With AIM Version3 there is now the ability to add security to AIM documents at the Field Level.
-
With AIM V1 and V2, users inherited SEARCH rights to fields they had rights to from Timberscan routing of AP invoices.
-
Those rights are GONE in V3 – no SEARCH rights in AIM are based on any Timberscan routing rules for AP invoices with one exception:
-
Users who can see/approve/review AP invoices will also be able to search for them in AIM Search using Category = AP and Document Type = Invoices.
AIM Security can now be defined using the following:
If a user is named in a Rule (routing stage) for a particular document, that user inherits SEARCH RIGHTS to that document that matches the specific coding from the rule.
Explicit rights may be granted to a Document Category and/or Type. If rights are granted at the Document Category level, the user has SEARCH RIGHTS to all Types underneath
Field Access helps to control the documents a user may see in AIM SEARCH. Field Access DOES NOT affect document coding
What a user sees in Search is based on one of the following four combinations:
-
The user has rights* to an entire Category OR
-
The user has rights* to a Document Type OR
-
The user has rights* to one of the Field values on the document OR
-
The user has rights* to ALL of the field values on a Document Type
*Either inherited or explicit rights
Granting Field Access, Category or Document rights alone is the least restrictive method and will provide the most search results
-
Giving only Job/Property rights to specific jobs or properties is a VERY wide open door:
-
User might see any legal or financial documents coded with that job/property
-
User might see any sensitive payroll documents coded with that job/property
-
Giving only Category rights opens up that entire Category
-
Granting access to a Document Type and all of its fields is the MOST restrictive and should be used where there are sensitive documents in the system
Field and Document Type access is per data folder.
TimberScan criteria is only used as security as to what invoices a user can see in the AP Category for vendor invoice related documents. Security as to what documents a user can see can be added as described below.
-
Users should not be assigned to Document Categories or Document Types if you want to restrict the documents they can search for to be limited to those coded/indexed to the criteria assigned to their routing rules and/or those indexes/codes assigned to them in AIM Users menu button – Field Access.
-
If users should only access documents based on certain criteria/ index coding and are not in an approval workflow, the criteria for what they can search for would be added in AIM User menu button – select the Field Access tab > Add Field Access button > Select the field and the value. Then in the document types tab – select the document types that can be accessed based on the field values selected. Fields can be assigned to limit what documents can be accessed for that document type
-
If a user can access all documents within a particular Document Category regardless of coding, the user is added in the Document Category setup > Assigned Users tab. If a user can access all document of a particular document type, regardless of coding, the user in added in the Document Type setup > Assigned Users tab.
-
Users who can access all documents in AIM would have the AIM View All permission checked in the User Maintenance screen