The information on this page is for Veson IMOS Platform Administrators only.
Groups and Users
Two types of users are recognized for assigning access rights:
Groups have group access rights. Groups can belong to other groups. A group acts as a template: Any group or user in a group inherits all the access rights of the group.
Users have individual access rights. Users can belong to one or more groups, but they do not have to belong to any groups.
Users' overall access rights are a combination of their group and individual access rights.
Module Rights can be assigned at three different levels:
Module: Analytics, Networking (Voyage Reporting), Trading, Chartering, Operations, Financials, Data Center, and Veslink (Voyage Reporting). For each module, you can assign a right to the whole module or expand it.
Area within a module: The headings from the module center (Quick Links, Reports, etc.) plus:
General/Module Center: The right to view the Module Center
Actions: Actions that might or might not correspond to a form or a list in a module center and go beyond the rights to Read, Write, and Delete. You can assign groups or users different rights to these actions than to the related form or list. Examples:
In Operations, deleting, closing, and reopening a voyage are listed under Actions. All these actions refer to the same form, Voyage Manager. You might want to assign a group the Read and Write right to the Voyage Manager, but only assign certain members the right to delete, close, or reopen a voyage.
In other words, the rights to Voyage Manager will take precedence over the voyage-related Action rights.
In Financials, approving, posting, releasing, and reversing invoices are listed under Actions. Approve Invoices and Post Invoices, for the Approve Invoices List and Post Invoices List, are listed under Transactions, as they are in the Financials Module Center. You might want to assign a group or a user the Read Only right to the Approve Invoices List and the Post Invoices List, but not the right to approve, post, release, or reverse invoices. You also might want to allow certain users to approve or post invoices and others to reverse them.
Item within an area, such as an action, a Quick Link, a form, a list, or a report
Module Rights do not allow control on individual fields using Access Rights.
For example, on a TC contract, you cannot place access restrictions for a user on the Duration/Basis field.
Data Center module rights may require other access rights to work in synch, e.g. to have public view on lists, a user needs to enable "Manage Public View Lists“ (Data Center) + "Voyage list“ (Operations).
Object Rights can be assigned at two different levels:
By object type: Company, Vessel Type, Vessel, or Pool.
You can assign a right to the whole object type or expand it. For example, you can assign a group or a user the same rights to all Vessel Types.
With Company-based Security enabled (Enable Company Security), company-based permissions can be set for each user or group. Selecting an (empty) Company allows a user or group to edit and save records that do not have a Company specified. Additional options can be configured.
Rights defined here are independent of those defined under the Module Rights section. For example, if "Forms“ > "View“ right is set to "Read, Write, Delete“, this is independent from whichever rights are granted under the Veslink "View Forms“ Module right below
By object: An individual company, vessel type, vessel, or pool.
For example, you can assign a group or a user different rights to different vessel types.
Levels and Priorities of Rights
Keep in mind that rights for users might have been assigned in any groups in which they are members.
To assign or remove Read, Write, and Delete rights, select or clear a check box. To change to a different right, hover to the right of the check box, click , and then click a right:
: No rights have been assigned here.
: Read, Write, and Delete
: Read and Write
: Read Only
: All Rights Denied
: Some rights have been assigned at a lower level.
Priorities for Users with Conflicting Rights
Rights have priorities to determine which right applies if a user either has individual rights that conflict with group rights or is a member of more than one group, and the groups have different rights. The order is:
All Rights Denied > Read, Write, and Delete > Read and Write Only > Read Only
A user with Read, Write, and Delete rights to a module who is also a member of a group with All Rights Denied to the module is effectively denied access.
A user with Read, Write, and Delete rights to a module who is also a member of a group with Read Only rights effectively has Read, Write, and Delete rights.
A user with a read-only license has read-only access regardless of membership in any other groups.
Note that unless explicitly denied, Read Only users should still have the ability to create/edit/delete analytical views of data as the Report Designer reports are not considered to be “data” but means to view the data.
For actions, we do not have a read-only option. "Actions" represents an actual change that you would be making in the system, so inherently there is no "Read Only". You can either take the action or not.
Reporting on User Rights
You can create a Module Access Report in the Report Designer, which shows a summary of Module Rights by user; a similar report can be created for object rights. Download the example report definition from Example Reports - Report Designer.
Enable Company Security
Set company-based permissions for each user or group on the Object Rights tab in Security, under Company. Permissions apply where needed to prevent users from editing or seeing various items associated with any restricted companies.
Use Contract Company
If enabled, displays Company as a required field on the Voyage Fixture, Time Charter, and Voyage. If LOB is enabled, this field will also be required. Note that this flag enables strict company matching (that is, sale and purchase companies must match) for the TDE.
This flag is almost always enabled when company-based security (CFGEnableCompanySecurity) is in use, as it requires the Company Code to be specified in records before the user can save. A warning message will appear if an invoice is issued in which they do not match.
Require Company Match for Invoice
When enabled and CFGUseContractCompany is also enabled, the contract company must match the fixture company to approve or post invoices.
Invoice Approvals by Type
Specifies whether the control of invoice approval by type is enabled or not; adds an Invoice Approval Types control list to the Object Rights tab in Security, to grant users rights to approve specific types of invoices. On the Approve Invoices List and Transaction Summary, if a user does not have approval rights for an invoice type, the Review link will not be available for those invoices.
Invoice Postings by Type
Specifies whether the control of invoice posting by type is enabled or not; adds an Invoice Posting Types control list to the Object Rights tab in Security, to grant users rights to post specific types of invoices. On the Post Invoices List and Transaction Summary, if a user does not have posting rights for an invoice type, the Post link will not be available for those invoices.
Invoice Actualization by Type
Specifies whether the control of invoice actualization by type is enabled or not; adds an Invoice Actualization Types control list to the Object Rights tab in Security, to grant users rights to set specific types of invoices to Actual.
Invoice Reversals by Type
Specifies whether the control of invoice reversal by type is enabled or not. When enabled, on the Object Rights tab in Security, an Invoice Reversal Types control list is added to grant users rights to reverse specific types of invoices.
Journal Approval Needed
Enable specifying the number of approvals required for journal invoices . After an invoice has been approved, if it should be approved at least once more, its status is Partially Approved, and the last Approval User is in the Approval User column. An additional column, Approval User 2, is available in the Financials lists.
Bitflag: If accounting approvals are enabled, determines which are active. Possible values:
The default value is 7=1+2+4.