Mobile Application Security Administration Version

Contents

Overview

This topic outlines security for  ERP iPad applications. The discussion is oriented to system administrators at sites that have the ERP mobile applications enabled.

Security is provided in several areas for users of the iPad applications:

• Settings for relevant ERP role objects.
• Permission fields that allow users to work with server data and departmental data synced with iPad ERP applications.
• Authorities fields on user profiles.
• Data profile organization, department, and asset location selection.

Settings for ERP Mobile Users' Role Objects

A role specifies task and ERP feature areas -- called role objects -- that users assigned to the role may work with. For example, the DistributionClerk role includes the role objects Distribution (picking/issuing) and Receiving, among others. Each role object has a value -- such as create, modify, view, none, and all -- that determines the level of access allowed to the user.

A detailed discussion of roles and role objects is in the topic "Set Up and Maintain Users."

• To view roles, select Work in Administration > Administration > Roles.
• Click Role Objects to display role objects for any role, and edit values.

Table 1 lists role objects and their values needed for mobile applications users.

Table 1 - Key Role Objects and Settings for Mobile Applications Users

Access Permission for Mobile Users

Access permissions control an iPad user's ability to get data from the ERP server, and the organization/department data that the user can work with.

The fields for granting access are available from the "Work in Administration" Users list: Work in Administration > Administration > Users.

To view and edit the ERP application permission fields,

1. On the User's list, locate the person who will use the ERP mobile applications.
2. Click Menu > Mobile User Settings (Figure 1).
   
   Note: To see and use the Mobile User Settings on the menu, you must have the role object MobileAdmin in your role.
   
   

Figure 1 - The Mobile Settings Menu on the Users Panel

A panel appears with options to select for the mobile user (Figure 2).

Figure 2 - Mobile User Settings in ERP Administration

3. Select or leave fields blank as appropriate. and on the Mobile User Settings panel (Figure 2) are associated with the features on the iPad ERP application Table of Contents (Figure 3).

Figure 3 - iPad ERP Applications Table of Contents

Access to Supply Chain gives the mobile user access to applications that interface with ERP data that resides on the server (e.g., order guides, par carts, picks, etc.). Select this field. (Unselected, the user cannot access sub-level applications: the iPad Supply Chain button does not appear.)

Access to Departmental restricts the user to working with applications that have been designated as departmental, as opposed to warehouse responsibilities (e.g., order guide management).

Hide ePHI Data (not selectable on this panel) repeats the setting on the user profile General tab for access to ePHI information. In Figure 2, the user can view ePHI data, since the field was not checked on the General tab.

4. Click Save, Submit.

User Profile Settings for Mobile Users

Users who work with mobile applications must have the role "User is Distribution Technician" selected on the User Profile Roles panel.

Other user profile options control whether mobile application users can issue items or return items to inventory, and whether users can adjust inventory quantities during a pick (Figure 4).

To edit the issue, return, and inventory adjustment authorizations,

1. Open the Users list: Work in Administration > Administration > Users.
2. Locate the person who will use the mobile applications.
3. Click the edit icon or Menu > Edit.
4. Click the User Roles tab.
   - Select User is Distribution Technician (Figure 4).

Figure 4 - Defining the User as a Distribution Technician

5. Click the Authorities tab (Figure 5).

Figure 5 - User Profile Authorities Settings for Mobile Users

6. Select these fields as relevant for the user:

• Allow Inventory Charge Only Quick Issue (Figure 5, green box): Select this field to allow the mobile user to create quick issue charge-only requisitions. (This field controls whether the Issues button appears on the mobile table of contents.)
• Allow Department to Inventory Quick Credit (Figure 5, red box): Select this field to allow the mobile user to create quick credit requisitions that are returns to inventory. (This field controls whether the Return button appears on the mobile table of contents.)
• Allow Inventory Adjustments During Pick Confirm (Figure 5, blue box): Select this field to allow the mobile user to adjust the on-hand quantity of an item when picking an order.
  This situation may occur if the on-hand quantity is set higher than the actual shelf amount. For example, if 10 items need to be issued, but only 5 are on the shelf, selecting Adjust Quantity/UOM Issued confirms the issued amount (5) and sets the on-hand quantity to zero.

Note: Also, on the User Profile General tab, be sure to set the field for ePHI (electronic personal health information) correctly for the user. This field is Hide ePHI Data. See the online topic "Securing Electronic Protected Health Information" for a discussion of this field.

Data Profile Notes for Mobile Application Users

Each user at your site is assigned a data profile. A data profile contains the regions, organizations, departments, and asset locations whose data the user can work with. System administrators can define data profiles and assign them to users.

• To display a user's data profile assignment, open the Users list (Work in Administration > Administration > Users) and edit/inquire on the user. Click the User Roles tab. The Data Profile is a field on the left.
• To view all data profiles at your site, select: Work in Administration > Administration > Data Profiles.

Par Carts, Par Cart Groups, and Order Guides

The mobile user's data profile specifies the departments and supplying organizations and asset locations that the user can access. The par carts (and par groups) allowed for the mobile user are thus controlled by the user's data profile settings. Similarly, the data profile settings control the order guides that the user can fill requisitions from.

• If a mobile user does not have access to any of the par carts in a par group, then the par group does not appear for the user on the mobile application
• If some of the par carts in the group are for departments/organizations allowed to the user, and others are not, then only those allowed are visible to the user.

Physical Inventories

To perform an item count during a physical inventory, the user must have data profile access to the organization and asset location for the inventory.

Sharing an iPad: Security with Locking

Some sites have mobile users share iPads for work with the ERP mobile applications.

- When a user is working with an iPad application and locks it from a working panel (not from the table of contents), another user can only unlock it when his/her permission levels are the same as the first user.
- Otherwise, the first user will need to unlock the application at the panel last used, return to the table of contents, and then lock the application again. The second user can then log in and have access at his/her own permission level.

Copyright © 2023 by Premier Inc. All rights reserved.