Program Access allows you to specify the areas and workflows that users or groups of users can access in Applied Epic. Security applied to individual users overrides any group-level security for those users. This means that if a user is explicitly granted a permission, no group membership can deny that permission for the user. Likewise, group membership does not grant any permissions that are explicitly denied at the user level.
To define program access for a security group, do the following:
Access the Security Groups area.
Highlight the appropriate group and click the Edit/View icon.
On the Program Access tab, select an Area from the dropdown list and highlight the appropriate Sub-Area. The Permissions list populates accordingly.
Check all the Permissions
you wish to grant to this security group. You may click Grant
All at the top of the Permissions
list to grant all rights in this sub-area.
Note: To
grant universal program access (for example, if this is a group of
system administrators), click the Grant
All link label in the Area/Sub-Area
frame.
To define program access for an individual user, do the following:
Access the Users area.
Highlight the appropriate user and click the Edit/View icon.
On the Program Access tab, select an Area from the dropdown list and highlight the appropriate Sub-Area. The Permissions list populates accordingly.
Make the appropriate selection from the dropdown menu for each permission:
Inherit- Gives
the user the same access as the security group to which he/she
belongs. The inherited status for that permission displays in
the Inherited column.
If the user belongs to more than one group, the user automatically
inherits the rights of the group with greater access. Therefore,
if a user belongs to a group with a certain security right granted
and another group that is denied that security right, selecting
Inherit here will grant
the user the right.
Grant
Deny
Note: You may click Grant All at the top of the Permissions list to grant all rights in this sub-area. To grant universal program access (for example, if this is a system administrator), click the Grant All link label in the Area/Sub-Area frame.
Selecting Grant or Deny for a user overrides the setting inherited by the group. Therefore, even if you have defined security access at the group level, you are able to fine tune user security by granting or denying specific objects for individual group members.
To review definitions, implications, and recommended settings for the security permissions in each area, click on the links below: