Roles play a central part in defining users of the M5 system. They are the foundation records for building Application Users. The next sections address the details of Role creation and maintenance and illustrate how critical it is to understand the steps required and the sequences to follow when creating and maintaining them.
Before creating a role, there are some necessary preparation steps. Primarily these involve the creation of groups for locations (Location Groups), operational entities (Operational Entity Groups), and customized menus (Menu Maintenance) with field restrictions. Additional setup includes KPI/PMM Groups, Printing/Reporting capabilities and Department/Chat Groups.
There are three general steps for creating a new user. First, you must create the Database User ID. Then create a Role via this frame with the necessary menus, privileges and a database user ID. Finally, you create the Application User and assign them the appropriate role.
General Tab
To create a new Role, click in the Role field and enter a new Role ID. It’s helpful to style the ID in a way that is easily associated with the employees you anticipate assigning to this role. For example, 'MECH' for mechanics. Your company may already have common abbreviations for various groups that could also be used in this situation.
Next enter the data for any of the remaining fields on the General Tab that apply - Description, Notes, Restricted Home Page, Outside User, Database User ID.
The Restricted Home Page field allows you to enter a specific home page for Application Users assigned to the role. If a value is entered here it will override any value set at the App User level and not allow them to change their individual home page.
Two Factor Authentication can be activated via the M5 Parameters screen. If the Email_By_Role value is chosen and this box is checked, as users attempt to log in, the system will send the appropriate e-mail address an authorization number.
Users will only have one chance to enter the code. If it is incorrect, it will have to be re-entered. Dashes have to be included.
Users will also only have 10 minutes to enter the code in the frame that is presented (can't use the same code in a different one, should you try to log on again, a new code is generated).
If the user does not enter the correct code in the allotted time, they will receive a "code expired" notification on-screen and will be required to attempt to log in again (and will subsequently be given a new code).
Part Request Approval Amount field:
If the Part Request Approval Amount is left blank: No restrictions will be needed to approve part requests.
If the Part Request Approval Amount is entered as 0 (Zero): All part request will require an approval for this role.
If the Part Request Approval Amount is entered as a dollar value: Any part requests total exceeding this value would require an approval.
Works in conjunction with the APPROVE PART REQUEST and APP OWN PART REQUEST privileges.
The Commercial Request for Service Approval Amount field:
If the Commercial Request for Service Approval Amount is left blank: No restrictions will be needed to approve commercial requests for service.
If the Commercial Request for Service Approval Amount is entered as 0 (Zero): All commercial request for service will require an approval for this role.
If the Commercial Request for Service Approval Amount is entered as a dollar value: Any commercial requests for service total exceeding this value would require an approval.
Works in conjunction with the APPROVE SVC REQUEST and APP OWN SVC REQUEST privileges.
Locations/Operational Entities Tab
On this tab, you can assign any Location Groups or Operational Entity Groups that apply to the specific role. These are generally used as additional system security measures to ensure users are only accessing locations and parts of the system that pertain to their job function.
Menus/KPIs Tab
On the Menus and KPIs tab you can assign any custom menus from Menu Maintenance as well as KPI Groups that the role should have access to. See the KPI Groups frame for more information about setting up these groups.
Privileges Tab
The Privileges tab is perhaps the most important aspect of Role Maintenance. M5 uses role privileges to determine much of what users with the role can and cannot do within the system.
For more information on specific Role Privileges and what they do, see Role Privileges. A full list of privileges can also be found in Appendix A of the System Administrator User Guide.
Reporting Tab
The Reporting tab allows you to assign any Printer Groups or Report Groups that the role needs for use with Crystal Reports.
Application Users Tab
The Application Users tab gives you the ability to view the Application Users currently assigned this specific role. Each record displays in read-only format and contains the Application User ID, their Name, Division, Phone Number, and Expiration/Disabled information, if applicable.
Department/Chat Groups
The Department/Chat Groups tab allows you to manage and assign any Department Groups or Chat Groups to the role. To assign a group, click on the group to highlight it, and then click the >> button to move the group into the Assigned column.
The Disable DAF for Reports check box allows users to run any reports regardless of DAF settings.
Vendor Gateway
The Vendor Gateway tab allows you define the authorized and unauthorized vendor gateway states for user roles. To move a state from one column to another, select the state and use the >> and << to move from authorized to unauthorized. Click save once it is in the appropriate column.
Indirect Accounts
The Indirect Account tab allows you to authorize or unauthorize Indirect Account Groups for a specific user role. Use the >> and << buttons to move groups between the two columns.
For more information see System Administration Application User Training.
Last Updated: 01/17/2020
NOTE: To view a list of System Flags and Role Privileges that may impact this screen, hover over the screen title in M5 to display the bubble help/tooltip. At the bottom of the bubble help/tool tip, there is a Settings hyperlink. Click that hyperlink to display the list of flags and privileges.
Additional training and technical documents on this subject may be available in the Resource Files area.