aACE uses a security model where users are assigned to groups and those groups are granted privileges. When aACE is implemented, only the Programmer and System Admin groups are created, then the system administrator creates the other user groups needed.
To work with user groups, navigate to Menu > System Admin > User Groups.
After you update settings for a user group, changes will take effect the next time those team members login. When you update the user group you belong to, aACE displays a prompt asking whether you want to implement the changes immediately or the next time you login.
Read below for information on each numbered section of the User Groups module:
1. General Info
Data Group — This drop-down list controls the overall data access.
Login Module — This module will automatically display when members of this group login. The setting is also noted on the User Groups list view as the Default View.
Group Bias — This drop-down list controls which columns display on various layouts depending on the users' role.
Order Type — This drop-down list sets the default record type used when this group creates an order. This setting takes precedence over the system-wide default order type (located in System Admin > Preferences > Order Entry). However, the system preference to allow multiple order record types takes precedence over this setting, allowing users to select between Sales and Production when they create orders.
Sales Layout / Production Layout — These drop-down lists control which fields are shown and where they're placed on the Orders detail view for each order type.
3. Menu Option Access
Specifies how the aACE menu will appear for this user group. Scroll down the list and mark/clear flags as needed.
This panel combines with Access Privileges (see below) for full functionality. If users have a certain menu option visible, but no privileges set for that module, when they click that menu item the system will return an error message.
4. Access Privileges
Specifies what members of this user group can do with the records in each module. Click the Search icon () to add/remove modules in this list, then mark the flags for the appropriate privileges.
This panel combines with Menu Option Access (see above) for full functionality. If users have privileges set, but no menu options to access modules, they may not be able to get to the records they need to work with.
Access Privileges Related to Group Preferences
Several modules include an access privilege with the title convention "No my<Record> Constraint" (e.g. No myOrder Constraint). Marking these flags lets group members view records that are assigned to other users (i.e. they are not constrained to only view "my" records).
In addition, the Preferences section (see below) includes two similar flags for viewing records that are linked to other offices and departments. To give a user group maximum visibility on system records, mark all these flags. To create the most limited view, clear all these flags.
5. Team Members
Specifies which existing team members will be included in this group. Each team member can be in only one user group at a time. If you add team members to a new group, aACE automatically removes them from their previous group.
The User flag is an easily visible way to deactivate and activate user accounts. If this flag is cleared, the team member will not be able to login. In additions, each team member line includes an Action menu () icon. This control also allows you to activate and deactivate the account, as well as edit credentials and view logs.
These flags allow you to refine the group's privileges:
- Can edit logs — Enables users to put the Log Viewer into editing mode, where they can modify manually entered comments.
- Can switch offices — Enables users to change their office assignment using the Main Menu footer.
- Can view all offices — Enables users to view the records linked to all offices. When this flag is cleared, users in the group only see records associated with the office specified on their Team Member records.
- Can view all departments — As with the previous option, this enables users to view the records linked to every department in their assigned office. When this flag is cleared, users in the group only see records associated with the department specified on their Team Member records.