We recently added a new person to our HR staff and want them to be able to set up users and employees. Since the “User Account Security Maintenance” screen has a big “Security Manager” checkbox inside of it, we tried to set that sysuserfile field to read only, but for some reason it’s blocking any and all changes made to the user.
Does anyone have any experience or ideas for this particular issue?
Edit: We don’t want to give this user security manager role and we don’t want them to be able to set other users as security managers
Copy the App to another menu
Select a security ID that is one that the HR person can get into
Place the menu under one of their menu setup areas or create a SubMenu for HR
Add Employee, Buyer, Work Force, Person (planner), and User Security under the new submenu.
This will give them access to all of the apps the need.
For User Security, if you want to make it so HR cannot check the Security manager checkbox, use App studio to hide the checkbox.
Like John said, only security managers can maintain users.
One thought is to create a workflow that does an on-behalf-off flow. You grant security access for HR to a screen that collects the user data and then another process with SM capability performs the work on-behalf of the user complete with logging for those SOX-oriented companies. This practices least-privilege principles as well.
This could be implemented as an API or a timed DMT.