Four types of Security types in Acumatica

One crucial feature that ensures data security and compliance within Acumatica is Row-Level Security (RLS).
Acumatica ERP supports a variety of scenarios for configuring the visibility of objects in the system. In the most common scenarios, you can create restriction groups. Acumatica ERP provides four basic types of restriction groups—A, A Inverse, B and B Inverse.

Let me show you with an example: I create two simple groups on the SM201030 screen. I name the first one "Some Items", Entity Type = "Inventory Item". Make sure the Active checkbox is checked. I select a couple of items: AACOMPUT01, AALEGO500, AAMACHINE1, AAPOWERAID. Select Group Type “A”.

Name of second is “Acomp350wind". Select the item "AACOMPUT01", which we have in the previous group and AM350WINDO".

Now let's go to the Restriction Groups by User page (SM201035). Select the user "admin", add our groups to him and save.

We do the same for the user "mendenhall", but select one group "Some Items".

Go to the "Stock Items" page (IN2025PL). Below are examples with different types of groups and results.


Differences between them:
Type "A" (Direct):

  • Direct access: Makes entities included in a group visible to users who are also included in that group.
  • Restricted access: Other users who do not belong to this group cannot view these entities.
  • Adding users: If a particular entity belongs to more than one Type A group, a user must be added to at least one of those groups to see that entity.

The admin user has access to all stock items.

The mendenhall user has access to 4 items from the "Some Items" group (AACOMPUT01, AALEGO500, AAMACHINE1, AAPOWERAID). Please note that it has access to AACOMPUT01 that is also in another group A type.

Other users do not have access to our stock items

Type "A Inverse":

  • Reverse access: Hides entities included in a group from users who are also included in that group.
  • Access by users outside the group: Users outside the group can view and use the entities.
  • Adding users: If a particular entity belongs to more than one A Inverse group, a user must be added to each of these groups, if necessary, to avoid being able to see that entity.

Change the type of each of our groups to A Inverse

The user admin does not have access to stock items from all groups.

The user mendenhall does not have access to all items in the "Some Items" group except AACOMPUT01, which is in another group. To prevent access to the item, you need to add all groups where it exists. In our case, there is another group "Acomp350wind" with AACOMPUT01.

Other users have access to all items.

 

Type "B" (Direct):

  • Direct access: Makes entities included in a group visible to users who are also included in that group.
  • Restricted access: Other users who do not belong to this group cannot view these entities.
  • Adding users: If a particular entity belongs to more than one type B group, a user must be added to each of these groups to see the entity.

Change the type of each of our groups to B.
The admin user has access to all stock items.

The user mendenhall has access to 3 items from the group "Some items" (AALEGO500, AAMACHINE1, AAPOWERAID). Note that he does not have access to AACOMPUT01 which is in the "Some Items" group. In order to have access to it, you need to add to this user all groups where AACOMPUT01 is. In our case, AACOMPUT01 is still in the "Acomp350wind" group, which is why we don't see it here.

Other users do not have access to our stock items

Type "B Inverse":

  • Reverse access: Hides entities included in a group from users who are also included in that group.
  • Access by users outside the group: Users outside the group can view and use the entities.
  • Adding users: If a particular entity belongs to more than one type B Inverse group, a user must be added to at least one of those groups to be able to see that entity.

Change the type of each of our groups to B Inverse.
The user admin does not have access to stock items from all groups.

The user mendenhall has access to only 1 item AM350WINDO.

Other users have access to all items.

Add comment

Loading