D Listing of application roles D.1 OLD Manual Format For references E Deprecated Content

D.2 New Auto Generated roles

account_all: @@@
account_create: @@@
account_delete: @@@
account_edit: @@@
account_link_description_create: @@@
ap_all: @@@
ap_all_transactions: @@@
ap_all_vouchers: @@@
ap_invoice_create: @@@
ap_invoice_create_voucher: @@@
ap_transaction_all: @@@
ap_transaction_create: @@@
ap_transaction_create_voucher: @@@
ap_transaction_list: @@@
ar_all: @@@
ar_invoice_create: @@@
ar_invoice_create_voucher: @@@
ar_transaction_all: @@@
ar_transaction_create: @@@
ar_transaction_create_voucher: @@@
ar_transaction_list: @@@
ar_voucher_all: @@@
assembly_stock: @@@
assets_administer: @@@
assets_approve: @@@
assets_depreciate: @@@
assets_enter: @@@
audit_trail_maintenance: @@@
auditor: @@@
base_user: Users need to be given this role in order to be granted access to the database schema which holds all LedgerSMB objects.

This role only allows access to menu items Preferences, Logout, and New Window. The user basically cannot do anything without added additional roles.
batch_create: This role allows creation of new batches and vouchers.
batch_list: @@@
batch_post: This role allows posting batches of e.g. transactions, payments and invoices.
budget_approve: This role allows searching, viewing and approving of budgets.
budget_enter: This role allows creation and updating of budgets.
budget_obsolete: This role allows searching and viewing budgets as well as marking them obsolete (=no longer applicable).
budget_view: This role allows searching and viewing of budgets.
business_type_all: @@@
business_type_create: @@@
business_type_edit: @@@
business_units_manage: This role allows searching, viewing, creation and editing of business (reporting) classes and their members.
cash_all: @@@
contact_all_rights: This role combines all ’contact_class_ $\ast$ ’ and ’contact_ $\ast$ ’ roles and grants all access rights to all contact classes.
contact_class_cold_lead: This role allows access to cold sales lead contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_contact: This role allows access to contact data (e-mail, phone, etc) of all kinds of contacts (customer/vendor/…). Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_customer: This role allows access to customer contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_employee: This role allows access to employee contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_hot_lead: This role allows access to hot sales lead contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_lead: This role allows access to sales lead contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_referral: This role allows access to referral contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_robot: This role allows access to robot (automated process, acting on behalf of…) contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_sub_contractor: This role allows access to subcontractor contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_class_vendor: This role allows access to vendor contact data. Combine with ’contact_read’, ’contact_create’, ’contact_edit’ and/or ’contact_delete’ to determine the type of access granted.
contact_create: When paired with one or more ’contact_class_ $\ast$ ’ role/-s, this role allows creation of new entities, persons and companies (contacts).

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_read-role does not provide any rights.
contact_delete: When paired with one or more ’contact_class_ $\ast$ ’ role/-s, this role allows removal of existing entities, persons and companies (contacts).

Note that in order to be able to search for contacts to be deleted, the user needs to be assigned the ’contact_read’ role.

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_read-role does not provide any rights.
contact_edit: When paired with one or more ’contact_class_ $\ast$ ’ role/-s, this role allows editing of existing entities, persons and companies (contacts).

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_read-role does not provide any rights.
contact_read: When paired with one or more ’contact_class_ $\ast$ ’ role/-s, this role allows searching and viewing entities, persons and companies (contacts).

Each contact_class_<resource> role, when paired with contact_read, enables this access for the specific <resource>. On it’s own, the contact_read-role does not provide any rights.
country_all: @@@
country_create: @@@
country_edit: @@@
draft_modify: This role allows modification of existing draft (= saved) transactions.
draft_post: This role allows posting of saved transactions to the ledger.
employees_manage: This role allows creation, updating and searching of employees.
exchangerate_edit: This role allows searching, viewing and editing of currencies, exchange rates and exchange rate types.
file_attach_eca: This role allows attaching files to entity credit accounts (customers/vendors).
file_attach_entity: This role allows attaching files to entities (contacts).
file_attach_order: This role allows attaching files to orders and quotes.
file_attach_part: This role allows attaching files to goods and services.
file_attach_tx: This role allows attaching files to transactions and invoices.
file_read: This role allows reading of files attachments and files uploaded through the system menu.
file_upload: This role allows uploading of files through the system menu.
financial_reports: @@@
gifi_create: @@@
gifi_edit: @@@
gl_all: @@@
gl_reports: @@@
gl_transaction_create: @@@
gl_voucher_create: @@@
inventory_adjust: @@@
inventory_all: @@@
inventory_approve: @@@
inventory_receive: @@@
inventory_reports: @@@
inventory_ship: @@@
inventory_transfer: @@@
language_create: @@@
language_edit: @@@
orders_generate: @@@
orders_manage: @@@
orders_purchase_consolidate: @@@
orders_sales_consolidate: @@@
orders_sales_to_purchase: @@@
part_create: @@@
part_delete: @@@
part_edit: @@@
payment_process: @@@
pricegroup_create: @@@
pricegroup_edit: @@@
purchase_order_create: @@@
purchase_order_delete: @@@
purchase_order_edit: @@@
purchase_order_list: @@@
receipt_process: @@@
reconciliation_all: @@@
reconciliation_approve: @@@
reconciliation_enter: @@@
recurring: @@@
rfq_create: @@@
rfq_delete: @@@
rfq_list: @@@
sales_order_create: @@@
sales_order_delete: @@@
sales_order_edit: @@@
sales_order_list: @@@
sales_quotation_create: @@@
sales_quotation_delete: @@@
sales_quotation_list: @@@
sic_all: @@@
sic_create: @@@
sic_edit: @@@
system_admin: @@@
system_settings_change: @@@
system_settings_list: @@@
tax_form_save: @@@
taxes_set: @@@
template_edit: @@@
timecard_add: @@@
timecard_list: @@@
timecard_order_generate: @@@
transaction_template_delete: @@@
translation_create: @@@
users_manage: @@@
voucher_delete: This role allows deletion of vouchers (i.e. groups of e.g. payments).
warehouse_create: @@@
warehouse_edit: @@@
yearend_reopen: @@@
yearend_run: @@@