Managing Employees
Manager Contents
User Contents

Contents
 Introduction
Basic Settings
Preferences
General Permissions
Management Permissions
Record Access Restrictions
Search Restrictions
Category Permissions
Broadcast Messages


 Introduction

The Employee pages, accessed from the User Management section of the Manage page, allow Employees (users) to be added, edited, and deleted. In the Employee list, click on the Employee ID to edit or delete an existing Employee. Use the Add button to add a new Employee, optionally selecting a personality to copy initial settings from. You can choose to limit who can modify the Employee by specifying ownership.

Basic Settings

When adding or editing an Employee, the following fields are available:

  • Employee ID - An alphanumeric ID used to login to the system (30 characters max). This value is case-sensitive when CATSWeb is running on Oracle, but not if it is running on SQL Server.
  • Full Name - The full name of the Employee (50 characters max). This value is used to represent the user in most selection lists.
  • User Type - The User Type describes the restrictions that are placed on the user.
    • Full - Full users are "normal" users and can have full access to the CATSWeb systems, as determined by the permissions described below.
    • Affiliate - Affiliate users are typically external users, such as your key suppliers and customers, and have restricted access to the CATSWeb system.
      • Affiliate users can:
        • View the selected Issue, Action, and Subtask records that are routed to them by full users.
        • Add Notes, File Attachments, Signatures, and Links to those records they can view.
        • Edit the records that have been routed to them, if they have been granted that permission (see below). The fields that an affiliate user may edit on a record are controlled by settings in the field definitions for the record category.
      • Affiliate users cannot:
        • View any records other than those routed to them by full users.
        • Add or Delete any Issue, Action, or Subtask record.
        • Run queries or reports.
        • Be assigned responsibility for Disposition or Action (i.e. they cannot perform the Personal Tasks or Department Tasks that full users can perform, nor can they manage Actions or edit Action Effectiveness).
        • Be assigned to more than 1 Department.
        • Access CATSWeb Manager in any way.
        For more information on Affiliate users, see these pages:
Quick Tip - Affiliate Users Largely Obsolete
Affiliate Users are largely obsolete in later versions of CATSWeb. Record Access Restrictions, Field Access Restrictions and Functional Restrictions now make it easy to customize the functionality that is available to each user, including external suppliers and customers. In new systems, consider using only Full Users. If you do this and want to disable the Route to Affiliate link that appears on Issue, Action and Subtask records, do the following.
  • Add a Functional Restriction to your form. Choose the Group Entity and select "{Everyone}". Check the Route to Affiliate box and submit.
  • Repeat for any other Issue, Action or Subtask forms.
  • Login Password - The login password for the Employee (25 characters max). If a new Employee is added, the signature password will be set to the same value as the login password. The Employee may change their signature password to make it unique by choosing Change Password from the My CATSWeb page. If a non-zero Password Duration setting has been made in the Database Properties, the Employee will be forced to change their passwords upon their first login. When an existing Employee record is being viewed or edited, the login password box is replaced by a Reset link, which enables administrators to reset both the login password and the signature password. This capability is provided in the event that the Employee forgets one or both of their passwords. If the Dual Authentication for Password Resets setting is enabled on the Database Properties page, two different administrators must collaborate in order to reset a password.

    If a non-zero Password Duration setting has been made in the Database Properties, resetting the password will cause it to immediately expire. The user will be forced to change their login and signature passwords from "CATSWeb" to something else on their next login.
  • Home Department - An Employee can be a member of multiple Departments, and must always be a member of at least one Department. The Home Department is the Department the Employee enters on login.
  • Personality/Default Personality - An optional Personality assigned to the Employee.
    • Whenever the related Personality is updated, the settings for all Employees sharing that Personality will be automatically updated.
    • Note that when the optional Multiple Employee Personalities feature is installed:
      • The caption of this field changes from "Personality" to "Default Personality".
      • The list is limited to personalities associated with the Employee in the Employee Personalities listing.
    • A new Limited User license personality is available that restricts permissions that are granted to users.
  • E-mail Address - E-mail address, used by the CATSWeb E-mail Notification option (100 characters max). The E-mail address is mandatory for affiliate users.
  • Tool Tip Width - The width of the tool tip region, in pixels. This region is included in forms that are in add or edit mode, and appears immediately after the caption text. When a user floats their mouse over this region, the Description property for the field is displayed by the browser. To disable tool tips for a user, set this value to 0 (zero).
  • Tool Tip Height - The height of the tool tip region (described above), in pixels.
  • Tool Tip Border - Enables a visible border to be displayed around the tool tip region (described above).
  • Interface Preference - If the Employee is to use a particular Interface Preference, specify that here. If no Interface Preference is specified, the system default Interface preference from the Database Properties page will apply. Users can choose their own Interface Preference on their My CATSWeb page if granted the Choose Interface Preference permission (described below).
  • Proxy - A different Employee may be designated to serve as the proxy for this Employee. Users may also designate their own proxy from the My CATSWeb page if they have been granted the Manage Own Proxy Permissions permission. Designating a proxy causes the following to occur:
    • If a new record is entered and assigned to the Employee, CATSWeb immediately reassigns the record to the proxy.
    • If an operation causes a signature to be requested from the Employee, CATSWeb will instead request the signature from the proxy.
    • If an existing record is reassigned to the Employee, whether the reassignment is made by a user or via a Rule, CATSWeb will instead reassign the record to the proxy.
Preferences

Preferences are a collection of settings and preferences that users may make for themselves if granted permission to the My CATSWeb page (My CATSWeb permission described below).

Note that while these same preferences are present on Personality pages in the Initial Preferences section, by default they are not updated in Employee records when the Personality is submitted. This is to allow the Personality to serve its purpose as a "template" for Employees, without overriding preferences typically set by each Employee individually. However, the Edit Personality page includes a Check this box to copy Initial Preferences to Employees checkbox (just above the Delete checkbox) that may be used to reverse this behavior. When checked, the Initial Preferences from the Personality page are copied to the Employee records, thereby overriding their Preferences. The E-mail Addressing and Alternate Addresses preferences are exempted from this process. The preferences include:
  • Home Page Type - Present only when the Dashboards feature is installed, this setting determines the type of Home Page (Classic Home Page, Public Dashboard or Private Dashboard). Users see the selected Home Page when they first login to the system, or anytime they click the Home link in page headers and footers. The Choose Home Page permission determines if the user can choose their own Home Page from the My CATSWeb page.
  • Public Dashboard - Present only when the Dashboards feature is installed, this setting allows a specific Public Dashboard to be selected for use as a Home Page.
  • Private Dashboard - Present only when the Dashboards feature is installed, this read-only field shows the Private Dashboard that the user has selected from the My CATSWeb page to use as their Home Page. The field is omitted from Personality pages.
  • Hot List Enabled - Determines whether or not the Hot List is displayed on the Home page of CATSWeb.
  • Show Hot List Legend - Determines whether or not the legend is displayed with the Hot List.
  • Hot List Items to Include - Enables selection of the types of items (record types) to be included in the Hot List.
  • Hot List Columns - Enables selection of the columns that will appear in the Hot List.
  • Maximum Hot List Items - Maximum number of items that will appear in the Hot List.
  • Hot List Includes Completed Tasks - Determines whether or not Actions and Subtasks with Status=Completed are included in the Hot List. This setting has no effect on the listing of signature requests related to completed Actions and Subtasks.
  • Hot List Date Format - The format used for dates in the Hot List. The System Default format is typically Short. Here are examples of the formats:
    • Short: 1/1/2005
    • Medium: 01-Jan-05
    • Long: Saturday, January 01, 2005
  • Help in New Window - If checked, when the user clicks the Help link, the help file will open in a new window. This optional capability does not comply with the HTML v3.2 specification (complies with HTML v4.0), so if rigid HTML v3.2 compliance is desired, do not check this box.
  • E-mail Tasks Enabled - Check the box to enable E-mailed task lists. When enabled, the selected task lists are E-mailed to the user once a day in HTML format, typically during the overnight period when system utilization is lower.
  • Include Hot List - Check this box to include the Hot List in the task list E-mail.
  • Personal Task Lists - Select the filtered task lists from the Personal Tasks page that will be included in the task list E-mail. The user's current filters (public or private) will be used to generate the task lists.
  • Department Task Lists - Select the filtered task lists from the Department Tasks page that will be included in the task list E-mail. The user's current filters (public or private) will be used to generate the task lists.
  • Status Lists - Select the filtered task lists from the Status page that will be included in the task list E-mail. The user's current filters (public or private) will be used to generate the task lists.
  • E-mail Format - Specify the preferred format of the task list E-mail. Most modern E-mail clients can accept HTML message bodies. If using an older E-mail client, choose the File Attachment option instead. The task list will be sent in a file attachment instead (still in HTML format) and may be viewed via any web browser.
  • E-mail Addressing - Specify the preferred address that the task list E-mail message should be sent to. "Your Address" means the E-mail address specified in the E-mail Address field in the Employee record (described above).
  • Alternate Addresses - Specify alternate E-mail addresses to be used for task list E-mails. Multiple addresses must be separated by a comma.
  • Web Feed Format, Item Ordering - These settings will be present if the optional Subscriptions feature is installed. See this topic for more information.
General Permissions
    Quick Tip - Functional Restrictions
    Functional Restrictions can be used in lieu of many permissions if desired. Functional Restrictions apply to individual forms, while permissions are system-wide. If you elect to use Functional Restrictions instead of a particular permission, grant the permission on the Employee or Personality page, then selectively revoke (restrict) the capability via form-specific Functional Restrictions.
  • Issues
    • Add Issues (Own Dept) - Enables user to add new Issues into their own Department.
    • Add Issues (Other Dept) - Enables user to add new Issues into other Departments.
    • Home Page Add Issue - Enables user to add Issue records from the CATSWeb Home page.
    • Edit Issue Any Stage - When this permission is not granted, Issue records can only be edited when they are in the initial stage (i.e. prior to the entering of a Disposition or assignment to an Action). When this permission is granted, an Issue record may be edited at any point in the process.
    • Edit Issue Any Dept - When this permission is not granted, Issue records can only be edited when the user is operating in the Issue's Department. Granting this permission allows the user to edit issues in any Department.
    • Void Issue - Enables user to designate Issue records as being Void (Issue records cannot be deleted, only voided).
    • Un-Void Issue - Enables user to un-void Issue records that have already been designated as Void.
  • Actions
    • Add Actions (Own Dept) - Enables user to add new Actions and assign them to users in their own Department.
    • Add Actions (Other Dept) - Enables user to add new Actions and assign them to users in other Departments.
    • Home Page Add Action - Enables user to add Action records from the CATSWeb Home page.
    • Edit Action Any Dept - When this permission is not granted, Action records can only be edited when the user is operating in the Department of the user the Action is assigned to. Granting this permission allows the user to edit Actions in any Department.
    • Close Actions - Enables user to designate an Action as closed.
    • Delete Actions - Enables user to delete Actions.
    • Re-Open Closed Actions - Enables user to reopen closed Actions.
    • Action Effectiveness - Enables user to enter and edit Effectiveness audit information for Actions.
  • Subtasks
    • Edit Subtask Any Dept - When this permission is not granted, Subtask records can only be edited when the user is operating in the Department of the user the subtask is assigned to. Granting this permission allows the user to edit subtasks in any Department.
    • Close Subtasks - Enables user to designate a Subtask as closed.
    • Delete Subtasks - Enables user to delete Subtasks.
    • Re-Open Closed Subtasks - Enables user to reopen closed Subtasks.
  • Workflow
    • Personal Tasks -Enables user to have tasks assigned to them, and to be able to perform those tasks. This includes Disposition requests, Action requests, etc.
    • Department Tasks - Enables user to view and perform tasks assigned to other members of their Department.
    • View Status - Enables user to access the Status button on the CATSWeb Home Page.
    • Manage Action - Enables user to enter and edit Actions, reassign them, etc.
  • Signature Controlled Ops - The following permissions all pertain to Signature Controlled Operations:
    • Request Issue Signatures - Enables user to request signatures on Issue records, or reset the signature request status to Signatures Not Requested, if at least one of the task-based permissions below are also granted.
    • Request Action Signatures - Enables user to request signatures on Action records, or reset the signature request status to Signatures Not Requested, if at least one of the task-based permissions below are also granted.
    • Request Subtask Signatures - Enables user to request signatures on Subtask records, or reset the signature request status to Signatures Not Requested, if at least one of the task-based permissions below are also granted.
    • Request Signatures, Personal Tasks - Enables user to request signatures on records assigned to them personally, or reset the signature request status to Signatures Not Requested, if the appropriate record-type signature request permission described above is also granted.
    • Request Signatures, Department Tasks - Enables user to request signatures on records assigned to members of their Department(s), or reset the signature request status to Signatures Not Requested, if the appropriate record-type signature request permission described above is also granted.
    • Request Signatures, Any Record - Enables user to request signatures on records regardless of who they are assigned to, or reset the signature request status to Signatures Not Requested, if the appropriate record-type signature request permission described above is also granted.
    • Unlock Issues - Enables user to unlock Issue records. Records become locked as a result of signature controlled operations. Unlocking a record resets one or more signature controlled operations, and signatures must be re-requested and resubmitted for those operations. To unlock a record, the user must also have been granted the appropriate task-based unlock permission described below.
    • Unlock Actions - Enables user to unlock Action records. Records become locked as a result of signature controlled operations. Unlocking a record resets one or more signature controlled operations, and signatures must be re-requested and resubmitted for those operations. To unlock a record, the user must also have been granted the appropriate task-based unlock permission described below.
    • Unlock Subtasks - Enables user to unlock Subtask records. Records become locked as a result of signature controlled operations. Unlocking a record resets one or more signature controlled operations, and signatures must be re-requested and resubmitted for those operations. To unlock a record, the user must also have been granted the appropriate task-based unlock permission described below.
    • Unlock Personal Tasks - Enables user to unlock records assigned to them personally. Records become locked as a result of signature controlled operations. Unlocking a record resets one or more signature controlled operations, and signatures must be re-requested and resubmitted for those operations. To unlock a record, the user must also have been granted the appropriate record-type unlock permission described above.
    • Unlock Department Tasks - Enables user to unlock records assigned to members of their Department(s). Records become locked as a result of signature controlled operations. Unlocking a record resets one or more signature controlled operations, and signatures must be re-requested and resubmitted for those operations. To unlock a record, the user must also have been granted the appropriate record-type unlock permission described above.
    • Unlock Any Records - Enables user to unlock records regardless of who they are assigned to. Records become locked as a result of signature controlled operations. Unlocking a record resets one or more signature controlled operations, and signatures must be re-requested and resubmitted for those operations. To unlock a record, the user must also have been granted the appropriate record-type unlock permission described above.
    • Sign for Department Members - Enables the user to add proxy signatures (sign for) other members of their Department(s). Users with this permission receive a Sign For list on the Add Signature page. The list contains all the members of their current department. See Managing Proxy Signatures for more information.
    • Sign for Anyone - Enables the user to add proxy signatures (sign for) other CATSWeb users, regardless of their Department membership. Users with this permission receive a Sign For list on the Add Signature page. The list contains the names of all CATSWeb users. See Managing Proxy Signatures for more information.
    • Can Satisfy All Requests - Enables the user to sign to satisfy all open signature requests on a record. To do this, the user selects a Signature Type and checks the Satisfy All Requests box on the Add Signature form. The single signature satisfies all requests for that type of signature. This capability can be restricted on a per-form basis via the Satisfy All Signature Requests functional restriction.
  • Queries and Filters (also applies to Full Text Searches when that optional feature is installed)
    • Create Issue Query - Enables user to create new Issue queries or filters. The Issue query form (i.e. where query parameters are entered) is inaccessible if this permission is not granted.
    • Run Issue Query - Enables user to run saved Issue queries and filters.
    • Create Action Query - Enables user to create new Action queries or filters. The Action query form (i.e. where query parameters are entered) is inaccessible if this permission is not granted.
    • Run Action Query - Enables user to run saved Issue queries and filters.
    • Create Subtask Query - Enables user to create new Subtask queries or filters. The Subtask query form (i.e. where query parameters are entered) is inaccessible if this permission is not granted.
    • Run Subtask Query - Enables user to run saved Subtask queries and filters.
    • Create Subform Query - Enables user to create new Subform queries or filters. The Subform query form (i.e. where query parameters are entered) is inaccessible if this permission is not granted.
    • Run Subform Query - Enables user to run saved Subform queries and filters.
    • Create SQL Queries - Enables user to create SQL queries, which are an optional feature for CATSWeb. Users creating SQL queries can query and view any data in the CATSWeb system, in any table. Record access limitations (described below) do not apply.
    • Run SQL Queries - Enables user to run saved SQL queries. Record access limitations (described below) do not apply.
    • Save Private Queries - Enables user to save private queries, filters, searches and dashboards.
    • Save Public Queries - Enables user to save public queries, filters, searches and dashboards.
    • Manage Saved Queries - Enables user to access the Manage Saved Queries button on the CATSWeb Query page.
    • Specify Ownership - Enables the user to specify ownership for public queries, filters and searches.
    • Create Advanced Search - Available only when the CATSWeb Full Text Search option is installed, this permission enables a user to create new Advanced Searches.
    • Run Advanced Search - Available only when the CATSWeb Full Text Search option is installed, this permission enables a user to run saved Advanced Searches.
    • Page Header Search - Available only when the CATSWeb Full Text Search option is installed, this permission enables a user to execute simple searches from CATSWeb page headers.
    • Choose Search Template - Available only when the CATSWeb Full Text Search option is installed, this permission enables a user to choose their own saved private Advanced Searches as templates for simple searches performed from the page headers. If this permission is not granted, the standard search template is used. Users choose their template on the My CATSWeb page. If you grant this permission, you should also grant the Save Private Queries permission to allow the user to save private searches, and grant the My CATSWeb permission to enable the My CATSWeb page to be reached for template selection.
  • Tags
    • Add Private Tags - Enables user to add private tags to records. Private tags are only visible to the user that adds them, and are shown on records in italic font. Also enables the user to delete tags they have already added (public or private).
    • Add Public Tags - Enables user to add public tags to records. Public tags are visible to all users.
    • View Tags - Determines if the user can view tags on records. It also determines if the user's My CATSWeb page includes a View Tagged Records section that enables navigation via tags. If a Display Part uses a Tagged Records data source, this permission will also control whether or not a user can view the tagged record listing.
    • Manage Tags - Enables user to delete public tags, no matter who added them.
  • Dashboards (available only if the optional Dashboards feature is installed)
    • View Dashboards - Enables user to view saved Dashboards.
    • Create Dashboards - Enables user to create and save Dashboards. The Save Private Queries and Save Public Queries permissions control whether the user may save the Dashboard privately or publicly.
  • Task List E-mail
    • Task List E-mails - Enables user to receive Task List E-mail messages.  See the Preferences section above, or the My CATSWeb page, for more information.
    • Alternate Addressing - Enables user to utilize alternate E-mail addressing for Task List E-mail messages.
  • Subscriptions
    • Subscribe - Enables user to make utilize the optional Subscriptions feature. If this permission is not granted, then the settings for the other permissions in this section are irrelevant.
    • Via E-mail - Determines if users can periodically receive their new subscription items via E-mail. The E-mail Feeds option must be installed and your system licensing must allow this capability for the permission to have any effect.
    • Via Web Feed - Determines if users can access their new subscription items via Web Feeds. The Web Feeds option must be installed and your system licensing must allow this capability for the permission to have any effect.
  • Affiliate Users
    • Affiliate Issue Editing - Allows the affiliate user to edit the Issue records that have been routed to them. During edits, affiliate users are prohibited from changing the assignment information for a record, and are prohibited from changing other critical fields such as Category and Void. The affiliate user is always prohibited from editing (or even accessing) Issue records that have not been routed to them first.
    • Affiliate Disposition Editing - Allows the affiliate user to edit the Disposition portion of Issue records that have been routed to them.
    • Affiliate Action Editing - Allows the affiliate user to edit the Action records that have been routed to them. The affiliate user is always prohibited from editing (or even accessing) Action records that have not been routed to them first. Affiliate users are also prohibited from editing the Effectiveness for an Action.
    • Affiliate Subtask Editing - Allows the affiliate user to edit the Subtask records that have been routed to them. The affiliate user is always prohibited from editing (or even accessing) Subtask records that have not been routed to them first.
  • Miscellaneous
    • Web Access - Enables user to access the CATSWeb system.
    • Change Password - Enables user to change their own password, subject to the password minimum length and composition restrictions that are set on the Database Properties page. Users with this permission may initiate password changes via the My CATSWeb page.
    • Password Never Expires - Checking this box causes the user password to never expire, regardless of password expiration settings that are enabled on the Database Properties page.
    • Session Never Expires - Checking this box causes user sessions to not timeout due to duration limitations provided by the Session Duration or Inactivity Timeout settings on the Database Properties page. However, session records may still be deleted (ending the session) as a consequence of a variety of administrative actions that cause the system and session data to become unsynchronized. For example, actions such as renaming a form (category), changing default categories in a Department record, deleting Employee/Department associations or renaming or deleting Personality records may all result in a session ending. Therefore, this setting should not be relied upon to provide a truly perpetual session.
    • Drill Down Access - Enables user to access drill down links in records.
    • Run Reports - Enables user to run reports, if the CATSWeb Report Server option is installed.
    • Choose Personality - Present only when the optional Multiple Employee Personalities feature is installed, this permission enables user to change their current Personality from the CATSWeb Home page.
    • Choose Interface Preference - Enables user to choose their own Interface Preference from the My CATSWeb page.
    • Choose Home Page - Available only if the Dashboards feature is installed, this permission enables users to choose a Dashboard to use as their Home page. The selection is made from the My CATSWeb page.
    • My CATSWeb - Enables user to access the My CATSWeb page.
    • View Edit History - If the optional Record Archiving feature is installed, this permission enables the user to view archived records.
    • View Files As HTML - Available only when the CATSWeb Full Text Search option is installed, this permission enables a user to view File Attachments in HTML format. It also controls whether or not a user may view highlighted search results in files located via Full Text Search (whether the file is a File Attachment, help file or external file).
    • Manage Own Proxy Permissions - Enables the user to manage their own Proxy Signature Permissions and designate their own Proxy from the My CATSWeb page.
    • Request Password via E-mail - Enables the login password for the user to be requested and sent via E-mail. See this topic for more important information about this feature and its security ramifications.
    • Portable Sessions - When granted, this permission allows CATSWeb session IDs to be shared between machines. For example, a user will be able to E-mail a CATSWeb link or URL containing their session ID to their mobile device's E-mail account and resume using CATSWeb on that device by using the link or URL, without having to login again. They will also be able to close their browser, open it again on the same machine, and resume working in CATSWeb without being prompted to login again.

      When the permission is revoked, the opposite behavior occurs: attempting to use the session ID on other machines, or after closing all browser instances and then opening a new one on the same machine, will force the user to login again.

      This permission is only effective when NT Authentication (a.k.a. "Windows Authentication") is not in use for the CATSWeb system. When NT Authentication is enabled, MS Windows determines the identity of the CATSWeb user at all times, and controls whether or not a Windows session can be reused across machines or in different browser instances or sessions.

    Quick Tip - Portable Sessions
    When Portable Sessions permission is revoked, CATSWeb works in conjunction with your browser to force users to login again when closing and reopening their web browser. If the Portable Sessions feature is desired, you must ensure that the user's web browser is not set to store authenticated session information between browser sessions. Please consult your browser's documentation for further details.

  • Restrictions
    • Read-only View - This setting is a restriction, not a permission. If checked, the user is restricted to viewing Issues, Actions and Subtasks in Print View (read-only) mode.

      This setting does not override any other permissions that have been granted to an employee. For example, if add, edit and delete permissions for Actions has been granted to an employee, selecting this setting will NOT revoke those permissions. If you want to prevent an employee from modifying records, do not grant them the permissions to make modifications or use Functional Restrictions.
Back to Top
Management Permissions - These permissions determine which parts of the Manage page users may access. Most are self-explanatory, some are clarified here:
  • Administrate - Determines if the Manage page can be accessed at all. If not granted, the Manage link will not appear in the page headers or footers. Users accessing the Manage page must have this permission and provide the management password.
  • Access Special Functions - Determines if the user can access (not manage) special function links that may have been defined on the Manage page. This permission does not apply to special function links on the Home page.
  • Employee Departments - Determines if the user can manage Employee Department assignments.
  • Employee Personalities - Present only when the optional Multiple Employee Personalities feature is installed, this permission determines if the user can manage Employee Personality assignments.
  • Measurement Data - Determines if the user can purge Measurement Data.
  • Translations - Determines if the user can manage Translations (optional feature) associated with Interface Preferences. To manage Translations, the user must also be granted the Interface Preferences management permission. 
Quick Tip - Managerial Restrictions
Managerial Restrictions may be accessed via the button on the Manage page. Managerial Restrictions consist of Functional Restrictions and Event Hooks. Functional Restrictions provide finer-grain control than the permissions in many cases. If you elect to use Functional Restrictions instead of a permission, grant the permission on the Employee or Personality page, then selectively revoke (restrict) the capability via entity-specific Functional Restrictions.
Back to Top

Record Access Restrictions - The record access restrictions section enables the administrator to enter SQL WHERE clause statements that restrict the records that the user is allowed to view. The restrictions are applied any time a user attempts to view a record in its entirety, runs an ad-hoc query, or uses a filter. During querying and filtering, the record access restriction SQL is combined with the filter or query SQL via an AND statement. This effectively limits the set of records obtainable by the user (i.e. records selected by the filter or query must meet the criteria entered by the user AND the criteria entered in their record access restriction fields).

The SQL entered must use the actual field names from the underlying CATSWeb database tables, rather than the field captions which are arbitrarily assigned in the field definition pages. There are several methods of determining what these field names are:
  • Field Definition List - View the field definition list and use the value stated for the Table Field.
  • Query Form - A query can be entered and submitted with the optional Show SQL statement generated box checked. Be sure to enter data in the query field of interest. The query output will show the actual SQL statement generated, which will include the SQL WHERE clause with the actual table field names.
  • Other Tools - Database server administration utilities (e.g. Enterprise Manager), Microsoft Access, and many other tools allow the underlying table structure to be viewed.
Note that any of the underlying table fields may be used in the SQL statement, even maintenance fields that are not normally contained in CATSWeb forms. However, derived fields that are only present in query and filter forms and are not in the underlying table should not be used. These fields are clearly color-coded in the field definitions list for each category.

 As in Queries, text tokens may be used as "variables" to specify characteristics of the currently logged in user. When specifying a text token, do not place single quotes around the tokens to delimit the text. CATSWeb will automatically add these as required. Here are the text tokens that may be used:
Text Token Meaning
{My Name} or {My Employee Name} The Employee Name of the current user.
{My ID} or {My Employee ID} The Employee ID of the current user.
{My Home Department} The Home Department of the current user.
{My Group} The Group of the current user's Home Department.
{My Personality} The Personality of the current user.
{My Company} The Company Name from the Database Properties page.
{My Default Issue Category} or
{My Default NonConformance Category}		 The default Issue category for the current user.
{My Default Action Category} The default Action category for the current user.
{My Default Subtask Category} The default Subtask category for the current user.

When the Employee record is saved, CATSWeb will validate the SQL entered to be sure it has the proper formatting, contains field names that exist in the underlying table, etc. The following examples illustrate common usages:

SQL Result
Category=N'Part' All records must be in the Part category.
SourceDept=N'Assy' All records must be from the Assy department.
Category=N'Part' OR UDUserCreated=N'JBrown' All records must be from the part category, or they must have been entered by the user with EmployeeID = "JBrown".
Department=N'QA' AND UDDateCreated > '04/15/2000' All records must be from the QA department and must have been entered after midnight, April15th, 2000
Text4={My Group} OR AssignmentEmployee={My Name} Records must have been created in the current user's Group, or must be assigned to them personally (this assumes that Group is being stored in the Text4 field).
(PartNumber <> N'A-123' OR PartNumber Is Null) Records cannot contain part number A-123. Note that when a '<> ' is used with a field that may contain null (non-entered) values, it is necessary to include the 'Or {Field} Is Null' clause in the SQL. If this is not included, records containing null values in the field will also be inaccessible by the user.

Administrators should be aware of some limitations and side effects of this feature:
  • If a Subtask restriction is in place, but the user has the ability to access the parent Action, they will see the restricted Subtasks listed with the Action. However, if they attempt to click on a restricted Subtask to view it, they will receive an access error.
Back to Top

 Search Restrictions - The Search Restrictions section is only available when the optional CATSWeb Full Text Search feature is installed. Three types of search restrictions are available:
  • Restricted Indexes - The selected indexes will not be available to the user in the Advanced Search form, nor will the user be allowed to view items from the indexes when saved searches are executed.
  • Restricted Output Fields - The selected output fields (search result columns) will not be available to the user in the Advanced Search form, nor will they be displayed when saved searches are executed.
  • Boolean Search Restrictions - Boolean Search Restrictions are similar to Record Access Restrictions, except that they use a language specific to the full text search engine instead of SQL. The Boolean Search Restrictions will be AND-ed with any boolean restrictions from the search form. They are applied automatically to both new and saved searches. For more information on specifying Boolean Search Restrictions, refer to the Boolean Restrictions topic in the help page for the Advanced Search form.
Category Permissions - Each Issue, Action, and Subtask category is listed along with a checkbox that can be used to allow or disallow the ability for a user to add a record in the category, or save edited records into the category. The ability to view a record, or have the record appear in query results, is not affected (use Record Access Restrictions instead). However, Category Permissions do affect a user's ability to use the form as a query form. If they do not have Category Permission for a form, it will not appear in the list of forms associated with the New Query function. And, if they open a saved query using such a form in Start With mode, they will be forced to choose a different form (that they have Category Permission for). 

Quick Tip - Functional Restrictions
Functional Restrictions can be used instead of Category Permissions. Functional Restrictions provide finer-grained control over a user's permitted activities for a particular category (form). If you elect to use Functional Restrictions instead of Category Permissions, grant all Category Permissions on the Employee or Personality page, then selectively revoke (restrict) capabilities via form-specific Functional Restrictions.

Proxy Signature Permissions - See Managing Proxy Signatures.

 Broadcast Message - These fields allow an administrator to send a status message to the employee.   Additional information regarding Broadcast Messages can be found in the Broadcast Message help page.
Back to Top