The advantage of having functions such as 'Create Object', 'Read Object', 'Update Object' and 'Delete Object' in separate tasks or transactions is that it becomes a very simple matter to grant or deny access to individual functions simply by setting or unsetting a switch on the Menu database. This means that all security checking can be performed in the menu system before a transaction is activated rather than within the transaction itself after it has been activated.
The list of Tasks which a User is allowed to access is known a Security Profile, Access Profile or Access Control List, and is held on several tables in the MENU database, as shown in Figure 1.
Each User must belong to one or more of these Roles, so by changing the Access Profile for a Role you effectively change the Access Profile for all Users of that Role. One of a User's Roles must be designated as the primary Role as this will be used to identify the user's start task, global access and external authentication.
Figure 1 - Database structure
There are two ways of viewing and maintaining the contents of the ROLE-TASK table:
The contents of the USER-ROLE table can be viewed using the List User Role screen.
This Access Profile is used in two places:-