Introduction: In today's enterprise, many unique groups and/or individuals have access to, and use the same applications simultaneously. This fact poses unique issues when designing access control within a software application such as OnTrax Timesheets. Some users should have complete control over some areas (example Budgets) yet the same user should have limited or no control over editing the associated objects (example Projects). In order to give users of OnTrax Timesheets the flexibility that is required for both large scale and small to medium size implementations, OnTrax was designed with todays complex corporate structure in mind.
User Authorizations and rate maintenance -
Authorizations - Project and Budget authorizations are configured within the user master and are used as a template for the users authorizations. At the time the user is assigned to the object (project or budget) their authorizations will be obtained from the user master and assigned to the object. Once assigned to the object the users authorizations are editable and can be configured for the individual object
It is important to note that changing the users configuration within the user master will not effect existing user authorization for projects in which the user has been previously assigned. In order to change a users authorizations for projects in which they have been previously assigned the user must be modified at the project level within the project user assignment section.
Rates - User rate information is maintained within the user master configuration. As a general rule rates for individual time postings will be obtained from the user master rate assignment. There are however certain situations that effect the posted rates as is the case with project item level overrides or task based projects. For more detail regarding the rate calculations please refer to the "Rate Relationship Diagram" and "Rate Determination Diagram" later in this chapter.
Description:
OnTrax Timesheets uses an 'Object' based authorization model. In basic terms, this means that for each of the individual objects (a project or a budget) the following authorizations are granted or denied:
Project Authorizations - Determines if the user has the authority to perform specific actions . They are listed as follows:
Display/Modify - User can assign; users, project items, set rates, create associated child nodes
Manager:
Report on data posted against the object
Post global costs to the object for items assigned as 'General Expense' items
Create/Edit project 'Plan' data associated with the specific project
Time/Expense User - Yes / No
Create Child Object - Yes / No
Assign Project - Yes / No