How access to a function is determined

Application Administration evaluates the access settings of a function to determine whether a user is allowed or denied access to that function.

All functions have a default and an all object access setting. Functions may also have customized access settings which allow or deny specific users and groups access to that function.

These are the steps Application Administration takes to determine whether a user can access a particular function:

  1. If All Object Access is selected for a function, and the user has all object system privilege, the user is allowed access to the function. If not, continue to the next step.
  2. If the user is either denied or allowed access by the Customized Access setting, then the Customized Access setting determines the user's access to the function. If not, then continue to the next step.
  3. If the user is a member of one or more groups, then go to step 4. If not, go to step 7.
  4. If All Object Access is selected for a function, and the group has all object system privilege, then the user can access the function. If not, then continue to the next step.
  5. If the user is in a group whose Customized Access setting is Allowed, then the user is allowed access to the function. If not, then continue with the next group at step 4. After Application Administration processes each group, continue to step 6.
  6. If the user is in a group whose Customized Access setting is Denied, then the user is denied access to the function. If not, then continue to the next step.
  7. The Default Access setting determines the user's access to the function.
Parent topic: Access settings for a function