- Executive/Upper Management users who need access to view information but should not be able to transact in the system
- Internal/External audit users who need to validate reports and policies/procedures
Now, while I would recommend only granting access to the areas a users needs to perform their job function (taking a ‘least privilege’ approach to security) the risk for granting read only access is less than over provisioning on accesses that can transact with the system.
The Goal
The goal with this is to grant all menu item displays at a read level to the user; this would give them access to every form in the system without the ability to transact at all.
Steps
1) Go to System Administration -> Security Configuration
2) Go to privileges and create a new privilege
3) Click on Display Menu Items then click on ‘Add References’
4) In the dialog that pops up, click on the check mark in the menu bar next to ‘Name’ (this selects all options in the dialog)
5) In the bottom of the dialog, select which permission you would like to apply across all selected items (in our case we would select the Grant option on Read)
6) Click OK
Once we publish this privilege, we can validate that this process was successful by selecting our privilege we just created and clicking on ‘View Permissions’:
See which IT systems and users have higher privileges than they need
