Configuring Role-Based Permissions for Documents

Configuring Role-Based Permissions for Documents

Overview

In iVendNext, document-level permissions ensure users only access and modify records relevant to their roles—from sales orders to HR leave applications. This article provides a step-by-step guide to setting up granular permissions for documents, including field-level restrictions and stage-based controls.




Step 1: Accessing the Role Permissions Manager

  1. Navigate to: Home > Users and Permissions > Role Permissions Manager.

  2. Select a Document Type (e.g., "Leave Application," "Sales Invoice").


IdeaTip: Use the search bar to quickly find document types.



Step 2: Understanding Permission Components

Permissions are defined by five key elements:


Component

Description

Example

Role

User role (e.g., Employee, HR Manager).

"HR Manager" can approve leave requests.

Document Type

The document being controlled (e.g., Purchase Order).

Restrict access to "Salary Slips."

Permission Level

Groups fields by sensitivity (Level 0–9).

Level 1 = Salary fields (restricted).

Document Stage

Lifecycle stage (Creation, Submission, Cancellation).

Allow "Submit" only for Managers.

User Permissions

Limit access to specific records (e.g., only their leave applications).

Employee sees own records.



Step 3: Adding a New Permission Rule

  1. Click "Add a New Rule."

  2. Select:

    • Role (e.g., "Employee").

    • Permission Level (default: Level 0).

  3. Set permissions for each stage:

    • Read: View the document.

    • Write: Edit fields.

    • Create: Make new records.

    • Submit/Cancel: Change workflow status.



Step 4: Configuring Field-Level Permissions

Use Permission Levels to restrict sensitive fields:


  1. In the document (e.g., "Leave Application"), assign fields to levels:

    • Level 0: Basic fields (e.g., Employee Name).

    • Level 1: Sensitive fields (e.g., Approval Status).

  2. In Role Permissions Manager, grant Level 1 access only to privileged roles (e.g., HR Manager).


Example:


  • Employee: Read/write Level 0 fields (e.g., leave dates).

  • HR Manager: Read/write Level 1 fields (e.g., approval status).



Step 5: Restricting Document Access (User Permissions)

To limit users to specific records (e.g., only their territory’s sales orders):


  1. Click "Set User Permissions" in the Role Permissions Manager.

  2. Define filters (e.g., "Territory = East Region").



Real-World Use Cases

1. Leave Application Workflow

Role

Permissions

Employee

Create/read own leave apps (Level 0). Cannot submit.

Leave Approver

Read/write Level 1 (status field). Access apps for their team only.

HR Manager

Full access to all leave apps. Can delegate permissions.


2. Sales Invoice Approval

  • Sales User: Create invoices, but cannot submit.

  • Accounts Manager: Submit/cancel invoices.

  • Field Restriction: Level 1 = Discount % (only Managers can modify).



Best Practices

  1. Least Privilege: Start with minimal access; expand as needed.

  2. Test Roles: Use a test user account to verify permissions.

  3. Audit Logs: Monitor "Permission Manager" logs for changes.



Troubleshooting

  • Issue: A user can’t see a document.
    Solution: Check their role’s User Permissions and Document Type access.

  • Issue: Fields are missing.
    Solution: Verify the user’s role has the correct Permission Level.



Conclusion

Role-based document permissions in iVendNext enable secure, efficient workflows by aligning access with job functions. By configuring field levels, stages, and user-specific restrictions, businesses reduce errors and maintain compliance.



    • Related Articles

    • Role-Based Permissions: A Comprehensive Guide

      Introduction Role-Based Permissions (RBP) are the backbone of security and workflow control in iVendNext. They determine who can access what—from documents and reports to specific fields within forms. This guide explains how RBP works, how to ...

    • Role-Based Permissions and Access Control

      Introduction In any organization, ensuring that employees have the right level of access to systems and data is crucial for maintaining security, compliance, and operational efficiency. iVendNext offers a robust Role-Based Permissions system that ...

    • Understanding Role-Based Permissions

      Introduction iVendNext’s role-based permission system ensures secure and efficient access control for your retail operations. By assigning roles to users, you can define what actions they can perform—from processing sales to overriding discounts. ...

    • User Permissions: Restricting Access to Specific Documents

      Introduction While Role-Based Permissions control access to document types (e.g., Sales Orders, Leave Applications), User Permissions take security further by restricting users to specific records—such as only their assigned customers, territories, ...

    • Role-Based Access Control

      Introduction In any business, ensuring that the right people have access to the right information is crucial for maintaining security, compliance, and operational efficiency. Role-Based Access Control (RBAC) is a powerful feature in iVendNext that ...