D Listing of application roles

D.2 New Auto Generated roles

account_all

@@@

account_create

@@@

account_delete

@@@

account_edit

@@@

account_link_description_create

@@@

ap_all

@@@

ap_all_transactions

@@@

ap_all_vouchers

@@@

ap_invoice_create

@@@

ap_invoice_create_voucher

@@@

ap_transaction_all

@@@

ap_transaction_create

@@@

ap_transaction_create_voucher

@@@

ap_transaction_list

@@@

ar_all

@@@

ar_invoice_create

@@@

ar_invoice_create_voucher

@@@

ar_transaction_all

@@@

ar_transaction_create

@@@

ar_transaction_create_voucher

@@@

ar_transaction_list

@@@

ar_voucher_all

@@@

assembly_stock

@@@

assets_administer

@@@

assets_approve

@@@

assets_depreciate

@@@

assets_enter

@@@

audit_trail_maintenance

@@@

auditor

@@@

base_user

Users need to be given this role in order to be granted access to the database schema which holds all LedgerSMB objects.

This role only allows access to menu items Preferences, Logout, and New Window. The user basically cannot do anything without added additional roles.

batch_create

This role allows creation of new batches and vouchers.

batch_list

@@@

batch_post

This role allows posting batches of e.g. transactions, payments and invoices.

budget_approve

This role allows searching, viewing and approving of budgets.

budget_enter

This role allows creation and updating of budgets.

budget_obsolete

This role allows searching and viewing budgets as well as marking them obsolete (=no longer applicable).

budget_view

This role allows searching and viewing of budgets.

business_type_all

@@@

business_type_create

@@@

business_type_edit

@@@

business_units_manage

This role allows searching, viewing, creation and editing of business (reporting) classes and their members.

cash_all

@@@

contact_all_rights

This role combines all ’contact_class_’ and ’contact_’ roles and grants all access rights to all contact classes.

contact_class_cold_lead

This role allows access to cold sales lead contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.

contact_class_contact

This role allows access to contact data (e-mail, phone, etc) of all kinds of contacts (customer/vendor/…). Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.

contact_class_customer

This role allows access to customer contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.

contact_class_employee

This role allows access to employee contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.

contact_class_hot_lead

This role allows access to hot sales lead contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.

contact_class_lead

This role allows access to sales lead contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.

contact_class_referral

This role allows access to referral contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.

contact_class_robot

This role allows access to robot (automated process, acting on behalf of…) contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.

contact_class_sub_contractor

This role allows access to subcontractor contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.

contact_class_vendor

This role allows access to vendor contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.

contact_create

When paired with one or more ’contact_class_’ role/-s, this role allows creation of new entities, persons and companies (contacts).

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_read-role does not provide any rights.

contact_delete

When paired with one or more ’contact_class_’ role/-s, this role allows removal of existing entities, persons and companies (contacts).

Note that in order to be able to search for contacts to be deleted, the user needs to be assigned the ’contact_read’ role.

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_read-role does not provide any rights.

contact_edit

When paired with one or more ’contact_class_’ role/-s, this role allows editing of existing entities, persons and companies (contacts).

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_read-role does not provide any rights.

contact_read

When paired with one or more ’contact_class_’ role/-s, this role allows searching and viewing entities, persons and companies (contacts).

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_read-role does not provide any rights.

country_all

@@@

country_create

@@@

country_edit

@@@

draft_modify

This role allows modification of existing draft (= saved) transactions.

draft_post

This role allows posting of saved transactions to the ledger.

employees_manage

This role allows creation, updating and searching of employees.

exchangerate_edit

This role allows searching, viewing and editing of currencies, exchange rates and exchange rate types.

file_attach_eca

This role allows attaching files to entity credit accounts (customers/vendors).

file_attach_entity

This role allows attaching files to entities (contacts).

file_attach_order

This role allows attaching files to orders and quotes.

file_attach_part

This role allows attaching files to goods and services.

file_attach_tx

This role allows attaching files to transactions and invoices.

file_read

This role allows reading of files attachments and files uploaded through the system menu.

file_upload

This role allows uploading of files through the system menu.

financial_reports

@@@

gifi_create

@@@

gifi_edit

@@@

gl_all

@@@

gl_reports

@@@

gl_transaction_create

@@@

gl_voucher_create

@@@

inventory_adjust

@@@

inventory_all

@@@

inventory_approve

@@@

inventory_receive

@@@

inventory_reports

@@@

inventory_ship

@@@

inventory_transfer

@@@

language_create

@@@

language_edit

@@@

orders_generate

@@@

orders_manage

@@@

orders_purchase_consolidate

@@@

orders_sales_consolidate

@@@

orders_sales_to_purchase

@@@

part_create

@@@

part_delete

@@@

part_edit

@@@

payment_process

@@@

pricegroup_create

@@@

pricegroup_edit

@@@

purchase_order_create

@@@

purchase_order_delete

@@@

purchase_order_edit

@@@

purchase_order_list

@@@

receipt_process

@@@

reconciliation_all

@@@

reconciliation_approve

@@@

reconciliation_enter

@@@

recurring

@@@

rfq_create

@@@

rfq_delete

@@@

rfq_list

@@@

sales_order_create

@@@

sales_order_delete

@@@

sales_order_edit

@@@

sales_order_list

@@@

sales_quotation_create

@@@

sales_quotation_delete

@@@

sales_quotation_list

@@@

sic_all

@@@

sic_create

@@@

sic_edit

@@@

system_admin

@@@

system_settings_change

@@@

system_settings_list

@@@

tax_form_save

@@@

taxes_set

@@@

template_edit

@@@

timecard_add

@@@

timecard_list

@@@

timecard_order_generate

@@@

transaction_template_delete

@@@

translation_create

@@@

users_manage

@@@

voucher_delete

This role allows deletion of vouchers (i.e. groups of e.g. payments).

warehouse_create

@@@

warehouse_edit

@@@

yearend_reopen

@@@

yearend_run

@@@