Is there any documentation about the new roles in the USoft 10 Authorizer?
I’m trying to authorise developers for the Definer, with TeamWork permissions. Role USD_DEVELOPER (“Developer and TeamWork for Developers”) would seem the obvious choice, but then I still get this error:
No or limited SELECT rights on table "T_BUSINESS_PROCESS_STEP"
when accessing business processes.
Adding those users to the USD_TWRK role also doesn’t fix the problem. Adding them to the USD_REP_OWNER does, but that seems a little extreme...
P.S. The same questions arises when configuring UDELIVER and USTESTER and...
Best answer by Rob.van.Haarst
Thanks for these questions. You are completely right. There are a 2 things missing here.
Your error message appears because the standard USD_DEVELOPER role misses access rights on table T_BUSINESS_PROCESS_STEP. This is wrong: USD_DEVELOPER should have all access rights to this table. This has been reported as a bug (121440). It will be fixed in the next USoft 10.0 patch. This problem already existed in 9.1. But in 9.1, as a developer, you could manually add this right to the USD_DEVELOPER usergroup.
This brings me to the next thing missing. As you say, USoft 10.0 documentation no longer explains about standard roles. Our thought was that in 10.0, the Description field for Roles was sufficient for Authorizer users to understand what rights each standard role contains. Please have a look at role descriptions in Authorizer: does this answer your questions?
Because of the many changes in this area, I will write an overview Community article on standard roles and access rights in USoft. Here is the gist of it:
- The (7) Definer 9.1 standard usergroups, as summarised in this help topic, are now the (7) Definer 10.0 standard roles. They are the same as before, except that 9.1 usergroup USD_REP_OWNER has been renamed to 10.0 role ADMIN. The Upgrade tool (for 9.1-to-10.0 upgrades) takes this rename into account.
- You will find that in USoft 10.0, USTESTER, USERVICE and UDELIVER have 3 standard roles each. These applications (just like USD = USoft Definer) each have an ADMIN role who has full access. In addition, they each have a read-only role and a background-only role.
- In 9.1, for the USD application, you didn’t automatically get the standard usergroups. You needed to run the Load Definer User Groups tool from the Tools menu in Authorizer. This loaded the set of standard USD usergroups and rights. You could then edit these Authorizer records freely. In 10.0, for USD, USTESTER, USERVICE, UDELIVER, all the access rights are in roles locked in the .CON files that we deliver for our applications. You no longer need to run a tool to get these standard rights, but... you can no longer edit these rights.
Hope this helps, and thanks again,