This article provides a solution on how to remove/revoke security rights for all users except those explicitly required to have the specified permissions.
The solution section illustrates the steps using an example scenario where we shall revoke Credit Memo permissions for all users except a select subset of the users.
The same procedure should work for any other Security Right in Everest.
All user permissions in Everest are managed through Security Rights. A set of Security Rights can be assigned to a group and by including a user in the group, all the group rights are inherited by the user. Conversely, by removing a user from a group, they lose all permissions they had inherited by virtue of their group membership.
Assign Credit Memo Security Rights to only the specified users by following these steps:
- Log in to Everest using an account having Supervisor permissions
- Open the Security Rights browser by navigating to File > Setup > Security Rights
- Click on the Description column to filter the Security Rights by this column
- Type 'Credit Memo' in Search by Description text box to filter all Security Rights related to the Credit Memo browsers.
- Exclude all the above Security Rights from the 'EVERYONE' as well as all other groups. Notice in the above screenshot that the 'SALES' group has the
'Credit Memo Browser: View'permission which will allow users in this group to view Credit Memos. Since this is not desired, revoke this right from the group by selecting it and clicking on the icon.
- Scroll through the list and confirm that no other groups have any of the above Security Rights assigned.
- Create a new group named 'Credit Memo Modifiers' (or a similar descriptive name) and assign all the above security rights to this group. Refer to Group Rights for more information on assigning rights to groups.
- Assign only the users who are allowed to view/edit Credit Memos to the newly created group. Refer to this article for more information on how to associate users with a group.
- Ensure the none of the users who don't belong to the newly created group are in the SUPERVISORS group as this is a default group that has all the Security Rights assigned.
- Save and Close the Security Rights browser once the configurations are completed as desired.
- Review the users added to the newly created group by navigating to File > Setup > Users > Users belonging to a group.
Below is a short video showing the above steps.
Viewing/editing credit memos should be revoked for all users except those belonging to the 'Credit Memo Modifiers' group.