Overview
One of the common first steps for our PEO clients is to configure and use the Pricing Console in ClientSpace. While each PEO is unique in their processes, most have a designated workflow through which they would like Pricing to proceed. While this topic does not discuss pricing workflow, it provides a high-level overview of configuring pricing console security.
While security customization is driven by the individual business requirements of each of our clients, the method for configuring security in ClientSpace is standardized. Role security provides global administrators with the ability to configure dataform security down to the field level, specifying whether the User is allowed to View, Add, or Edit the document or field. The following table lists dataform security rights.
|
Dataform security rights |
Description |
|---|---|
| View | Users with only View rights are able to open a dataform and see the contents of any available fields but may not add a new or edit an existing document. Fields appear as read-only. Users with Add or Edit rights should also be given View rights. |
| Add | Users with only Add rights can add new dataforms of this type, but when the initial save occurs, they cannot edit the dataform they created. |
| Edit | Users with only Edit rights are not able to add new forms but can edit existing forms. |
Updating Role Security
To update Role security:
Update Role security to include appropriate rights to View/Add/Edit the forms using the following steps. Several security entities are used by the Pricing Console. The following table lists the most common.
|
Security entity |
Description |
Rights |
|||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CRM | Creating and managing Organizations | At least View rights | |||||||||||||||
| biz_workflow_cm_create_batch | Creating batches from the Client Master | At least Add rights to create new batch | |||||||||||||||
| PricingConsole | Access to the pricing console | At least View rights | |||||||||||||||
|
gen_Surcharge |
Access the Pricing Console Surcharges section and the Surcharges Search form (which is accessed by clicking the Surcharges link on the Pricing Batch). |
At least View rights |
|||||||||||||||
|
SurchargeType_<SurchargeType.SurchargeCode> |
Access a secured surcharge type. Example: SurchargeType_Collateral
This entity is required for editing surcharge types when the user only has gen_Surcharge Edit rights. If the user has gen_Surcharge Admin rights, they automatically have rights to edit fields in the Pricing Console Surcharges section and the Surcharges Search form, including rights to update Surcharge Amount, Override Surcharge Amtand Override Minimum Bill Rate. |
At least Editrights |
|||||||||||||||
| QuickEdit | QuickEdit_subfields: For each field on the Quick Edit form there are available view/Add/Edit rights. These need to be set for each field (if editing of pricing rows is allowed). | At least Add rights | |||||||||||||||
|
Dataform entities
|
If any of the dataforms are secured, the user needs to be in a role with appropriate rights for the dataform, such as Add or Edit rights. |
At least View rights are also required for the related Dataform entities |
Administering Role Security
To administer role security:
| 1. | Go to System Admin  > Security > Roles. |
The Security Roles dashboard opens.
| 2. | You can filter roles Role Title, and Users that are associated with the role, or Entity Name of the associated Security Entities. |
| 3. | If a user needs to have access to a particular security entity, one of two things can be done: |
| • | The user can be added to a role that already contains the required entity by filtering roles by desired entity. |
| • | The security entity can be added to a role that user is already associated with by filtering roles. |
| 4. | Select a role and click Edit. |
The Role form opens.
| 5. | In the Action Center, click Entities. |
The Security Role Entities dashboard opens.
| 6. | Add the appropriate View, Add, Edit, Delete, and Admin rights for the role. |
| 7. | To see if a user is already in a role with a specific entity, filter the Roles by user and Entity. |
| 8. | You can also use a wildcard when searching for roles. When setting search parameters, place a % symbol before your search string to make it a wildcard keyword search. Example: %Service Case |
Security Related to Editing Surcharges and Individual Pricing Fields
Users with appropriate access permissions can edit surcharge types and other individual pricing fields on the Surcharges form before and after pricing has been submitted.
Editing Surcharges Before Pricing Has Been Submitted
Editing pricing fields on a surcharge record requires a user to have appropriate rights to access and edit the Surcharges form provided by the gen_Surcharges entity. If individual pricing fields or surcharge types are secured on the form, a user must have appropriate rights to access and edit those fields as well.
By default, Global Administrators (i.e., users with Admin rights) can edit secured pricing fields and surcharge types without requiring additional entity assignments.
Additionally, even if the Admin user was assigned a surcharge type entity or individual pricing field entity with lesser rights, the gen_Surcharges entity with Admin access overrides entity assignments to specific fields or surcharge types.
Other users without Admin access will require Edit access rights to a secured surcharge type or individual pricing field.
Note: Surcharge type security entities have a name format of SurchargeType_<SurchargeType.SurchargeCode>
For example, if the "Collateral" surcharge type was flagged as Secured on the Pricing batch, users without Admin access might be assigned an entity named "SurchargeType_Collateral" with Edit access to allow them to edit any surcharge type fields, including the Surcharge Amount, Override Surcharge Amt, and Override Minimum Bill Rate.
Editing Surcharges After Pricing Has Been Submitted
After pricing has been submitted, the ability to edit pricing on a surcharge record up until pricing is locked requires an additional security entity, biz_EditSurcharge_After_Submit, with either View or Admin rights assigned. (This entity is in addition to the entities covered in the previous section.)
Once the appropriate rights are assigned, the following pricing fields can be changed on the Surcharges form after pricing is submitted up until pricing is locked:
-
Surcharge Type
-
Quantity - The presence of this field varies by Surcharge Type and may not always display.
-
Override Surcharge Amt
-
Surcharge Amt - Requires user to click Override Surcharge Amt checkbox to access the field.
In the example below, the gen_Surcharges entity allows View, Add, and Edit rights to the Surcharges form and the biz_EditSurcharge_After_Submit entity is set to View access. A user in a role with entities configured as shown has access to edit surcharge pricing fields after pricing is submitted (assuming that there are no field-level security restrictions in place on any of the surcharge pricing fields):
In the next example, a user in a role with entities configured as shown does NOT have access to edit surcharge pricing fields after pricing is submitted because, while the biz_EditSurcharge_After_Submit entity is correctly configured, the gen_Surcharges entity is not configured to allow editing of fields on the Surcharges form:
Note: By default, Global Administrators (i.e., users with Admin rights) can edit surcharge pricing fields up until pricing is locked without the biz_EditSurcharge_After_Submit entity assignment.
Deleting Surcharges
Users with Admin rights can delete surcharges. For other users:
-
If a user has not been assigned Delete rights for gen_Surcharge, the Delete button does not display.
-
If a user has only been assigned Delete rights for gen_Surcharge but they do not also have Delete rights to the security entity for a secured surcharge type, when they select the surcharge in the grid, the Delete button appears dimmed and cannot be clicked. To delete a surcharge type that is flagged Secured, they must have Delete rights to the gen_Surcharge security entity and Delete rights to the security entity for each Surcharge Type they are allowed to Delete.
Note: These entities will have a name format of SurchargeType_<SurchargeType.SurchargeCode>
Example: The secured Time and Attendance surcharge type entity might be named SurchargeType_TA.
This applies to all locations where the list of surcharges is accessed, including:
-
The Pricing Console Surcharges section.
-
The Surcharges Search form (which is accessed by clicking the Surcharges link on the Pricing Batch.)
-