Security for Non-Reporting Features

This chapter describes security for Docentric improvements of built-in functionalities not related to reporting such as Email templates, Alerts, Attachments, License plate labels.
For security regarding Docentric reporting improvements, please check this manual.

Improved Email templates security

Duties for Sending test email for Organization and System email templates

We created two new duties in the Docentric AX Emails model:

  • DocSysEmailTableMaintain (Organization email templates maintain),
  • DocSysEmailSystemTableMaintain (System email templates maintain).

 

These duties secure the Sending test email functionality which is added to Organization and System email templates as a Docentric improvement.

Learn more on Improved Email Templates >>

Improved Alerts security

Improved Alert Rules

We created the following security artifacts for Improved Alert Rules:

  • Role: Docentric AX Alert Administrator (DocentricAXAlertAdmin), with a purpose to enable regular users to manage all alert rules in the same way as System administrator.
  • Privilege: Docentric AX Alert User Group Maintain (DocentricAXAlertUserGroupMaintain), with a purpose to enable regular users to manage User group ID (set/change/clear) on their alert rules.
All users need to get access to alert rules extensions created by Docentric such as conditional alert rules, advanced filtering and grid view, and this is achieved by extending the built-in SysServerAXBasicMaintain and SystemExternalBasicMaintain duties, which are included in the System user (SystemUser) role.

Security rules for the Alert rules forms

The Alert rules forms are Manage my alerts, which can be open by all users, and Alert rules, accessible only by System Administrators. As said, we introduced the Docentric AX Alert Administrator role and the Docentric AX Alert User Group Maintain privilege so that the users which are not System administrators can be granted: (1) editing of the User ID and User group ID fields on the Manage my alerts form and (2) full access to the Alert rules form. Please check the complete security rules below.

The Manage my alerts form
Operation Regular User Docentric AX Alert User Group Maintain Docentric AX Alert Administrator System Administrator
CUD: the User ID field No No Yes Yes
CUD: the User group ID field No Yes (only if the user is the alert rule owner) Yes Yes
CUD: other fields Yes Yes Yes Yes
Read all fields Yes Yes Yes Yes
The Alert rules form
Operation Regular User Docentric AX Alert User Group Maintain Docentric AX Alert Administrator System Administrator
CUD: the User ID field No access No access Yes Yes
CUD: the User group ID field No access No access Yes Yes
CUD: other fields No access No access Yes Yes
Read all fields No access No access Yes Yes

CUD = Create | Update | Delete

User Group ID is a new field added by Docentric, which enables configuring the user group whose users (beside the user specified in the User ID field) will also receive the alert notification.

Learn more on Improved Alert Rules >>

Alert Summary Emails

While regular users can configure Alert summary emails on both Create a custom alert (EventCreateRule) and Manage my alerts / Alert rules (EventRule) forms without any special permissions granted, this is not the case for configuring and starting the Alert summary email distributor job.

We created a new privilege Docentric AX Alert Summary Email Distributor (DocAlertSummaryEmailDistributorProcess) to secure running the Alert Summary Email Distributor job. This privilege is added to the Docentric AX Alert Administrator role, please see the chapter Improved Alert Rules.

Besides, since the Alert Summary Email Distributor job should have the same security as the Change based alerts and Due date alerts jobs, we extended the built-in Maintain workflow and alerts settings (WorkflowAlertsSettingsMaintain) duty.

Learn more on Alert Summary Emails >>

Improved Attachments security

Attachments form improvements

We improved the Attachments (DocuView) form by adding Docentric metadata settings fields and a list form of attachments View in grid.

The same security which is in place for the DocuView forms in terms of viewing, updating and deleting Attachments is applied also to these artifacts introduced by Docentric.

New All attachments form

In the 3.4.5 version we introduced the All attachments form listing out all attachments in the system on flat, with view, open, edit and download options.

We created 2 security privileges:

  • Docentric AX All Attachments User privilege (DocentricAXAllAttachmentsUser),
  • Docentric AX All Attachments Admin privilege (DocentricAXAllAttachmentsAdmin).

Docentric AX All Attachments User privilege

We extended the built-in System user (SystemUser) role by adding the DocentricAXAllAttachmentsUser privilege.

The DocentricAXAllAttachmentsUser privilege enables any system user to access the All attachments form and view/edit those attachments the user can view/edit within the scope of his existing permissions regarding the attachment source tables.

It can happen that a user can access to the form and table whose record is a source record for an attachment, but he cannot access to the particular record, i.e. where the data-driven security is in place; for example there is a locked filter on the form which filters out some records for the current user, like the Electronic reporting jobs form, where users can view only their own printed ER formats. In such cases, although a user will see the attachment in the All attachments list, he will not be able to view it (open the DocuView form via jumpRef()), nor he will be able to download the attachment document or to edit it.

Docentric AX All Attachments Admin privilege

The built-in System administrator role has full access to the All attachments form OOTB, without any additional security created or configured.

We created a privilege DocentricAXAllAttachmentsAdmin which enables full access to the All attachments form and all its functionalities. You can assign this privilege to a security duty or role to enable particular users to view, edit and download all attachments in the system for all companies.

There are two exceptions regarding the System administrator role and the Docentric AX All Attachments Admin privilege comparing to the built-in security rules regarding Attachments:

  • Some Attachments are locked for particular tables (e.g. Journals) even for System administrators, and they can be unlocked via Active document tables. This rule is ignored and when the All attachments form is open by a user who is in the System administrator role or has the Docentric AX All Attachments Admin privilege assigned, the Attachments will always be unlocked and editable.
  • There is a hidden field Is default attachment, which is visible OOTB for Vendor invoices. This field will be always visible when the DocuView form is open from the All attachments form (via click, i.e. jumpRef()) for users who are in the System administrator role or having the Docentric AX All Attachments Admin privilege assigned.

See also

Security for Reporting Features >>
SharePoint Extended Security >>
How to Set Up Global Parameters >>

IN THIS ARTICLE