Function Access Profiles
Function Access Profiles (FAP) contain permissions to points in the hierarchy of functions, known as access control points (ACPs). The access control points can correspond to general functions, such as Timecard and Schedule, or to individual options, such as birth dates or wage rates.
- Function Access Hierarchy — Suite functions and components are listed on the Function Access Profile pages and can be expanded to display the full hierarchy. Each function, or access control point, has only one parent point. For example, the Timekeeping Employee category is a parent to function areas such as Timestamp for Employee and functions in the timecard such as cancel meal deductions and comments. If you assign Allowed access rights to a parent function, access rights are allowed throughout the functional hierarchy.
- Actions — Access control points have an associated permission action. Actions are operations that employees can perform on the function. Access profiles can have Add, Edit, Delete, and View actions associated with an access control point.
- Access Scope — Access scopes define whether a user is allowed to perform an action. Access scopes include All, All but self, None, Allowed, and Disallowed. Various appears at the parent level when you do no set all child functions to Allow or Disallow.
Create a Function Access Profile
To create a Function Access Profile, complete the following steps:
Warning: Do not modify the predefined function access profiles. Following an upgrade, modified predefined function access profiles cause problems with the access privileges of the employees who are assigned the predefined profile. To use a predefined function access profile as a model for a new profile, use Duplicate to create a copy. Then give the copy a unique name and modify the appropriate data.
- Click New on the Function Access Profiles page.
- Enter a Name.
- (Optional) Enter a Description.
- Select a category:
- Everyone ACPs — Access to items that all employees may need; for example, ad hoc entries.
- Employee — Access to suite applications as an employee.
- Manager - Department Manager ACPs — Access to suite applications as a manager.
- Manager - Common Setup ACPs — Access to set up and configure the suite application.
- Manager - System Configuration ACPs — Access to configure and maintain suite system settings and setup.
- FAP APIs — Access to the Application Program Interface, which allows clients to integrate their systems into suite applications.
- Within the category, select an access control point and then select Allowed or Disallowed.
- Continue to select access control points until the profile is complete.
- When finished, click Save.
- When you change an ACP within a Function Access Profile, it may take several minutes for the changed access to become available to the assigned user.
- All functions are associated with entitlements. If you have not purchased the applicable entitlement, it does not appear in the Access Scope hierarchy.
- In the Function Access Profile Access Control table, a plus sign (+) indicates that there are subfunctions or access control points. You can set the access for all access control points by selecting Allowed or Disallowed. To select different access at different points, select Various.
- Definitions display information about the profiled function, including the function name and a description of the access that is controlled.