Overview

Not every user needs full access. Assigning permissions based on roles improves security and keeps the data secure. This article walks you through setting up limited access tailored to each user's needs.

1. Understanding the Need for Limited User Access

As businesses grow, so does the complexity of their operations. Different teams and individuals have distinct tasks and therefore require access to different parts of the system. Granting full access to every user can lead to several challenges, including:

• Security Risks: Increased exposure to sensitive data and functionalities raises the potential for accidental or malicious misuse.

• Data Integrity Issues: Users with unnecessary access might inadvertently modify or delete critical information.

• Reduced Efficiency: Navigating through a vast system with irrelevant modules and documents can decrease user productivity.

• Licensing Costs: Depending on the licensing model, providing full access to a large number of users might incur unnecessary costs when only a subset of features is actually utilized.

iVendNext addresses these challenges by allowing the creation of limited users who can access only specific documents within designated modules. This tailored approach ensures that users have the tools they need to perform their jobs effectively without compromising the security and integrity of the overall system.

2. Introducing User Types for Managing Access

The User Type document in iVendNext is central to defining the scope of a user's access. By categorizing users into different types, administrators can control which parts of the system they can interact with.

2.1. Default User Types

iVendNext comes with two standard User Types that cannot be deleted or edited:

• System User: Users assigned this type can access both the main iVendNext interface (the "desk") and the website portal.

• Website User: These users have access exclusively to the website portal.

While these default types cater to broad categories of users, they might not be sufficient for scenarios requiring highly restricted access.

2.2. Non-Standard User Types for Limited Access

To address the need for users with access limited to specific documents and modules, iVendNext allows the creation of non-standard user types. A practical example highlighted in the sources is the 'Employee Self Service' user type, designed for employees who primarily need to handle tasks like recording daily attendance or submitting leave applications.

Highlight: Non-standard User Types enable administrators to define highly specific access permissions, catering to users with limited and focused responsibilities.

3. Step-by-Step Guide to Creating a Limited User Type ('Employee Self Service' Example)

Let's walk through the process of creating the 'Employee Self Service' user type as described in the sources:

Step 1: Navigate to the User Type Document

1. Go to the Users section in the iVendNext navigation menu.

2. Click on User Type.

Step 2: Create a New User Type

1. In the "User Type" list view, click on the " Add User Type" button.

2. Enter a descriptive ID for the new user type, for example, "Employee Self Service".

3. You will notice fields to select a Custom Role, specify the document for permission application, and the fieldname of the user.

Step 3: Configure User Permission Application

1. For the 'Employee Self Service' type, you'll need to link the user to their employee record. The source mentions that the "Employee" document likely has a link field called "User ID" which is connected to the User document.

2. In the "Apply User Permission on" field, select "Employee". This indicates that the permissions defined for this user type will be applied based on the linked Employee record.

3. Identify the field in the "Employee" doctype that links to the User. The example suggests this is likely a field like "User ID". This ensures that the permissions will filter records based on this link.

Step 4: Define Accessible Document Types

1. In the section labeled "Document Types", you need to list all the specific document types that users with the 'Employee Self Service' type should be able to access. For instance, this might include "Attendance" and "Leave Application" documents. Only the document types listed here will be accessible to these users.

Step 5: Configure "Select Permissions Only"

1. The section "Document Types (Select Permissions Only)" allows you to specify document types that 'Employee Self Service' users can view but cannot create, edit, or delete. For example, you might want employees to view their own "Salary Slip" but not create new ones or modify existing ones. You can add multiple doctypes to this table as needed.

Highlight: By carefully configuring the "Document Types" and "Document Types (Select Permissions Only)" sections, you can precisely control which records limited users can interact with and the actions they can perform.

Step 6: Assign the New User Type to Users

Once the 'Employee Self Service' User Type is created, you can assign it to relevant user accounts. When these users log in, they will only have access to the document types specified in the User Type configuration, and their access to records will be filtered based on the "Apply User Permission on" setting. For example, an employee with the 'Employee Self Service' type will only be able to see their own attendance records, leave applications, and salary slips because the system will filter these documents based on the link to their Employee ID.

4. Benefits of Implementing Limited User Access

Implementing limited user access through User Types in iVendNext offers several significant advantages:

• Enhanced Security: By restricting access to only necessary data and functionalities, you minimize the risk of unauthorized access and potential data breaches.

• Improved Data Integrity: Limiting modification and deletion capabilities reduces the chances of accidental or intentional data corruption.

• Increased User Productivity: A simplified interface with only relevant modules and documents allows users to focus on their tasks more efficiently.

• Streamlined Compliance: Granular access control helps organizations meet regulatory requirements related to data privacy and security.

• Optimized Resource Utilization: By providing tailored access, you ensure that users are not overwhelmed with information they don't need, leading to better system performance and potentially reduced training overhead.

Highlight: Implementing limited user access is a cornerstone of a robust security and efficiency strategy within iVendNext.

5. Considerations for Administrator Privileges

It's important to remember the context of Administrator privileges in relation to access control. As highlighted in the sources:

• The Administrator role in iVendNext has unrestricted access to all features and settings, surpassing the System Manager.

• For cloud-hosted iVendNext accounts, you typically will not have direct access as an Administrator due to the provider managing upgrades and security at the backend.

• Self-hosted (on-premises) accounts provide the account user with Administrator credentials.

Therefore, while implementing limited user access for standard users is crucial, the management of the overall system and user roles often requires Administrator-level privileges. Understanding the hosting environment of your iVendNext instance is essential for knowing the extent of your administrative control.