The system allows for the specification of the following privileges:
|
Privilege |
Description |
|---|---|
|
AXSBANKACS |
AP: All bank accounts in Manual Checks and Void Checks |
|
APJOINTUPD |
AP: Allow to update joint payee data after voucher has been selected for payment |
|
APRGINVALL |
AP: Allows the forms user access to Registered Invoices created using Imaging |
|
APPB |
AP: Allows the user access to AP batches belonging to other users |
| APUPDEFCHQ | AP: Allows the user to update EFT cheque sequence number in AP control file. |
|
VOUPMTB |
AP: Allows the user to access the Payment Button in Voucher Entry |
|
PSTCHGAP |
AP: Allows the user to change post dates on transactions |
|
APCVCDA |
AP: Allows the user to change the Cash Department/Account on voucher status screen |
|
NEGMANCHK |
AP: Allows the user to enter negative manual checks |
| APVOUDISC | AP: Allows the user to update discount amount on Adjust Voucher Status screen |
|
APVOUHLD |
AP: Allows the user to modify the Voucher Hold flag in Enter Voucher Form |
|
IMOVERPQTY |
AP: Allows the user to overpay quantity when entering Material Invoices |
|
IMOVERRIDE |
AP: Allows the user to override Production Quantity when entering Invoices |
|
APBCHAMT |
AP: Allows the user to post a batch where the control amount does not equal the batch amount |
|
UNPRECHK |
AP: Allows the user to unprepare already printed checks |
|
APJOINTPAY |
AP: For partially paid voucher, allow total joint payee amount to exceed current outstanding amount |
|
VOUST |
AP: Set Voucher Status to Express |
|
APPOSTCUR |
AP: Allows current user to post their own AP batches |
|
ARJBINMEM |
AR: Allows The User To Apply AR Memos to JB Bill Invoices |
|
ARPB |
AR: Allows the user access to AR batches belonging to other users |
|
ARJBINACPH |
AR: Allows the user to enter AR and JB transactions to Inactive Phase/Categories |
|
ARBCHAMT |
AR: Allows the user to post a batch where the control amount does not equal the batch amount |
|
ARJBINPHPS |
AR: Allows the user to post billings to inactive phases when AR control setting is off |
|
ARPOSTUPD |
AR: Allows the user to update due date and description on posted invoices |
|
ARCRSUP |
AR: Privilege designates the user as an AR Front Office Receipt Supervisor |
| ARVOIDRECN | AR: Allows user to void reconciled checks |
|
ABOUTUSERL |
Allow user to see "User List" button when accessing Help->About |
|
SYSDATASHT |
Allow the user to load the Data Sheet screen |
|
SCEBAPST |
Allows the user to post the subcontract even if exceeds the budget |
|
PMCMPINF |
Allows user to change overall participation information |
|
JCAECCAT |
JC: Allows user to override the category for AP/SC/AR vouchers. Note This system privilege allows user to override the category for AP vouchers and SC commitments including any PCIs linked to the vendor/subcontract or any subcontract change orders that are then used to create RFPs (not SC vouchers). |
|
CIPB |
CI: Allows the user access to CI batches belonging to other users |
|
PSTCHGCI |
CI: Allows the user to change post dates on transactions |
|
CMPB |
CM: Allows the user access to CM batches belonging to other users |
|
PSTCHGCM |
CM: Allows the user to change post dates on change orders |
| AIASKANLTC | CMIC AI: Allows the user to use Ask Analytics feature |
|
BILOGCRT |
CMIC BI: Allows the user to create user-defined logs |
|
BICFDRFLTR |
CMIC BI: Allows the user to modify folder filters in BI Catalog Builder |
|
BICTLGBLDR |
CMIC BI: Allows the user to access BI Catalog Builder |
|
BICALCFLD |
CMIC BI: Allows the user to create calculated fields and modify their calculation |
|
BIDBRDEDIT |
CMIC BI: Allows the user to create, edit and delete Dashboards |
|
BISECMNG |
CMIC BI: Allows the user to modify security |
| BIUDFOLDER | CMIC BI: Allows the user to create User-Defined Folders |
|
BIUDFSETUP |
CMIC BI: Allows the user to modify setup for User Defined Fields definitions |
|
PYADMMSTCD |
E-TIME: Administer Master Access Codes |
|
ETACCESSCD |
E-TIME: Allows the user to define Access Codes |
|
EMPB |
EM: Allows the user access to EM batches belonging to other users |
|
EMACTRATE |
EM: Allows the user to activate or inactivate equipment rates |
|
GEIMPUSRIV |
EM: Allows the user to see and edit the imported GE Fleet data by other users |
|
EMAUREPLVL |
EM: Allows the user to update Replacement Value for Equipment |
|
FAPB |
FA: Allows the user access to FA batches belonging to other users |
|
FACHGACVAL |
FA: Allows the user to adjust the Asset Acquisition Value |
|
GLVINADPT |
GL: Allow User To View/Update Inactive Departments |
|
GLREOPENYR |
GL: Allow to Reopen Previous Year |
|
GLPB |
GL: Allows the user access to GL batches belonging to other users |
|
GLRECENT |
GL: Allows the user access to GL recurring entries belonging to other users |
|
SUBLGACC |
GL: Allows the user to post to GL Subledger Control Accounts |
|
GLPOSTCUR |
GL: Allows current user to post their own GL batches |
|
HCMAPPLIC |
HCM: Allows Applicant Management module access by employee security |
| HCMCIOACS |
HCM: Allows users to access Clock In Out Application |
|
HCMCOMPENS |
HCM: Allows Compensation Management module access by employee security |
|
HCMHIRING |
HCM: Allows Hiring Requisitions module access by employee security |
|
HCMPERFORM |
HCM: Allows Performance Management module access by employee security |
|
HCMTRAIN |
HCM: Allows Training module access by employee security |
|
HCMPYEMP |
HCM: Allows employee access by employee security |
|
HIRE |
HR: Allows the user to hire an applicant |
|
HRSSNSEC |
HR: Allows the user to view SSN of the Employees. |
|
HRASTRK |
HR: Allows user to Track Assets (Personnel Asset Tracking) without Employee Security. |
|
HRNCDNTDEL |
HR: Allows user to delete an incident report |
|
JBJCREFUPD |
JB: Allow to update reference description on Cost Transaction screen when prepare billing |
|
JBCONTEDIT |
JB: Allows the User to change the Contract code in Job Setup Screen |
|
JBPB |
JB: Allows the user access to JB batches belonging to other users |
|
PSTCHGJB |
JB: Allows the user to change post dates on transactions |
|
JBCONTBUDG |
JB: Allows the user to override budget on the contract |
|
JCCTRLJOB |
JC: Allow control jobs to be created in the job maintenance screen |
|
JCPYSECTOT |
JC: Allows the User to See Un-Secure Totals in JC for Secure Pay Groups |
|
JCPYUNBREV |
JC: Allows the User to See Unbilled Revenue Amount in JC for Secure Pay Groups |
|
JCPB |
JC: Allows the user access to JC batches belonging to other users |
|
JCWOJOBS |
JC: Allows the user to access Work Order Jobs in JC |
|
PSTCHGJC |
JC: Allows the user to change post dates on transactions |
|
JCPHSINS |
JC: Allows the user to create a new Phase/Category on the fly |
|
JCTPFOVERV |
JC: Allows the user to override Earned Revenue Amount in Time Phased Forecast Screen |
|
JCGLPER |
JC: Allows the user to post transactions to a closed period |
|
JCEXQRY |
JC: Allows the user to see Employee Name in JC Executive Query |
|
JCPYINFO |
JC: Allows the user to see PY info in JC for Secure Pay Groups |
|
JCIMPUSRFB |
JC: Allows the user to see and edit the imported Foreign Budget by other users |
|
JCUNOTECHG |
JC: Allows user to change the Units Complete Transactions Notes |
|
JCMUSRIFBH |
JC: Allows user to see and edit the imported foreign batch data of other users |
|
JCMUSRIPQC |
JC: Allows user to see and edit the imported phase qty completion data of other users |
|
JCLCS |
JC: Limit Category Selection to a Single Category in Job Cost Transaction Entry Screen |
|
JCELINE |
JC: Restricts user to not enter E-line in Enter Cost Transactions |
|
JCGLINE |
JC: Restricts user to not enter G-line in Enter Cost Transactions |
|
JCJLINE |
JC: Restricts user to not enter J-line in Enter Cost Transactions |
|
JCWLINE |
JC: Restricts user to not enter W-line in Enter Cost Transactions |
|
MSMRUPDPRC |
MS: Allow override of Price on MS Material Receipt |
|
MSLOCKPDTL |
MS: Allows the user to lock and unlock a price list detail |
|
MSPRICEOVR |
MS: Allows the user to modify the unit price on ticket entry |
|
MSIMPUSRSO |
MS: Allows the user to see and edit the imported sales orders by other users |
|
MSIMPUSRTK |
MS: Allows the user to see and edit the imported tickets by other users |
|
OMNOREQFLD |
OM: Allow User to Bypass Conditionally Required Fields that are Set Up by Sales Stage |
|
PMOWNEQUIP |
PM: Access Own Equipment tab in the PM Daily Report form |
|
PMSYSOPT |
PM: Allows the user access to PM System Options |
|
PMTRNQ |
PM: Allows the user to access Transmittal Records belonging to other users |
|
PMJOUROLAB |
PM: Allows the user to access the Labor Tab within the Daily Journal |
|
PMPROJQST |
PM: Allows the user to access the Questionnaire Tab within the Project Maintenance |
|
PMBIDCRT |
PM: Allows the user to create a bid job from within Project Management |
|
PMJOBCRT |
PM: Allows the user to create a job from within Project Management |
|
PMCRTVEN |
PM: Allows the user to create a vendor from a BP on the fly |
|
PMCMPINF |
PM: Allows user to change overall participation information |
|
PMMRALLJOB |
PM: Allows user to create markup rules for ALL jobs |
|
POUNRECINV |
PO: Allow to unreceive invoiced items |
|
PORCPTVAR |
PO: Allows The User To Exceed Variance On Receipts |
|
POPB |
PO: Allows the user access to batches belonging to other users |
|
POCL |
PO: Allows the user to Open a Closed PO |
|
APPOVAR |
PO: Allows the user to exceed PO Variance when matching PO to Vouchers |
|
POCOQTY |
PO: Validate CO quantity against PO original quantity |
|
PSTCHGPRM |
PRM: Allows the user to change post dates on transactions |
|
PYETIMEDIT |
PY: Allows User to Change E-Time Data in Regular Timesheet |
| PYIMPTSRT | PY: Allow user to import payroll rates in timesheet import |
|
PYIMPUSRBN |
PY: Allows User to Validate/Edit PY Bonus - Adjustments Imported by other Users |
|
PYIMPUSRTM |
PY: Allows User to Validate/Edit PY Timesheet Imported by other Users |
|
PYPB |
PY: Allows the user access to batches belonging to other users |
| PYSUBPER | PY: Allows user to use sub-period field in payroll processing screen |
| PYSUBPPRVW | PY: Allows User to access Sub Period created by other Users |
|
PYTM |
PY: Allows the user access to timesheets belonging to other users |
|
PSTCHGPY |
PY: Allows the user to change post dates on transactions |
|
PYRATE |
PY: Allows the user to see pay rates in the HR Employee Query for Secure Paygroups |
|
PYLBRTR |
PY: Allows the user to transfer timesheet entries to actual timesheet table |
|
PYPAYRATVW |
PY: Allows the user to view pay rates in time sheet screen and reports |
|
PYEDITINV |
PY: Allows user to change system generated AP invoice code before creating and posting AP voucher |
|
PYIMPUSREH |
PY: Allows user to see and edit the imported employee history by other users |
|
PYHISTADJC |
PY: Allow user to change data on Employment History Adjustment screen |
|
PSTCHGPYC |
PYC: Allows the user to change post dates on transactions |
|
RPFULLACCS |
Resource Planning: Full Access |
|
RPREADONLY |
Resource Planning: Read Only Access |
|
PSTCHGSC |
SC: Allows the user to change post dates on transactions |
|
SCPWP |
SC: Allows the user to override the Pay When Paid flag in both AP and SC |
|
SCEBAPST |
SC: Allows the user to post the subcontract or RFP even if exceeds the subcontract budget |
|
SCIMPUSRIC |
SC: Allows the user to see and edit the imported Insurance Compliance by other users. |
|
VENCOMPL |
SC: Update Vendor Compliance |
|
EDREMITADD |
SD: Allow Edit of Secured Remit-To Address |
|
SYSASGNFL |
SD: Allow User to Launch Assignment Form For Form Letters. |
|
SCHREPORT |
SD: Allows the User to Schedule Reports |
|
SESSKILL |
SD: Allows the user permission to Kill Sessions |
|
PRNTFILE |
SD: Allows the user the to Print to File and Send to Spread Sheet |
|
FIELDSEC |
SD: Allows the user to apply field security |
|
CHGDBPSW |
SD: Allows the user to change database password of other users |
|
SYSUSRCRE |
SD: Allows the user to change preferences of other users |
|
UNLCKBYOTH |
SD: Allows the user to change the status of an attachment belonging to other users |
|
ALERTDEF |
SD: Allows the user to define alerts for all users and groups |
|
HSTP |
SD: Allows the user to define host program paths |
|
RELEDIT |
SD: Allows the user to define security on related screens |
|
RPACTDEL |
SD: Allows the user to delete Report Action Status records |
|
EXPINVISBL |
SD: Allows the user to export invisible columns to spreadsheet |
|
ASSIGNROLE |
SD: Allows the user to modify their own security access (excluding User Maintenance Form) |
|
MRGPARTCON |
SD: Allows the user to use the Partner and Contact Merge Utility |
|
RPACTION |
SD: Allows the user to view Report Action Status records for other users |
|
SDCNTPHOTO |
SD: Contact Photo - Upload and Remove |
|
SDDADCSIBP |
SD: Do Not Allow To Delete CSI Record On Business Partner |
|
SDDADCLBP |
SD: Do Not Allow To Delete Classification Record On Business Partner |
|
SDDADMSBP |
SD: Do Not Allow To Delete Market Sector Record On Business Partner |
|
SDDADTERBP |
SD: Do Not Allow To Delete Territory Record On Business Partner |
|
SDDAICSIBP |
SD: Do Not Allow To Insert CSI Record On Business Partner |
|
SDDAICLBP |
SD: Do Not Allow To Insert Classification Record On Business Partner |
|
SDDAIMSBP |
SD: Do Not Allow To Insert Market Sector Record On Business Partner |
|
SDDAITERBP |
SD: Do Not Allow To Insert Territory Record On Business Partner |
|
SDDAUCSIBP |
SD: Do Not Allow To Update CSI Record On Business Partner |
|
SDDAUCLBP |
SD: Do Not Allow To Update Classification Record On Business Partner |
|
SDDAUMSBP |
SD: Do Not Allow To Update Market Sector Record On Business Partner |
|
SDDAUTERBP |
SD: Do Not Allow To Update Territory Record On Business Partner |
|
SHWINACCNT |
SD: Show Inactive Contacts when System Option set to hide them |
| SSERESETEN | SSE: Allows user to reset enrollment in Benefit Enrollment screen |
|
TENANTADM |
SYS: Allow Access to Tenant Administration |
|
SYSLICPOOL |
SYS: Allows the user to edit License Pool data in User Maintenance Screen |
|
SYSNOTES |
SYS: Allows the user to modify notes created by other users |
|
SYSCBPNAME |
SYS: Allows user to change the Customer (Business Partner) Name |
|
UPDCONTPK |
SYS: Change Company/Partner On Contacts |
|
SYSLOGFORM |
SYS: Implement the Forms Security Within Syslogs Forms |
|
UICONSNOTE |
UI Console: Allows the user to Add/Edit Notes in Console Region |
|
UICONSNOTH |
UI Console: Allows the User to Edit/Remove Notes created by other Users |
|
UIRPSVSTD |
UI Report: Allow User To Save Changes To A Report Parameter Definition At The Standard Level |
|
UIREXPORT |
UI Runtime: Allows the user to Export data |
| UIRFTOVER | UI Runtime: Allows the user to Override Runtime Features - Impacts All Programs |
|
UIRIMPORT |
UI Runtime: Allows the user to Import data |
|
UIRIMPALLU |
UI Runtime: Allows the user to work with other users import data |
|
UIRPROPOVR |
UI Runtime: Allows the user to Override Property Default value - Impacts All Programs |
|
WKF_ABORT |
WKF: Allows the user to abort a workflow |
|
PSTOVRRIDE |
WKF: Allows the user to post a non-postable object |
Configuration Privileges
![Sample of the pop-up window launched from the [Configuration Privileges] button](../../../../Resources/Images/SD_12c/Roles_4.png)
Pop-up window launched from the [Configuration Privileges] button on the Roles screen (standard Treeview path: System > Security > Roles > Define Roles)
Click the Configuration Privileges button to launch a pop-up window where the user can indicate the access rights to specific options within the system as they apply to the role being defined (related to Console, ADFs and other items).
To add a configuration privilege, in the Privilege section of the pop-up window, click the privilege’s corresponding Select checkbox.
If customization levels are required for a configuration privilege, they can be defined in the lower half of the pop-up window. Select the configuration privilege in the Privilege section of the pop-up window, then click Insert in the Block Toolbar of the Configuration Privilege Levels section.
Configuration privileges are related to the ability of users to modify various UI Runtime related objects such as Console Layout, UI Logs, UI Treeviews, UI Program Builder, etc.
Note In order to finalize setup of Configuration Privileges, the final settings are required to be defined in the UI Runtime version of User Maintenance (standard Treeview path: System > Security > Users > User Maintenance – Configuration Privileges tab).
The system allows for the specification of the following configuration privileges:
|
Privilege |
Description |
|---|---|
|
CONSOLEDT |
Console: Allow User To Edit Console Definition. |
|
UIHTMLREG |
Console: Allow to create/edit region with embedded HTML. |
|
UIADDLEUDF |
UI Lite Editor: Allow User To Add User Defined Fields Via Lite Editor. |
|
UIRLITEEDT |
UI Lite Editor: Allow User To Edit Program Definition Via Lite Editor. |
|
UILOGCRT |
UI Logs: Allow User To Create A New Log. |
|
UILOGEDT |
UI Logs: Allow User To Save Log Layout. |
|
UIPRCBCRT |
UI Process Builder: Allow User To Create/Edit Custom Process Definition. |
|
UIPRGCRT |
UI Program Builder: Allow User to Create/Edit Program Definition. |
|
UIREPPRMMD |
UI Report: Allow User to Modify Report Parameters Definition. |
|
UITRVEDT |
UI Treeview Builder: Allow User To Edit Treeview Definition. |