Set Up and Maintain Users, Administration, Security - Materials Management and Financials Version

Contents

This topic discusses:

Links to related topics:

Other topics for administrators:

Search Online Doc
Current Release Notes

Overview

The Work in Administration menu contains the tools for system administration at your site. In particular, the user administration panels allow you to define new users and give them access to the areas in which they will work. The user administration feature is located in the Administration contents, and includes several areas: Data Profiles, Report Profiles, Roles, Users, and User Settings. You must be a system administrator to access the Administration contents.

To set up a user at your site, you need to enter identifying information and system feature authorizations into the person's user profile. A user profile is the repository for user identity information, and for the security settings and permissions that give the user access to system capabilities and organizational/department data. A user profile includes the user’s name, ID, password, email address, etc. When you create a new user profile for a staff member, you assign the user a role and a data profile.

Note: If your site uses SSO (single sign on), user profile details are added once the single sign on credentials for the user are established. Your Premier Consultant can assist. (See the discussion below.)

A role specifies task and ERP feature areas -- called role objects -- that users assigned to the role may work with. For example, the Buyer role includes the Approval role object. The DistributionClerk role includes the role objects Distribution (picking/issuing) and Receiving, among others. Roles determine the features and functions that a user can access. Several roles are provided for your use when the system is implemented, but you can edit these, copy them, and create others.

Each user profile also has a data profile associated with it. A data profile specifies the regions, organizations, and departments whose data the user can work with.

A user's assigned report profile makes the appropriate reports accessible to the user. You will want to restrict users from creating and running certain types of reports, and allow them to create and run other reports. For example, check printing runs in the system as a report. Most likely, you will want to authorize only a few users to print checks. Similarly, only a few users in each department will need the Department Expense Report.

Users who do not have a report profile assigned can access all reports. When the System Values field All Users Have Authority to All Reports is set, users can access all reports that they created, and all shared reports. Active Reports (such as the Inventory Transaction Register in Materials Management) are not affected by the Report Profile value. All expense reports are governed by the Report Profile.

For any user, certain functions -- such as working with patient information, approving requisitions, and posting journal vouchers to the General Ledger -- need authorizations set in the user's profile. User authorization settings, limits, and similar types of user profile information are in this section as well.

Mobile Applications on the iPad

Security for iPad ERP applications has some unique considerations, but also includes roles, data profiles, and user authorizations described in this document. You may wish to refer to the topic Mobile Application Security Administration.

Setting Up Vendors' Users

Some sites may wish to give a vendor's users access to the vendor's purchase orders in their supply chain data. If you are the administrator responsible for this task, the steps are similar to setting up any other user, except that a Vendor Security Code must be created and included in the vendor record. The Vendor Security Code is also specified on the data profile assigned to the vendor's users. A new role (VendorAccess) is also available. Instructions for this setup situation are in a separate topic: Setting Up Vendor Access to Supply Chain. However, we recommend that you read the information below to get the "big picture" of user setup and to understand the different terms.

HIPAA Requirements: User Authentication and Protection of Patient Data

Features are built into the system to ensure the privacy of electronic protected health records (ePHI), in compliance with HIPAA requirements.

Key areas of the application have been designed to protect patient data:

A detailed discussion with examples is available in the chapter "Securing Electronic Protected Health Information."

Work with User Roles

When your system was implemented, several user roles were defined. You can assign these roles to users at your site, as needed, and you can create new roles as well. For quick setup of users, copy a role template. Then, edit the copy to tailor the role to your own needs. See Quick User Role Setup.

To view roles and role objects for your site,

  1. From Work in Administration on the main Contents, Administration > Roles.
    The list of roles appears. Figure 1 is an example from the middle of a list.

Figure 1 - Sample List of User Roles

Role objects define the features that users in a particular role can access. For example, the APClerk role encompasses the role object Invoicing. This role object allows an AP clerk to match invoices. The Buyer role, for instance, includes the role object Approval. This role object allows a buyer to approve requisitions. Figure 2 is a list of role objects for the DistributionClerk role:

  1. To view the role objects associated with a role, next to the role, click Role Objects.
    The Role Objects list appears (Figure 2).

Figure 2 - Role Objects for Distribution Clerk role

Users in different roles may have different levels of access set for the same role object. For instance, in some organizations, both a distribution clerk and a buyer may work with purchase orders (Purchasing is the role object.) But, the buyer needs to create POs, whereas the distribution clerk may only need to view POs occasionally. For the Purchasing role object, then, the Administrator defines a security level of View for the DistributionClerk role (Figure 2) and Create for the Buyer role. Security levels from greatest to least scope are:

All - Users can delete, create, modify, or view data.

Create - Users can view, modify, or create data. For Item Add, for example, users with the create security level can create new items, and can copy items as well, but they cannot delete items.

Modify - Users can change the data.

View - Users in the role can view the data, but not change it in any way.

None - Users have no access to the data or function.

If a user has a security level of None for a given role object (for example, the ItemAdd role object), then the functions (Consolidate Item Add and others) that the role object controls do not appear on the menu for that user. You can customize the menu for any user in other ways, as described in Customizing the Table of Contents for a Role.

A discussion of role objects for Sourcing and Contract Management is in the section Role objects associated with Sourcing and Contract Management.

View Role Objects and the Application Features Associated With Each

To view the actions/features allowed by each role object, click Menu > Has Access To... next to any role object in the list (Figure 2). The allowed actions/features for the role object appear (Figure 3). Figure 3 displays the first page of accessible actions for the Purchasing role object in the DistributionClerk role.

Figure 3 - Actions Allowed for Role Object Purchasing for Role Distribution Clerk

System administrators can view the role objects and the features for each in Microsoft Excel worksheet form. Worksheet details include the role object setting (e.g., View, Modify, Create, All, None) assigned to each user Role at a site. The features or activities that the setting allows are specified by check marks.
Note: The spreadsheet is read-only. You cannot modify its contents.

To view role objects and features/activities allowed for each role,

  1. From the Work in Administration main Contents, select Administration > Roles, Security Worksheets.
    A window appears asking if you would like to open or download the worksheet.
  1. Click Open. (You can also Save the worksheet to a local folder, if you wish.)

The Role Objects worksheet appears. Figure 4 is an example of part of the worksheet for a site.

Figure 4 - Part of the Role Objects Worksheet

In the A column, the worksheet displays the role object "Vendors." The B column contains each feature/action that the role object controls. Subsequent columns are minimum settings for each role object and the different user Roles at the site. Under each Role is the role object setting for that role, and the features/actions that are "turned on" by the setting, specified as check marks.

In Figure 4, for example, two roles "AP Clerk" (orange) and "Buyer2" (red) have the settings Modify and All, respectively, for the role object "Vendors". Reading down the worksheet columns, AP Clerk has a check in the row Add Vendor Select Type\ Edit*, but not in the row Add Vendor Select Type\ New*. The Modify setting allows users with the AP Clerk role to edit vendor records, but not to create them.

Compare the AP Clerk role to the Buyer2 role. Buyer2 has the setting All for the "Vendors" role object. Buyer2 can edit vendor records, but can also create vendor records, as specified by the check in the row Add Vendor Select Type\ New*.

Note: With the role objects "Maintain Item Catalog" and "Maintain Item Inventory," a chart lists the panels and capabilities governed.

To create a new role,

A. Enter the header information

  1. From Work in Administration on the main Contents, select Administration > Roles. The Roles list appears.
  2. Click New.
    The Role header panel appears (Figure 5).

Figure 5 - Header Panel for Creating a New Role

  1. Complete the fields on the header as needed.
    The Default TOC is a required field. You can customize the table of contents to omit contents that users in the role will not need.
  2. Click Submit.
    The Roles list reappears.
  3. Click Refresh.
    You can now see the new role.
  4. To leave the Roles list, click Back or close the tab on Internet Explorer.

B. Assign role objects and security levels to the new role.

  1. Locate the role that you created on the Roles list.
  2. Select Role Objects. The list of role objects appears.
  3. Review the list for each role object to determine if you want to change the Security Level. The security levels have an initial default of All (unless you have copied a role).
  4. Click Refresh to see the changed security level.

C. Create a customized main Contents for the role

If you need to, you can create a customized main contents for a role. The customized contents lets users with that Role only see areas of the system that you want them to see.

Special Role Objects for Departmental Records

Sites would like the ability to control which users are able to display and edit departmental data. Department records are available from this location: Materials Management main Contents > Requisitioning > Departments.

The role object DeptReqView controls users' ability to create, edit, and view department records. This new role object works in tandem with the role object DeptReq to provide access as follows in Table 1:

Table 1 - Role Objects that Control Departmental Records

Role Object Setting (All, Create, Modify, View, or None)

DeptReq

DeptReqView

 

All

View/None

Cannot create a new department.
View Only - Fields on all tabs are grayed out.

Create

View/None

Modify

View/None

View

View/None

None

View/None

Will not be able to access a department. The Departments menu option is removed from the Contents.

All

Modify/Create/All

Will be able to create, edit and delete departments.

Create

Modify/Create/All

Can create and edit departments.

Modify

Modify/Create/All

Can edit departments.

View

Modify/Create/All

Cannot create a new department.
View Only - Fields on all tabs are grayed out.

None

Modify/Create/All

Will not be able to access a department. The Departments menu option is removed from the Contents.

Customize a Table of Contents for a Role

You can restrict users' access so that users in certain roles do not see parts of the system that they do not work with. The Contents that these users do see only contains the allowed features. Notice that the last column in the Figure 1 Roles list - Web Default TOC - contains the default table of contents for users assigned to each role. You customize the table of contents for a role by omitting menu areas.

To customize a table of contents,

  1. From Work in Administration on the main Contents, select Administration > Roles. The Roles list appears (Figure 1).
  2. Locate the role for which you want to create a customized main Contents.
  3. Click Menu > Omitted Menu Options.
    The Menu Options Omitted list appears. (No Data appears if no menu options have been omitted for the role.)
  4. Click New.
    The Omit Menu Options by Role selection panel appears. (Figure 6).

Figure 6 - Omit Role Menu Options: Select Panel for Customizing a Role's Contents

  1. Select the checkbox next to any menu item that you wish to exclude. Users assigned to the role will not see menu items that you select.
    If you wish to allow a user to access a menu item that is on this list, unselect the item.
    Note: The menu options are listed on several pages. Be sure to scroll forward so that you do not miss any.

  2. Click Submit.
    The Menu Options Omitted list appears.
  3. To view the menu items that you have omitted, click Refresh

Reports on User Roles

You can create reports on the security roles and role objects defined for users at your site. The "Security Roles and Objects" Report Object is available for creating the reports. See the discussion of Creating Custom Reports for instructions.

Work with Data Profiles

Data profiles specify the region, organization, department, and asset location data that a user may access. For example, a buyer's data profile identifies which organizations/departments the buyer can make purchases for. Each organization and department in a hospital has its own data records.

To create a data profile,

A. Create the profile header

  1. From Work in Administration, select Administration > Data Profiles. The Data Profiles list appears (Figure 7).

Figure 7 - Sample Data Profiles List

  1. Click New. The Data Profiles header appears.

  2. Complete the fields in the header.
  1. Click Submit. The Data Profiles list reappears.
  2. Click Refresh to view the new data profile header.

B. Select/Omit Organizations

Several system features (such as inter-organizational processing of inventory) require access to multiple organizations' data. A user's job function (such as an accounts payable manager) may also require access to several organizations' records. Permissions for access to organizations' data are set in the user's data profile.

  1. Select Administration > Data Profiles.
  2. Locate the data profile header that you created using the Data Profile header panel.
  3. Click Menu > Valid Organizations. No Data appears.
  4. Click New. A list of organizations appears (Figure 8).

Figure 8 - Data Profile Organizations Select List

  1. Select the checkboxes next to any organizations that you wish to include in the data profile. Users assigned to the data profile will have access to information for the organizations selected.
  2. If your site identifies geographic regions, click the Regions tab and select the regions to be included in the data profile.
  3. Click Submit. The Data Profiles list appears.
  4. Click Refresh to view your new list of organizations.

C. Select/Omit Departments

Many users -- such as distribution clerks who do par cart processing, or financial staff who handle accounts -- need access to data for departments other than their own department. To access data for different departments, permissions must be set in the user's data profile. Similarly, some users -- such as warehouse staff who work with multiple inventories -- need access to multiple asset locations' data. This section explains setting permissions for department data access. Following this section are instructions for setting permissions to asset location data. (The instructions assume that you currently have no permissions set.)

  1. Select Administration > Data Profiles.
  2. Locate the data profile that you created using the Data Profile header panel.
  3. Click Menu > Valid Departments. No Data appears.
  4. Click New. A list of departments appears (Figure 9).

Figure 9 - Data Profile Department Select List

  1. Select the checkboxes next to any departments that you wish to include in the data profile. Users assigned to the data profile will have access to information for the departments selected.

  2. Click Submit. The Data Profiles list reappears.
  3. Click Refresh to view the list of departments.

D. Select/Omit Asset Locations

  1. Select Administration > Data Profiles.
  2. Locate the data profile that you created using the Data Profile header panel.
  3. Click Menu > Valid Asset Locations. No Data appears.
  4. Click New. A list of asset locations appears (Figure 10).

Figure 10 - Data Profile Asset Location Select List

  1. Select the checkboxes next to any asset locations that you wish to include in the data profile. Users assigned to the data profile will have access to the asset location(s) selected.

  2. Click Submit. The Data Profiles list appears.
  3. Click Refresh to view the list of asset locations.

Restricting Users from Editing Asset Location Records and Item Inventory Records

You can adjust user security so that a user can order items from multiple asset locations, without necessarily being able to maintain those asset locations.

The field Allow Changes to Asset Location and Inventory (Figure 11) on the Data Profile Asset Location panel controls the user's ability to edit asset location records and item inventory records for an asset location.

Figure 11 - The Data Profile Asset Location Panel with the "Allow Changes to Asset Location" Field

The field Allow Changes to Asset Location and Inventory also controls access to these menu options from the Item Inventory - All Locations menu (Figure 12):

Menu Option

- Department Backorders
- Item Vendor(s)
- Adjust Inventory
- Reset Mixed UOM Conversion
- Set Multi-Source
- Set Single Source
- Override Default UOMs for Primary Supplier (new)    
- Delete
- Lot Tracking
- Edit

Figure 12 - Item Inventory - All Locations Menu

On the User Profile Authorities tab, the field Allow Pipeline Days Reset controls access to the menu option Reset Stock Item Pipeline Days on the item inventory menu (Figure 13).
For details, see Pipeline Days in the inventory edit chapter.

Figure 13 - Resetting the Pipeline Days for a Stock Item

Note: Also, the Inventory role object (Maintain Item Inventory ) must have its security level set to View (or higher), and must be included in the role that is assigned to your User ID. To be able to change Item Inventory information, the Inventory role object (Maintain Item Inventory ) must be set to Modify (or higher).

To display the Data Profile Asset Location panel and change the setting in Allow Changes to Asset Location and Inventory,

(Note: This procedure requires System Administrator privileges.)

  1. From the Work in Administration main Contents, select Administration > Data Profiles.
    The list of data profiles appears.
  2. Locate the data profile of interest in the list.
  3. Click Menu > Valid Asset Locations.
  4. Locate the asset location of interest.
  5. Next to the asset location, click the edit icon or Menu > Edit.
    The Data Profile Asset Location panel appears.
  6. Unselect (or re-select) the box for the field Allow Changes to Asset Location and Inventory.
  7. Click Save and Submit.

Payroll Account Security

Security for payroll journal vouchers lets managers prevent a user from viewing imported journal voucher payroll data for specified organizations/departments, while retaining visibility to other types of journal vouchers for a department.

This security feature covers both payroll accounts and statistical payroll accounts, and applies to ERP departments only (not SCM departments). It applies to imported journal vouchers whose Journal Voucher Type is Payroll. (Manually created journal vouchers cannot be defined with the Journal Voucher Type of Payroll.)

Enabling a User’s Restriction for Payroll Data

Security is set in these areas:

  1. In a Data Profile, selecting/unselecting a flag that governs access to payroll JVs for any department/organization in the Data Profile. For any selected departments, any user assigned the Data Profile cannot see payroll journal voucher details, but can display details for other types of journal vouchers.
  2. In a user’s role through the role objects PayJV (General Ledger Payroll Journal Vouchers) and PayJVDtl (General Ledger Payroll Journal Vouchers Detail).
  3. Selecting the field Allow Access to Payroll Journal Voucher Detail on the User Profile GL Limits tabbed panel (Figure 14). (Work in Administration > Administration > Users > edit > GL Limits)

Figure 14 - The User Profile Field That Allows Access to Payroll Data

Important:  The permission for payroll data by department (in a Data Profile), the appropriate values on the role objects, and the flag on the GL Limits panel must be set for a user to access payroll data.

To set the flag to allow payroll data access for a department,
  1. From the Work in Administration main Contents, select Data Profiles. The list appears.
  2. Locate the Data Profile of interest.
  3. Click Menu > Restrict Access to JV Payroll  (Figure 15).

Figure 15 - Data Profiles Menu Item for Restricting Payroll Access

The Restrict Access to JV Payroll panel opens with a list of departments and organizations included in the Data Profile (Figure 16). In Figure 16, the departments where payroll data access is allowed are in the green box. The red box indicates departments where payroll data access is not allowed.

Figure 16 - Granting Payroll Information Access to Data Profile Departments

In the Restrict Access to JV Payroll panel General tab, in the center, the Selection Criteria box is initially blank. You can set the selection criteria to Select All, or when any departments are selected, UnSelect All.

  1. In the Select column, check any organization/department  for which you wish to deny access to payroll details.
    Unchecked departments will have payroll details available to users assigned the Data Profile. The default is “unchecked.”
  2. Alternately, to deny payroll data access to all departments in the list,  set the Selection Criteria box to Select All.

Note: If you add an organization/department to a  Data Profile, the new department’s  flag for access to payroll data will be unselected; i.e.,  “allowed.” If you need to restrict access to payroll data for the newly added department, return to the Restrict Access to JV Payroll panel and  check the Select box.

Access to payroll data for users who have department access is controlled in the application in several areas, outlined in the journal vouchers topic Application Areas Controlled for Payroll JV Access.

Working with Report Profiles

A user's ability to create, run, and view reports depends on whether a report profile is assigned to an User ID; and if so, which report profile. A report profile limits the reports that a user can access, so that not all users at a site will be authorized for all reports.

A report profile contains Report Objects that specify data areas for reports; for example, Discounts Taken and Lost, Check Printing, Department Expense Report, and Contract Statistics, among many others. Access options for reports for any user are:

To create a report profile,

  1. From Work in Administration on the main Contents, select Administration > Report Profiles. The Report Profiles list appears
  2. Click New. The Report Profiles header appears. (No Data appears if no report profiles are defined.)
  3. Complete the fields in the header.
  4. Click Submit. The Report Profiles list reappears.
  5. Click Refresh to view the new Report Profile header.
  6. On the list next to the report profile header that you created, select Menu > Report Objects.
    No Data appears.
  7. Click New. The list of report objects appears.
  8. Review the list and click the Select column to add report objects to the report profile.
  9. Click Save to save the Report Objects to the report profile.
  10. Click Submit when you are finished adding Report Objects.
    The Report Objects list is displayed. (You can refresh the list by clicking Refresh.)
  11. Click Back to return to the Report Profiles list.

Work with Welcome Page Gauge Profiles

The ERP "Welcome Page" dashboard contains gauges -- charts and graphs -- that display supply chain key indicators. To be able to view gauges, a user must have the specific gauges of interest authorized in a gauge profile. Each gauge profile contains permission for one or more gauges. You can create gauge profiles as needed, and assign them to users. The "Welcome Page" dashboard is not visible to a user until the user has been assigned a gauge profile.

Note: If you wish to use the ERP "Welcome Page" dashboard feature, contact the Help Desk. This feature must be enabled via the Help Desk's administration setting Display ERP Gauges on Welcome Page. Once the Help Desk turns on the feature, you can begin setting up your own gauge profiles.

To create a gauge profile,

  1. From the  ERP main contents (Figure 17), select Work in Administration > Administration > Gauge Profiles.

Figure 17 - The Gauge Profile Setup Link on the Administration Menu

The list of available gauge profiles appears (Figure 18), or No Data if none have been created.

Figure 18 - List of Existing Gauge Profiles at a Site

  1. Click New. A header appears for you to enter the gauge profile name and description.
  2. Enter a Gauge Profile name and a Description (Figure 19).

Figure 19 - Gauge Profile Header Panel

  1. Click Submit.
    A panel of available gauges for the "Welcome Page" appears (Figure 20).

Figure 20 - List of Gauges for Including in a Gauge Profile

  1. On the Select Gauges tabbed panel, click the Select box next to the gauges that you wish to include in the profile.
  2. Click Save.
  3. Click the Select Users tab. A list of users by User ID appears (Figure 21).
    - You can sort the list to locate any particular users, or use the Position to link .

Figure 21 - List of Users for Assigning a Gauge Profile

  1. Click the Select box next to the users to whom you are assigning the gauge profile.
  2. Click Submit. The application returns to the list of gauges.
  3. Click Refresh to view the new profile on the list.
    If you wish to assign a gauge profile to additional users, you can re-open the Select Users panel, and make additional assignments, or, more easily, you can enter the gauge profile on each individual user profile (User Roles panel).

Work with User Profiles

For each user at your site, you establish a user profile that contains the user's Role, Data Profile, Report Profile, Gauge Profile (if the "Welcome Page" gauges are enabled at your site), permissions, limits, and authorizations. The authorizations and permissions that you set for a user depend on the user's job, and on the role you have defined for the user. Previous sections of this topic explained how to create a role, a data profile, and a report profile, and a gauge profile. This section discusses how to view user information, create new user profiles, and specify the user settings.

User Lists - Security

The contents of user lists is restricted by data profile and default organization. Table 2 displays user lists that are subject to data profile organizations and departments. The path to each list is in the corresponding columns.

Table 2 - Paths to Users Lists

List Path
Users List Work in Administration > Administration > Users
Users by Data Profile Work in Administration > Data Profiles > Menu > View Users
Users by Report Profile Work in Administration > Report Profiles > Menu > View Users
Users by Role Work in Administration > Roles > Menu > Users
Users by Role (Inquiry) Work in Administration > Roles > i > click Users tab

Example
Carolina Health Systems has organizations 001, 002, 003, 004, 005.

- User X has the data profile "East Coast" which can access organizations 001, 002, and 004 only. When this user opens the Users list, she can only see users whose default organization is either organization 001, 002, or 004.
- User Y has the data profile "ALLDATA" which can access all 5 organizations. When User Y opens the Users list, he sees users for all five organizations.

To view the list of users,

Figure 22 - Users List

To view user settings,

  1. From Work in Administration on the main Contents, select Administration > Users. The list of users appears.
  2. Click Menu next to the user's ID.

To add a new user,

A. Create the user ID

This step shows you how to enter basic information for the user's profile.

  1. From Work in Administration on the main Contents, select Administration > Users.
    The list of users appears.
  2. Click New. The Users edit panel appears (Figure 23).

Figure 23 - New User Information Panel

  1. Enter information in fields on the General panel as needed. (The User ID field is required.)
    Click Help for an explanation of fields on the General panel.

  2. Click Save.
    Next, you will enter the user's role.
B. Specify the user's role, data profile, report profile, and gauge profile:
  1. From the Users panel, click the User Roles tab.
    The User Roles panel appears (Figure 24).
    On this panel, select a user Role, a Data Profile, and a Report Profile.

Figure 24 - User Roles Panel

If the "Welcome Page" dashboard is turned on for your site, the Gauge Profile field appears under the Report Profile (Figure 25A). Otherwise, if the dashboard is not enabled, Gauge Profile does not appear.

Figure 25 - User Roles Panel- Gauge Profile Field

  1. Click the prompt following Role to select a role for the user.
  2. Click the prompt following Data Profile to select the user's data profile. A data profile specifies the organization(s) and department(s) whose records the user can work with.
  3. Sourcing and Contract Management users who manage services contracts: the Security Level field specifies the user's security level for working with Sourcing and Contract Management services contracts. If your site does not have Sourcing and Contract Management, or the user does not work with services contracts, you can ignore this field, and leave the default setting in place. Otherwise, for details, see "Shared Services Contract Security."
  4. Click the prompt following Report Profile to select the type(s) of reports that the user can work with.
  5. If the "Welcome Page" dashboard is enabled at your site, select the Gauge Profile for the user (Figure 25A). See the instructions for setting up gauge profiles.
  6. If the user is a buyer, requisition approver, journal voucher approver, invoice approver, requester, administrator, storeroom manager, distribution technician, or works in your financial area, select the appropriate field(s).

Notes about the relationship between roles and "User is ..." fields: If you have a role that identifies the user as a Buyer, for example, you might wonder why you should also select User is Buyer on the Users panel. The reason is that clicking User is Buyer puts the person on the select list of buyers. This list appears when the Buyer field prompt is clicked; for example, when someone creates a purchase order, and needs to identify the buyer. Similarly, for requisition approvers, invoice approvers, and journal voucher approvers, selecting the field on this panel makes the user available from a select list.

The following topics provide details on setting up approvers and approver groups, and the types of application transactions that can be subjected to approvals.
- Journal voucher approvers, see the GL Limits tab (on this page) and the topic "Journal Voucher Approvals Processing."
- Buyers, Requisition Approvers, Invoice Approvers, Check Request Approvers, see "Set Up Approvers and Approver Groups."
- Requisition approvers, also see "Requisition Approval Processing by Cost, Commodity Code and Item Type."
- Invoice approvers, also see "Invoice Approval Processing."

C. Enter restrictions and authorizations for the user.

The remaining tabbed panels -- Requester Limits, Buyer Limits, Approver Limits, AP Limits, Authorities, and GL Limits -- allow you to enter restrictions and permissions for the user. These restrictions and permissions depend on the user's role; whether the user is a buyer, approver, requester, etc.; the type of data the user works with; and the structure of your Materials and Financial organizations.

  1. Review information on the remaining tabbed panels and enter/select fields as appropriate for the user.
  2. When you have finished entering all the data to set up the user, click Save.
    Note: You can click Save at any time while you are entering information.

  3. Click Submit.
    The Users list reappears. (Clicking Refresh displays the list with the new user added.)

Table 3 - Sample Roles and Permission Fields

Role Tabbed Panels Permission Fields
AdminUser Roles

Authorities
User is Administrator

Perform Table Maintenance
Perform Security Maintenance
Others as appropriate.
APClerk General

User Roles



AP Limits
Authorities
GL Limits
Hide ePHI Data (if appropriate)

User is Financial Personnel

User is Invoice Approver (if appropriate).

As appropriate
As appropriate
As appropriate
APManager General

User Roles

Authorities




AP Limits
GL Limits
Hide ePHI Data (if appropriate)

User is Financial Personnel

Perform Table Maintenance
Allow Override Discount Terms
Allow Override Payment Terms

others as appropriate.
All
As appropriate. (Could include all.)
Buyer User Roles


Authorities
User is Buyer
Other fields, as appropriate.

As appropriate.
Buyer requires special set up on several panels.
See " Set Up Approvers and Approval Groups" for details.
DeptManager User Roles


Requester Limits
Approver Limits   
Authorities
User is Requester
User is Requisition Approver,
as appropriate.

As appropriate, if User is Requester

All, if User is Requisition Approver.
See "Requisition Approval Processing by Cost, Commodity Code, and Item Type."

Set Asset Location Restricted if appropriate.
DeptSecy User Roles:

Requester Limits
User is Requester

As appropriate
DistributionClerk General




User Roles

Authorities
Hide ePHI Data, if appropriate.

Hide Financial Data

User is Distribution Technician

As appropriate:
Asset Location Restricted
Perform Table Maintenance
Receive Inventory
Blind Receiving
Allow Inventory Quick Issue
Allow Inventory Charge Only Quick Issue
Allow Order Guide Quick Issue
Allow Dept to Dept Quick Credit
Allow Dept to Vendor Quick Credit
Allow Inventory Adjustments During Pick Confirm
MMManager General

User Roles


Requester Limits
Approver Limits

Authorities
Hide Financial Data, if appropriate.

As appropriate, depending on your Materials organization's structure.

Set the dollar limits high enough to cover this user's authority.

If this user approves requisitions, you will need to assign an approver buddy.

As appropriate, depending on your Materials organization's structure, but likely fields include:
Authorize Purchase Orders
Perform Table Maintenance
Perform Security Maintenance
Receive Inventory
Allow UOM Changes on Req Created from Order Guide
Allow Override Discount Terms
Allow Override Pay To Vendors
Allow Item Vendor Unit Price Change from PO
Allow Inventory Quick Issue
Allow Inventory Charge Only Quick Issue
Allow Order Guide Quick Issue
Allow Override Dept Charge To
Allow Dept to Dept Quick Credit
Allow Dept to Vendor Quick Credit
Allow Override Payment Terms
Allow Inventory Adjustments During Pick Confirm
Allow Vendor Merge
Receiver General


User Roles

Authorities
Hide ePHI Data, if appropriate.
Hide Financial Data

User is Distribution Technician

As appropriate:
Asset Location Restricted
Perform Table Maintenance
Receive Inventory
Blind Receiving
Allow Inventory Quick Issue
Allow Inventory Charge Only Quick Issue
Allow Order Guide Quick Issue
Allow Dept to Dept Quick Credit
Allow Dept to Vendor Quick Credit
Allow Inventory Adjustments During Pick Confirm
Requisitioner General


User Roles

Requester Limits
Hide ePHI Data, if appropriate.
Hide Financial Data

User is Requester

- Set one of the following pair of fields (but not both):
Requisition Direct Approval User or
Requisition Approver Group
- Enter dollar amounts in the following fields if you wish the requester to be able
to make requests under those amounts without approval.
- Zero dollars entered in these fields means approval is required for all amounts.
- Very high values means that no approval is needed. (See the discussion below for specifics.)

- The fields are:
Automatically Approve Req Item Cost Under
Automatically Approve Req Line Extended Cost Under
Automatically Approve Req Total Cost Under
Requisition Non File Approver/Buyer

- If appropriate, select:
Stock Item Approval Required
Non-Stock Item Approval Required
Non-File Item Approval Required

- Select the Approval Notify Action.
WarehouseMgr General

User Roles


Requester Limits

Authorities
Hide Financial Data, if appropriate.

User is Storeroom Manager
User is Requester
(if the user opens requisitions)

As appropriate, if User is Requester

Perform Table Maintenance
Receive Inventory
Allow UOM Changes on Req Created from Order Guide
Blind Receiving
Allow Inventory Quick Issue
Allow Inventory Charge Only Quick Issue
Allow Order Guide Quick Issue
Allow Override Dept Charge To
Allow Dept to Dept Quick Credit
Allow Dept to Vendor Quick Credit
Allow Inventory Adjustments During Pick Confirm

Setting Requester Limits:

You can create user profiles with requisition approval requirements and limits. For example, some requesters may not need approval for stock item requisitions, but will need all non-stock item requests approved. Other requesters may need approval for stock items that cost more than a certain amount. A few requesters may only need non-file requisitions approved. For each user who creates requisitions, you assign one or more requisition approvers. Approvers review requisitions that are routed to them, and approve or reject the requisitions.

A Requisition Approver Group is a collection of users who approve requisitions and other application elements (such as invoices). Requisitions are routed through an approver group based on the cost of the requisition, and each member's approval dollar limit. See "Set Up Buyers, Approvers, and Approver Groups."

Some sites may also assign requests to approvers based on the commodity codes of items requested. This situation is covered by the commodity code processing area. You may wish to read "Requisition Approval Processing by Cost, Commodity Code and Item Type" to understand commodity codes and the requisition approvals process.

On a departmental basis, approval profiles let you define how a requisition line qualifies for approvals, independently of individual users' settings. Approval profiles contain the item types (stock, non-stock, non-file) and dollar limits for requisitions. Once created, an approval profile can be assigned to an entire department for the department's requesters. In this way, you can avoid maintaining approval data for multiple individual requesters who all have the same approval requirements because they belong to the same department. Details are in the section Settings for departmental requesters.

Note: If a user belongs to a department that has an approval profile assigned, the approval profile takes precedence over the individual user's settings for requisitions.

To set requester limits,

  1. Click the Requester Limits tab.
    The Requester Limits panel appears (Figure 26).
    This panel is used for several purposes:
  2. Enter values in the fields on the Requester Limits panel.

    Figure 26 and Figure 27 are examples of how the Requester Limits panel can be used. Figure 26 shows a user who can request stock requisitions without approval, up to dollar limits. After that, the requester needs approvals for stock items. Figure 27 shows a requester with no approval dollar limits. When you are finished reviewing the examples below, complete the fields on the panel as relevant for your user:

Sample settings for a requester with limits

In Figure 26, note that the Stock Item Approval Required field is unselected. The Non-Stock Item Approval Required and the Non-Stock Item Approval Required boxes are selected. The defined dollar limits are: item cost under $75.00, extended line cost under $650.00, and total cost under $2400.00.

Figure 26 - Requester Limits Panel with Approval Limits

This user does not need approval for stock requisitions under the Total Cost dollar limit. The user also does not need approval for non-stock and non-file requisitions under the Item Cost and Extended Line Cost dollar limits.

This user does need approval for:

The red arrow indicates a flag that would limit the user to Non File Requisitions only.

Sample settings for a requester without limits

Figure 27 has settings for a user who does not need request approvals on the basis of dollar limits for any item type. Notice that neither the Requisition Direct Approval User field nor Requisition Approver Group has a value. (Stock and non-stock item requisitions are automatically approved.)

Figure 27 - Requester Limits Panel without Approval Limits

Setting Buyer Limits

Setting up buyers is a process that requires entries in several areas, as well as in the user profile. (For example, a buyer must be associated with each organization at your site.) See "Set Up Buyers, Approvers, and Approval Groups."

To set dollar limits for buyers,

The steps below assign dollar limits to a buyer. The buyer can authorize purchase orders for items with an item cost up to the amount entered in the PO Item Cost Limit field. The limit for the line cost that a buyer can authorize is in the PO Line Extended Cost Limit. The total amount for a PO that the buyer can authorize is specified in the PO Total Cost Limit.

  1. From Work in Administration on the main Contents, select Administration > Users. The list of users at your site appears.
  2. Locate the user that you are interested in and click the edit icon () next to the User ID. The Users edit panel appears.
  3. Click the Buyer Limits tab. The Buyer Limits panel appears (Figure 28). Edit the information as needed.

Figure 28 - Dollar Limits that a Buyer Can Approve

In Figure 28, the buyer can approve POs containing items that cost up to $6,999.00 per item. The total dollar amount for a line on a PO that the buyer can approve is $69,999.00. The buyer can approve purchase orders with a total up to $699,999.00. This buyer is allowed to approve price changes on items up to $3.00.

  1. Enter new limits in the fields on the Buyer Limits panel.
  2. Click Save to save the dollar limits.
  3. You can move on to the Approver Limits tab, or select Submit to return to the Users list.

No Dollar Limit Authorization

If you wish to give a buyer no dollar limit, enter 9,999,999.00 in the fields for PO Item Cost Limit, PO Line Extended Cost Limit, and PO Total Cost Limit.

Setting Approver Limits

For each person who approves requisitions, invoices, check requests, journal vouchers, or vendors, you may wish to identify another user as an "approver buddy." An Approver Buddy performs the work of an approver if the approver is out of the office. The person can set his/her status as out-of-office when leaving for a vacation or trip, and the Approver Buddies will be routed the person's approvals.

To set approver limits and notifications,

  1. From Work in Administration on the main Contents, select Administration > Users. The list of users at your site appears.
  2. Locate the user that you are interested in and click the edit icon () next to the User ID. The Users edit panel appears.
  3. Click the Approver Limits tab.
    The Approver Limits panel appears (Figure 29).

Figure 29 - Approver Limits Panel: Requisitions, Check Requests, Invoices, Journal Vouchers, Vendors

  1. Click the prompt next to one or more of the ...Approver Buddy fields (for requisitions, check requests, invoices, or journal vouchers) to select an approver buddy for the user, as appropriate.
  2. When the user goes out of the office (Out of Office is selected), approver buddies will take over the user's approvals.
    Note: Approvers can change their own out-of-office settings from the Misc Functions menu in the main Contents. Select Misc Functions > Change My Out-of-Office Status.
  3. If the approver wants to be notified when a requisition, invoice, check request, or journal voucher has been submitted for approval, select Email on Submission in the appropriate ...Submit Notify Type field(s).
  4. The Invoice Direct Approval Limit field lets you set a dollar limit when the user is a direct approver. Assigning each direct invoice approver a dollar limit lets you better control the amounts that direct approvers’  can handle. This field makes it easier to assign some users to approve only small dollar invoices.
  5. If your site uses Approver Buddy Limits, enter values in the fields for Requisition Approval Limit and/or Invoice Approval Limit, as appropriate. When a user who approves requisitions, invoices, or check requests goes out of the office (setting the Out-of-Office flag), materials needing approval are routed to the user's approval buddy. On the Out-of-Office panel, the user can select an approver buddy. However, only approver buddies with approval limits that are the same or higher than the user's are available for selection.
  6. Click the Help button for detailed information on panel fields.
  7. Click Save.
    You can select another tab on the Users panel, or click Submit to return to the Users list.

Setting AP Limits and Notifications

Users working in Accounts Payable need parameters set for invoices and checks. The fields that you need to enter for check and invoice permissions and limits are on the AP Limits panel.

To set AP limits and notifications,

  1. From Work in Administration on the main Contents, select Administration > Users. The list of users at your site appears.
  2. Locate the user that you are interested in and click the edit icon () next to the User ID. The Users edit panel appears.
  3. Click the AP Limits tab.
    The AP Limits panel appears (Figure 30).

Figure 30 - AP Limits Panel - Sets Check and Invoice Permissions

  1. Click Save.
    You can select another tab on the Users panel, or click Submit to return to the Users list.

Setting User Authorities

The Authorities panel governs permissions for a variety of features. Fields on the panel set permissions for users as described in Table 4.

Table 4 - User Authorities Panel Fields

Authority Field: Function:
Inquiry Only The user can only view information in the system, and may not edit or delete information.
Asset Location Restricted Currently not used.
Authorize Purchase Orders The user has permission to authorize purchase orders.
Perform Table Maintenance The user can add, change, and delete table entries. Tables are accessible from
the main Contents of Materials, AP, or GL on the Tables menu.
Perform Security Maintenance The user can add, change, and delete user security information: user profiles,
data profiles, report profiles, and roles.
Receive Inventory The user can create inventory receipts. This field must be set for any user that is an invoice receipt exception owner.
Allow UOM Changes on Req Created from Order Guide The user can change the unit of measure for items requested through an order guide.
Allow File Item Adds to Req Created by Order Guide When selected, the user can add additional file item lines manually when creating
a requisition from an Order Guide.
Adding non-file lines is unrestricted.
Allow Override Discount Terms The user can change the discount terms when creating an invoice.
(Discount terms default from the vendor to the PO to the invoice.)
Allow Override Pay To Vendors On an invoice, the Paying Vendor and Paying Location default from the PO.
The user can override these defaults.
Allow Item Vendor Unit Price Change from PO The user can approve unit price changes.
Allow Unauthorization of Sent EDI PO The user can unauthorize EDI purchase orders that have been sent.
This setting is designed to allow you to delete EDI purchase orders created for testing
(but any EDI PO can be unauthorized.) Once you unauthorize a PO, you can delete it.
Blind Receiving The user can do blind receiving.
Allow Add/Update/Delete of Vendor Type
"MM and AP"
Controls whether a user can create and maintain "MM and AP" type vendors.
The field is selected by default.

Vendors can be designated as one of these types: "AP", "MM," or "MM and AP."

This field works in concert with the role object "VendorsMMandAP."
Security settings for this role object default from the values set for the role object "Vendors."

Depending on the security setting for the "VendorsMMandAP" role object.
When this field is selected, the role object must have the following minimum settings
to perform these actions:
  • Edit a MM/AP Vendor - Modify
  • Create a MM/AP Vendor - Create:
    When creating a vendor, select the Vendor Type "MM and AP."
  • Change to MM/AP Vendor type - Create
  • Suspend MM/AP Vendor - Modify
  • Unsuspend MM/AP Vendor - Modify
  • Delete MM/AP Vendor - All
  • Undelete MM/AP Vendor - All


If this field is not selected, or if the "VendorsMMandAP" role object setting is below
the minimum value, the actions are not permitted:

- The user can only create AP or MM type vendors.
- The user can view "MM and AP" vendor information, but cannot change the information or
delete the vendor.

On the vendor list, clicking the edit icon displays an inquiry panel for the vendor,
which cannot be edited. (Information on the Restricted Orgs panel can be edited.)

If the user tries to delete, undelete, suspend, or unsuspend an "MM and AP" vendor,
an error message appears, and the action is not performed.

Allow Inventory Quick Issue The user can create inventory quick issues.
Allow Inventory Charge Only Quick Issue The user can create inventory charge-only quick issues.
Typically, a charge-only quick issue is used when items are issued to medical center staff
on a "walk-in" basis.
 Print Pick List To My Printer Allows the user to auto-print requisition pick lists locally.
Auto-printing applies only to requisitions released by clicking Menu > Release Req for Printing on the Requisitions list.
A printer must also be specified on the Users General tab.
  • Before you select this field, on the General tab, add the name of the correct printer in the Printer Name field.
  • Then, select this checkbox.
    Note: Your site must have Pulse configured for auto-printing.
Allow Order Guide Quick Issue The user can create order guide quick issues.
Allow Override Dept Charge To The user can override the normal charge-to department, and specify a different
charge-to department for a requisition or purchase order.
When a user specifies charge override for a PO, item, order guide, or par cart,
only those departments that have been identified in the user's data profile are valid for selection.
Allow Dept to Dept Quick Credit The user can perform department-to-department credit processing of items.
Allow Return to Vendor Quick Credit The user can create quick returns to vendors for credit.
See "Return-to-Vendor Quick Credits."
Allow Dept Cost Adjustment Quick Credit The user can perform quick credits for department item cost adjustments.
Allow Dept to Inventory Quick Credit The user can perform quick credits for returning department items to inventory.
Allow Override Payment Terms The user can override payment terms on an invoice.
(Payment terms default from the vendor to the PO to the invoice.)
Allow Inventory Adjustments During Pick Confirm The user can adjust the on-hand quantity of an item when picking an order.
This situation occurs if the on-hand quantity is set higher than the actual shelf amount.
For example, if 10 items need to be issued, but only 5 are on the shelf, selecting
Adjust Quantity/UOM Issued
from the Pick Confirmation panel confirms the issued amount (5)
and sets the on-hand quantity to zero.
Allow Vendor Merge Gives the user permission for the Vendor Merge feature.
Restrict PO/Invoice Price Change on Contract Items Forces payment of an invoice for a contract item at the PO price.
The user cannot change prices on purchase orders or invoices.
See "User Restriction against Changing Prices on Contract Items."
Make Delivery Docs auto-available to My Reports Allows automatic printing of a Receiving Delivery Document when a purchase order is received.
Allow Add/Update of Bill Only Reqs and POs When selected, the user is authorized to create and update bill-only POs and requisitions.
Allow Cart/Guide Line Adds from Dept Inventory Allows the user working with a department inventory to add file items to an order guide
and/or par cart from a department inventory when the inventoried file items do not exist
on the par cart/order guide
Allow Add/Update of Blanket Requisitions Authorizes the user to create and edit blanket requisitions.
Allow Add/Update of Standing Requisitions Authorizes the user to create and edit standing requisitions.
Allow Pipeline Days Reset The user is allowed to edit the pipeline days on the item inventory record for stock items.
Auto Print After Mobile Pick
(Must select Printer Name and Mobile SC Feature)
This field is for users who work with picks on a mobile device.
When selected, allows the user to auto-print pick lists locally as soon as a pick is finished.
A printer must also be specified on the Users General tab.

If the Mobile Pick Application feature is not enabled, this checkbox is grayed out

To set user authorities,

  1. From Work in Administration on the main Contents, select Administration > Users. The list of users at your site appears.
  2. Locate the user that you are interested in and click the edit icon () next to the User ID. The Users edit panel appears.
  3. Click the Authorities tab.
    The Authorities panel appears.
  4. Select the checkbox for each authority or restriction that you with to set.
    Information about the fields is in Table 3 and available by clicking Help.
  5. Click Save.
    You can select another tab on the Users panel, or click Submit to return to the Users list.

Setting GL Limits and Notifications

General Ledger users need permissions for working with accounts and for creating and posting journal voucher entries to the General Ledger. The fields for General Ledger permissions and limits, including journal voucher approvals, are on the GL Limits panel.

To set GL limits,

  1. From Work in Administration on the main Contents, select Administration > Users. The list of users at your site appears.
  2. Locate the user of interest and click the edit icon () next to the User ID. The Users edit panel appears.
  3. Click the GL Limits tab.
    The GL Limits panel appears (Figure 31).

Figure 31 - GL Limits Panel - Sets General Ledger Entry Permissions

Journal Voucher Approvers and Notifications

The user's organization may have identified approvers for particular source journals and/or account codes.

  1. Select the appropriate values for the other fields. Click Help for detailed field information.
  2. Click Save.
    You can select another tab on the Users panel, or click Submit to return to the Users list.

Sites Using Single Sign On - The SSO Tab

Single sign on relies on your site's network sign on process to validate users' credentials when signing on to   ERP.ingle signon, single sign-on, SSO

Note: This feature must be implemented by your Consultant, and users need to be set up with SSO credentials.

When new users are created as part of the single sign on implementation, they initially have a basic ERP User ID and password, but no user roles, data profiles, default organizations/departments, authorizations, or other required user profile elements. Until their user profiles are completed -- a step in the process -- they will not be able to sign in using SSO.

User information is considered incomplete when it missing any of the following:

Once a user is set up for single sign on, the Active flag on the User Profile Main tab disappears. Audit reports for users that are active in the system are based on the customer's Active Directory when SSO is enabled.

Process Flow in Creating New SSO Users

  1. The site’s system administrator adds the new user to the Active Directory (AD) Group for ERP on the local (customer’s) network.
  2. An automated service monitors the AD Group and adds the new user to the ERP within minutes of the user’s being added to the AD group.
  1. Once the ID is created in Step 2, the system administrator can edit the User Profile for the appropriate values and permissions, and specify an activation date in the Activation Date field on the External Users tab (Figure 32).

Figure 32 - The External Tab on a User Profile

Identifying SSO Users with Incomplete User Profiles

The field SSO Missing Info YN on the User Settings list indicates (Yes) if the required User Profile fields are not assigned (Figure 33). You can use this list to review users whose User Profiles need completion.
- To open the User Settings list, select Work in Administration > Administration > User Settings.

Figure 33 - User Settings List with Single Sign On Columns

Copy an existing SSO User Profile to a new SSO user

The Replicate feature copies an existing SSO User Profile to generate a new user profile. This is a time-saving feature for system administrators.

Note: The user eMail Address is not copied. Also, the Password is not copied if it is an SSO password for access to an external system.

To create a new user profile by replicating an existing SSO user profile,
  1. From the Administration main Contents, select Administration > Users.
  2. Locate the SSO User Profile that you wish to replicate.
    - You can search for users that are SSO users with both complete and incomplete user profiles.
    Click Search.
  3. From the Menu, select Replicate.

A panel appears containing the user profile information. The lower part of the panel lists user profiles that were created for SSO only (Figure 34).

Figure 34 - Selecting an SSO User Profile to Copy

  1. Click Select on the left to identify the destination for the user profile that you are replicating.
  2. Click Submit. The application updates the user chosen in the lower-lever panel to match the settings in the top panel.

Note: Once a user is set up for single sign on, the Active flag on the User Profile Main tab is unavailable

SSO User Data Import

This user data import is designed specifically for SSO users. It makes the process of setting up SSO users easier than using the standard User Maintenance tools.

Both a manual and an automated process are available for this import.

Security: Users working with this feature must have the role object "SSOUserMaintImport" set minimally to Modify.

When a user is provisioned for SSO, Premier staff create a "shell user profile." Once the user "shell" has been created, the site administrator must manually assign the role, data profile, default organization, default department, and other details. The process had relied on the existing user maintenance import template. That template has other fields in whose data the site administrator must manually key-in or copy. To improve the process, this a user data import template specifically for SSO users is available. This new import template and process handle more of the needed user data.

Manual import process

From the Administration menu, you can access a list of SSO users that are missing required information such as role, data profile, default organization, and department. A second menu element provides the import. See Figure 34.

Figure 34 - Administration Table of Contents with New SSO User Maintenance Elements

An example of the SSO Users List is in Figure 35.

 

Figure 35 - List of SSO Users Needing More User Profile Data

Administration main Contents > Administration > SSO Users Missing Info

On the list (Figure 34), the Spreadsheet link creates an Excel document in the format of a new SSO User Import. Administrators can open the spreadsheet and provide missing information, along with additional approval values, if needed by the user. Save the spreadsheet as a .csv file. The last field must be <EOF>.

You can then upload the .csv file to ERP using the new SSO user data import function that will apply the changes to the user profiles. The menu option SSO User Maintenance Imports (Figure 35) opens a list of existing imports. Figure 35 is the import list where you can see current imports and create new ones.

Figure 36 - SSO Imports List with New Button to Create a New Import

Administration main Contents > Administration > SSO User Maintenance Imports

On the Imports List, the standard import functions are available, including the ability to view the details of the import, see messages, etc. The import process applies the changes from the import to the user and user settings tables in the application. Existing validations already in the ERP ensure that only correctly formatted data is used to update the actual user values.

Automatic import process

The automated process occurs through the Gateway when template files with completed data from an external application are dropped in a Gateway in-box. The import is available from the Imports List (Figure 36). This process needs no action by your site administrator; except in the case of errors which may require a conversation involving a corrected re-import.

  Users - The PremierConnect Tab

This tab contains fields for users who sign on to ERP/SCM through .

Important: When you copy a user, data on this panel is not included in the copy.

Update Status - For a user who accesses ERP/SCM through , this field indicates whether the user’s credentials have been updated (entered) in the Premier's User Management System. (Note: This system is also called CIAM: Customer Identity and Access Management.)

Update Date - The date when the user’s credentials were entered/updated in the User Management System.

Message - Any message related to the update.

Locked out Users

You can reset a user record so that the user is no longer locked out

To reset lockout for a user,

  1. From Work in Administration on the main Contents, select Administration > Users.
  2. On the Quick Click menu, click Show All. The Users list appears.
  3. Locate the user for whom you wish to reset a lockout, or reactivate.
  4. Click Menu > Reset Lockout. The system asks you if you want to reset lockout for the user.

Note: You can also select Reset Lockout on the Quick Click menu to reset user access.

  1. Click Submit. Lockout is reset.

Inactive Users

The system provides a grace period for inactivity so that users who do not sign on to the system every day are not deactivated. The grace period is determined by each site, and set at implementation or by the Help Desk.

A process in the nightly maintenance procedure sets active users to inactive if they fall outside the inactive grace period determined by their site.
The process checks whether any user IDs NoActivityLockoutPeriod has expired. If the period has expired, then the Active YN flag is set to 0.

An audit record is created: AuditSource = 'Routine Maintenance' and AuditReason = 'No activity lockout period exceeded.'
System administrators will also be able to view the sign-on history and security activity for their site.

Ignore the Lockout Period

For any given user, you can suspend the inactive lockout rule by setting a flag on the User Profile.

  1. Click Work in Administration > Administration > Users > edit User.
  2. Select the field Ignore Lockout Period on the Users General panel (bottom right).

Topics for Sourcing and Contract Management

Several user features are relevant to sites where users also access Sourcing and Contract Management (SCM)

User Restriction against Changing Prices on Contract Items

Price changes to contract items on a purchase order, or during invoice matching (clearing a price exception) can be restricted for individual users, organizations, or for an entire site.

The field Restrict PO/Invoice Price Change on Contract Items on the User Profile restricts the user from changing contract item prices. The user cannot modify the PO Unit Cost and the Next Estimated Receipt Unit Cost on a purchase order line. The setting also restricts users from selecting the Invoice Correct field in clearing exception prices for contracted items.

To set the restriction at the different levels,

User:

- If the restriction is not selected in a user profile, the user can change cost/exception prices, as long as the restriction is not set at either the organization or system values level. Also, the user can select the Invoice Correct field when clearing price exceptions for contracted items.
- If the restriction field is selected, the user cannot change prices.

Organization:

Selecting the restriction field for an organization (on the Organization record) prevents any user in the organization from changing prices.
See "Organization Restriction for Contract Price Changes" for details.

System:

- If the field is not selected, price changes can be controlled at the organization level and/or the user level.
- If the restriction field is selected in System Values, no one at the site can change a PO price for a contracted item.
See "Restrict PO/Invoice Price Change on Contract Items for an Entire Site" for details.

Create and View Regions and Organizations

Your site's operational structure may include several organizations, each with multiple departments. In Sourcing and Contract Management, one or more organizations can be assigned to a region. You can view, edit, and create organizations and regions from the Sourcing and Contract Management Administration feature. You can add regions and organizations to users' data profiles (see "Work with Data Profiles)."

To view organizations,
To view Organization information,
To create an organization,
To view regions,
To view region information,
To create a region,
To associate an organization with a region,

Searching for an Organization

To search for an organization,

Use Search on the "Create Organization" page.

  1. On the Administration main Contents. click Region/Org Association.
  2. Click Add Org under one of the organizations listed.
    The Select Organization panel appears (Figure 37).

Figure 37 - Select Organization Panel with the Search Field

Role objects associated with Sourcing and Contract Management

The following role objects are used in Sourcing and Contract Management:

Role Object Controls access to:
Contract The Supply Contract Workbench. Permits users to work with the key features
of Sourcing and Contract Management.
The setting must be View (at the minimum) to allow users to see the menu options.
To import contracts, the setting must be Modify or higher.
- The View setting allows users to search for a contract, and then drill down on the Items Found On count
or the Matched Items Found On count. Also, users can view contract item details.
CATables

Tables containing contracts components: region, organization, vendor, manufacturer, and others.
(Applies to both supply contracts and services contracts.) This role object must be set to Modify,
at a minimum, for a user to be able to change table data;
for example, to create a region/organization association.

CAAnalysis The Analysis Workbench and analysis tools
Work with analysis projects.
ServicesContract Work with services contracts.
SharedSvcsAnalysis Analysis workbench for shared services contracts.
ContractSecurity

The contract Security feature. The contract Security feature lets you identify the organizations/regions whose users are allowed to view the contract. See the detailed discussion below.

CAAlerts Set up and edit alerts for other users.
PriceActivation Vendor price activation for supply contracts. See the details below.
Dashboard Lets users view and (depending on the setting) configure dashboards.
CARegistration Lets user create entities and register them to manufacturers and vendors.
Users who register local vendors or manufacturers will need this role object set to "Modify" or "All."
(The default setting is "View.")
CADept Allows the user to edit supply department names in the Departments table.
(The default setting is "None.")
Used during implementation of Sourcing and Contract Management. Otherwise, this role object is generally not applicable to normal user activities. to merge old and new supply contracts.
Work with documents attached to a supply contract
(controls the Documents tab on the "Work with Contract" page).
Also allows users to work with emails and notes on the Correspondence tab.
Work with documents attached to a services contract (controls the Documents tab
on the "Work with Services Contract" page).
Also allows users to work with emails and notes on the Correspondence tab.
Work with documents attached to an analysis project (controls the Documents tab
on the "Work with Project" page).
Also allows users to work with emails and notes on the Correspondence tab.
CAFees Incentive setup and monitoring.

ContractSecurity (supply contracts) - provides access to the contract Security feature. The contract Security feature lets you identify the organizations/regions whose users are not allowed to view the contract. The list of organizations/regions is displayed when you click the Contract Info panel's Security link (Figure 38). Details about the contract Security feature are in the subsequent section "Restrict user access to a contract."

Figure 38 - Contract Info Panel Security Link

PriceActivation (supply contracts) - at the highest security settings (All, Create), allows the user to create vendor price activation headers for supply contracts. (Users with the role object Contracts set to View can select items for activation, once a header has been created.)

Activating prices on a supply contract is not secured by the user's data profile. Price activation activates all selected items in a contract, regardless of the user's data profile settings.

Restrict User Access to a Supply Contract

The contract security feature lets you specify the organizations/regions whose users are not permitted to access the contract. The Security link on the Contract Info panel displays the organizations/regions for selection. If none are selected (the default), a contract can be accessed by all users.

System alerts displayed on the Contract Workbench My Alerts panel take into account the organization/region security restriction: Users do not receive alerts for contracts that they are not able to view.

Figure 39 - Organizations/Regions for Restriction

Access to the Security link on the Contract Overview panel requires the setting Modify for the "Contract Security" role object, at minimum. If the role object setting is View or None, the security link is grayed out. A discussion of this role object is in the previous section "Role objects associated with Sourcing and Contract Management."

Setting Up IP Address Access

Your site probably has a key group of users who work with the system all the time. You may also need to grant access to the system to computers with IP addresses outside of the key group. For example, you may have users in another building, or in a remote location. Or, you may wish to give some users access from their home computers.

You may also wish to restrict access to an IP address that would normally belong to the main group. For example, you may have a special purpose computer that you do not want to be used for system work.

You can control access to the system based on a computer's IP address. The set up process for IP permissions has these components:

  1. Discuss your need for access by IP address with the Help Desk. The Help Desk will set a system parameter to enable IP address permission.
  2. For users at your site, set the Restrict access using IP Permissions field on users' profiles. This field is on the Users edit panel -- General tab (Figure 24).
  3. Enter the users' IP addresses into the IP Permissions list, and set access to Yes.

To create restrictable IP addresses and set access,

  1. From Work in Administration on the main Contents, select Administration > IP Permissions. The IP Permissions table appears with the list of IP addresses in the left column.
  1. To specify an IP address, click New. The IP Permission panel appears.
  2. Enter the IP address.

    The elements of an IP address are called "octets." Each octet has one to three digits, and every IP address has four octets.
    The value of an octet can range from 0 to 255. Only integers are valid in an octet; alphabetical characters are not valid.

    You specify an IP address as four octets separated by periods. For example, 152.163.9.2. If you want to set the IP permission
    for a group of IP addresses, you can enter a mask. You create masks using wild cards, positional substitutions, ranges, and lists. For example, 181.169.* .* is an IP address mask. The asterisk (*) is a wild card and matches any value. So, this mask will include IP addresses from 181.169.0.0 to 181.169.255.255.

    Here are the characters that you can use for masks:

    *   Represents any value.

    ,   (comma) Separates individual values.
        For example, 245.120,124.333.17 means 245.120.333.17 and 245.124.333.17.

:   Indicates the beginning and end of a range.
    For example, 245.120:124.333.17 means all the values between (and including) 120 and 124 in the second octet:
    245.120.333.17, 245.121.333.17, 245.122.333.17, 245.123.333.17, 245.124.333.17

?   Positional wild card. Matches only as many elements as there are question marks.
    For example, ? matches 0 to 9, but not 10 because 10 is two places. ?? matches 10 to 99.

[ ]   Optionally groups numbers and operators together, as needed, for clarity.
    For example, 245.122.199,20?.[17,20:24].

  1. Select the Allow box if you want to grant permission for the IP address to access the system.
  2. Leave the Allow box unselected if you wish to prevent the IP address from accessing the system.
  3. Click Submit. The system displays the IP Permissions list.
  4. Click Refresh to see the new IP address and its access setting.

    Note: You can edit the IP address at any time to change access, without deleting and re-entering the address.

To give a user access to the ERP mobile application on the iPad,

  1. From Work in Administration on the main Contents, select Administration > Users.
  2. On the Quick Click menu, click Show All. The Users list appears.
  3. Locate the user's ID on the list and click Menu > Edit. The tabbed user information panels appear.
  4. On the User Roles panel,
  5. Click Submit. The system changes the setting so that the user can work with iPad tools.

To give a user access to Cardinal's web site and to vendor punchout sites,

  1. From Work in Administration on the main Contents, select Administration > Users. The list of users and settings appears.
  2. Locate the user's ID on the list and click Menu > Edit. The tabbed user information panels appear.
  3. On the General panel, select the appropriate option from the Punch-Out to External Vendor field.
    - Full Access must be selected if the user is allowed to click on a link from an item record to view the vendor's catalog entry. The user can access the public site and can access the password-protected pages. Also (when organization and department permissions are set), the user can order from punchout vendor web sites. (See "Using Vendor Punchout to Order Supplies)."
    - No access - The user cannot access any vendor web pages.
    - Public site only - The user can access the vendor's public web pages.
  1. Click Save. You can select another tab on the Users panel, or click Submit to return to the Users list.

To make the Scheduled Jobs feature available to a user,

  1. Include the ScheduleJobs role object in the user's role and set the ScheduleJobs role object to a value other than None. Select a different value such as All. See the discussion of assigning role objects.
  2. Verify that the menu choices available for the user's role include "Scheduled Jobs."

To delete a user,

  1. From Work in Administration on the main Contents, select Administration > Users.
  2. On the Quick Click menu, click Show All. The Users list appears.
  3. Locate the user that you wish to delete.
  4. Click Menu > Delete. The system tells you that you are about to delete a record.
    Note: You can also select Delete on the Quick Click menu to delete the user.
  5. Click Delete. The user is removed.

View the User Activities Log

System administrators can view a log of users' activities with the system from a menu option on the Users list. User activity data is retained for seven days before it is purged.

To view user activities,

  1. From the Work in Administration contents, select Administration > Users.
    The Users list appears (Figure 40).

Figure 40 - Part of a User List

  1. Locate the user of interest.
  2. Select Menu > View User Activity Log (Figure 41).

Figure 41 - Accessing the User's Activity Log from the User List

The user's activities appear (Figure 42), ordered by date. You can use the Quick Filters for Field Name (the name of a value that was changed by the user), Table Name (the data table where the value was changed), Job Name, Audit Reason, and Key Values. Click Help for detailed descriptions of the columns' contents.

Figure 42 - A Sample User's Activity Log

On the User list, by default, the system only displays users at a site. Clicking Show All displays users (Technical Support or development staff) who can access a site's database to track or fix problems.

Note: User activity data for user IDs is retained for a year.

See the discussion of "Access and Change Logs" for a discussion of patient information protections in log and audit displays.

View the Activities of All Users

System administrators can view a log of all users' activities with the system through the Administration menu. User Activity data is retained for seven days before it is purged.

From the main Table of Contents, select Administration. From the Administration menu, select Administration; then choose Activity log. (See Figure 43.)

Figure 43 - Activity Log

The Activity Log - All list displays the same fields as the individual user's activity log, along with the name and user ID of each user listed.

Create and Edit User Profiles via Mass Maintenance

Creating large numbers of new users and user maintenance is more efficient with the user record import and export. This feature allows a security administrator to create new users and to maintain and audit an existing user base without having to go into the ERP application and create or update each user record individually. Administrators can download and complete a template that sets up new user profiles when uploaded.

Some sites find it convenient to use the import to create one or more "generic" users with particular User Profile settings. Then, once in the application's Administration module, they copy the "generic" users and enter values for real, new users.

For maintenance purposes, administrators can export all user settings in the ERP application, make changes and import that data back into the ERP application to update users' profiles.

Security: This feature is controlled by the "Administrator" role object.

Single Sign On Sites: If the user you are creating (or updating) is a single sign on user; that is, if you enter Yes in the column Single Sign On User then the column for the single sign on Activation Date must also be completed with the date when you would like the user to have access to ERP.

Creating New User Records

To create user records, an Excel template is available for entering fields that you will upload and import into new User Profiles.

  1. From the Work in Administration main Contents, select Administration > User Create Template.
    Follow the instructions to open the template in Excel. Figure 44 is an example.

Figure 44 - Excel Template for Creating New User Profiles

  1. On the template, enter values for User Profile fields in the appropriate columns.
    Important:
    - The fields highlighted in yellow are required.
    - Enter information right over the text that says <required>. If you import the spreadsheet with the <required> word still in a cell, the application will take it as an invalid value, and will send an error message.
    - Click the worksheet tab Info for instructions on completing and saving the template.
    - The last entry on the template must be <EOF>.
  2. When you finish entering values in the fields, save the spreadsheet as a .csv file on your local network.
  3. Upload and import the spreadsheet to ERP using the instructions below.

Maintaining Existing Users - Exporting User Data from ERP

For maintenance, first export existing user records to an Excel worksheet. A new panel is available for the export task. Then, using the worksheet as a template, make changes as needed to the user data, Save the worksheet as a .csv file, and finally upload it to the application.

The upload is the standard upload process. A panel lets you work with uploaded user records.

To export data from the User Settings (All Columns) list,
  1. From the Work in Administration main Contents, select Administration > User Settings (All Columns). Figure 45 is an example.
  2. You can click Search to filter the list of users by organization, department, role, and other parameters to identify a subset for import/export, if you wish.

Figure 45 - The All Users Panel with the Spreadsheet Link for Exporting

Work in Administration > Administration > User Settings (All Columns)

  1. Click the Spreadsheet link (Figure 45, red arrow, upper right). If you have a large number of user records, the application sends a request for you to identify the number of records that you would like to download.
  2. Click the number.

You will need to save the file (Figure 46) as a .csv file for the export.

Figure 46 - Sample Downloaded User List

  1. Edit values for users in the spreadsheet. Here are some tips:
  1. Enter <EOF> in the first cell of the row following the last line of data. This value is critical, so that the import can find the end of the file (Figure 47).
  2. Figure 47 - Entering the End-of-File Marker <EOF>

  3. Save the file as a .csv (comma-separated) file. You are now ready to import the file back to ERP.

Importing New or Edited User Data to ERP

After you create or edit user records, you can import them back to ERP.
Important: The file you import must be in .csv (comma-separated values) format.

Follow these steps:

  1. Select the import panel from ERP Work in Administration main Contents > Work in Administration > Administration. The User Imports panel appears. Figure 48 is the panel for maintenance, but the panel for new user records is similar.

Figure 48 - The List of User Record Imports

- This panel lists previous imports if any, and lets you create new imports.

  1. Click New. The Upload Panel appears (Figure 49).

Figure 49 - The User Maintenance Upload Panel

  1. Enter the file that you wish to import in the File to Upload field.
    - Click Browse (on Microsoft IE or Edge) or Choose File (on Chrome) to locate the file on your network, then click the file to select it.
  2. At this step, you have a choice. You can work through the import process in either one stage or two stages.

    If you have uploaded files to the application before, use the one-stage approach, as follows:
    - Click Submit. The system attempts to upload your file and validate it. The User Maintenance Imports or User Create Imports panel appears.
    - Click Refresh to see your file listed.

    For users working with import files for the first time, we recommend the two-stage import approach. The two-stage approach first loads the file and validates it. Click Load and verify, no import.
    Once the file has successfully loaded, you can process it manually from the User Maintenance Import panel appears to import it into the application.
    - Click Help on the Import panel for details on the processing step.

  3. The processed import will appear in the list of imports.
    Each import has a Menu that lets you Reprocess, View Details, Download or Delete an import file.
    Clicking Menu > View Details lets you display messages and edit the import record. 

Handling Import Errors

Valid rows on the spreadsheet will import into the application. If some rows are valid, and other are not, the invalid rows will not be imported. When the Import Status of the uploaded user record file is not Complete, the import encountered errors.
To work with errors, you need to review the import details, make corrections, and reprocess the data.

  1. Next to the import, click Menu > View Import Details to display any errors or warnings that may have occurred.
    - On the Import Details panel, each imported record appears. The Messages column contains Yes if errors or warnings exist for any record.
    - Click Menu > View Messages.
    - Click Menu > Edit to edit any unprocessed data and correct it.
  2. After making corrections, from the import list, click Reprocess to rerun the process for any imports that do not have an Import Status of Complete.

Create New Data Profiles via Template Import

The import/export feature for data profile record mass maintenance is now available. With the use of a template, this mass loader allows a security administrator to upload multiple new data profiles at one time instead of creating them manually in ERP. You can also maintain and audit existing data profiles without the necessity of updating each one individually within the application.

Usage Tips: Creating one or more "generic" data profiles is a convenient way to utilize this feature. From within the Administration module, an administrator can copy these "generic" profiles and make changes to the department, asset location, and organizations as needed.

Security: This feature is controlled by the "Administration" role object.

An Excel template is required for the data and fields that you will upload and import into ERP.

To download the Data Profile Import template,

  1. From the Work in Administration main Contents, select Administration > Data Profile Import Template.
  2. Save the Excel template to your computer or local network.
    The file should look similar to the example in Figure 50.
  3. Figure 50 - Excel Data Profile Import Template

To work with data profiles using the Data Profile Import Template,

The template contains several tabs. The initial tabbed worksheet (Figure 50) is for your data. Detailed instructions,
including the colored columns are on the Info tab. Examples are on the Examples tab.

  1. On the template, enter values for Data Profile fields in the appropriate columns.
    You can add, change, or delete data profiles. See the rules below about deletions.
    Important:
  2. When you finish entering values in the fields, save the spreadsheet as a CSV file on your computer or local network.
    Important: When you save the file as .csv, make sure that it is saved as an MS-DOS .csv type. Otherwise, the upload will not recognize the record type, and you will get an error message.
  3. Upload and import the spreadsheet to ERP using the standard upload process described below.

To import data profile records,

After you create or edit data profile records, you can import them back to ERP.
Important: The file you import must be in .csv (comma delimited) format.

  1. Select the Data Profile Import panel from ERP Work in Administration main Contents > Administration > Data Profile Import.
    - This panel lists previous imports if any, and lets you create new imports.
  2. Click New. The Upload Panel appears. This panel uses the standard upload process.
    - Click Browse (on Microsoft IE or Edge) or Choose File (on Chrome) to locate and enter the .csv file to upload.
  3. You can work through the import process in either one stage or two stages.
    For the one-stage process,
    - Click Submit. The system attempts to upload your file and validate it.
    - Click Refresh to see your file listed on the Data Profile Import panel.
    For the two-stage process,
    - Click Load and verify, no import.
    Once the file has successfully loaded, you can process it manually from the Data Profile Import panel, and import it into the application. The Data Profile Import panel displays the import and its status. In Figure 51, an imported file (in blue) is incomplete. Problems occurred with this import file.
    (The actual problem was that the ActionCode was set to C, when it should have been set to A.)

Figure 51 - The Data Profile Imports List and Menu

Download and security information appears.

  1. Click Menu > View Import Details to view the problem areas of the import. From the Import Details panel,
    you can display any messages (Figure 52).

Figure 52 - Using the Data Profile Import Details Menu

  1. Click the edit icon or Menu > Edit to open the import and fix any problem. Figure 53 is an example.
    You can then reprocess the import.

Figure 53 - The Data Profile Import Edit Panel

Data Profile Deletion Rules

Figure 54 - Using the Template to Delete a Data Profile

ERP checks that the data profile is not assigned to any user before it runs the delete. If it is assigned to someone, the delete fails and a message appears.

Here are additional rules for data profile records that are to be deleted:

- When a Delete (D) record doesn't have an organization, department, or asset location entered, then the entire data profile will be deleted.

- When a Delete (D) record has only an organization entered, then the organization and all the departments and asset locations for that organization will be deleted from that Data Profile.

- When a Delete (D) record has an organization and department entered, then the department for that organization will be deleted from that Data Profile.

- When a Delete (D) record has an organization and asset location entered, then the asset location for that organization will be deleted from that Data Profile.

- When a Delete (D) record has an organization, department, and asset location entered, an error message appears.

- When a Delete (D) record has a department entered, but no organization, an error message appears because the same department name can be present in multiple organizations.

- When a Delete (D) record has an asset location entered, but no organization, an error message appears, because the same asset location name can be in multiple organizations.

Display Audits of Data Profile and Role Object Changes

An audit facility is available on the Data Profiles lists and the Roles and Role Objects lists.

Data Profiles

Changes to a data profile's general information or to organizations, departments, or asset locations assigned to a data profile are audited.


Next to any data profile, click Menu > View Audit Info (Figure 55A, ).

From the data profile, click Menu > View Regions/Organizations Audits or View Department Audits (Figure 55A, ).

Or:

Drill down to the department/organization/region and view an audit from there:

- From the data profile Menu click Valid Regions/Organizations, or Valid Departments (Figure 55A , red arrow,), or Valid Asset Locations.

The relevant list appears. Figure 55B is an example for the departments assigned to the data profile 6020.
- On the list, click Menu > View Audit Info (Figure 55B, ).

The system displays changes involving any department.

53A. Data Profiles List Menu


53B. Departments Assigned to Data Profile "6020"

Figure 55 - Displaying Valid Departments in a Data Profile to Audit Changes

For example, imagine that a fourth department 4460 Sports Medicine Outpatient was once assigned to the data profile 6020 in Figure 55B, and has been removed. Figure 56 displays the audited change.

Figure 56 - Audit of Department Changes to a Data Profile: Department 4460 was Deleted

Roles

The audit displays changes to a role's general characteristics and to role objects' settings. Figure 57 is an example.

57A. The Roles List and its Menu Options

57B. The Role Objects List and its Menu Options

Figure 57 - Getting Audit Information for a Role and for Changes to Its Role Objects' Settings

On Figure 57A for the role of Buyer, the menu options are:

- Users -- displays users assigned to the role.

- Role Objects -- lists role objects. Clicking this option displays Figure 57B.

- Omitted Menu Options -- displays main Contents elements that users with the role cannot access.

- Available Menu Options -- displays main Contents elements that users can access.

- Omit Menu Options -- lets you omit main Contents elements so that the user cannot access them.

- View RoleObject Audits - displays changes to security object settings; for example, a change from Modify to All.

- View Audit Info -- displays changes to any general characteristics of the role.

- Edit -- lets you change the general role information, such as the role Description.

- Copy - lets you copy the role.

- Delete - deletes the role (Not shown).

Figure 55B is part of the list of role objects for Buyer.

- Alternately, on the menu for the role (Figure 57A), click View RoleObject Audits.

Audited Fields in Accounts Payable, General Ledger, Materials Management, and Administration

List of audited fields links to a spreadsheet containing the fields and their locations.

In summary, these fields are audited on the user record:

Active YN
Role
Data Profile
Hide Financial Data YN
Hide ePHI Data YN
IP Restriction YN
Password
Lock Out Counter
Lock Out Date
Last Used User
Report Security Profile
Email Address
User Security Level

See the discussion of "Access and Change Logs" for a discussion of patient information protections in log and audit displays.

Finding What Role Objects and Settings are Needed to Use a Feature

You can find out what security settings you need to use ERP features.

- Point the mouse over the feature of interest in the main Table of Contents (or in the Menu contents for any panel).

- Right click.

A pop up box displays the security object needed.