How to Restrict What a User Group Can See

This page explains how to restrict the data and menus that a user group can access. There are three layers of restriction: database role, menu access, and table permissions with record filters.

Prerequisites

• You must have Administrator or Configuration user group permissions.
• The user group you want to restrict must already exist. If not, create one first (see User Groups).

Step 1: Set the Database Role

The database role sets the baseline level of access for the entire user group.

1. Navigate to Admin > Users > User Groups.
2. Click the user group name to open the editor.
3. Set the Database Role to the appropriate level:

4. Save the user group.

Step 2: Restrict Menu Access

Menu access controls which navigation links, action buttons, and menu options users in the group can see.

1. In the User Group Editor, switch to the Menu Access tab.
2. For each menu item, set the access to Allow or Deny.
3. Denying all menu items within a menu category hides the entire category from the group.
4. Save the user group.

To speed up configuration, use the copy option on the Menu Access tab to copy permissions from an existing similar user group, then adjust the differences.

Using Ctrl-9 for Visual Verification

1. Navigate to any page in the application.
2. Press Ctrl-9 and select the user group from the dropdown.
3. All menus on the page display green checks (allowed) or red crosses (denied).
4. Press Ctrl-9 again to remove the indicators.

Step 3: Set Table Permissions

Table permissions refine access at the table level, controlling which tables users can read, insert into, update, and delete from.

1. In the User Group Editor, switch to the Table Permissions tab.
2. Click Add a new Permission to create a table permission record.
3. Select the Object Name (the database table, e.g., Asset, Custodian, Contract).
4. Check or uncheck the permissions:
   • Select -- can read records from this table.
   • Insert -- can create new records.
   • Update -- can modify existing records.
   • Delete -- can delete records.
5. Save the permission.

Step 4: Apply Record Filters (Optional)

Record filters provide mandatory data segregation. Users in the group will only see records that pass the filter -- filtered-out records are completely invisible.

1. First, create a filter query: navigate to the Query Editor and create a query with type Filter and a subject matching the table you want to filter (e.g., Asset).
2. Add filter conditions that reference the logged-in user. Common filter parameters include:
   • %CurrentUserCompanyID% -- restrict to assets in the user's company.
   • %CurrentUserLocationID% -- restrict to assets in the user's location.
3. Save the filter query.
4. Return to the User Group Editor > Table Permissions tab.
5. Open the table permission record for the target table.
6. Select your filter query in the Record Filter field.
7. Save.

Common Restriction Patterns

Tips

• Test record filters thoroughly. Log in as a user in the affected group and verify the correct records are visible.
• After changing permissions, existing users may need to log out and log back in for changes to take effect. Use Log off selected users from the Users Menu to force this.
• Table permissions refine the database role -- a Read Only role cannot insert/update/delete regardless of table permission settings.

Related Articles

• User Groups — overview of the user group system
• Menu Access — controlling menu visibility
• Table Permissions — controlling table-level access and record filters
• Query Record Filters — building filter queries