AX3530

Bulk edit of security

You can manage users, roles, and subsystems in bulk by using the Open Security in Spreadsheet feature. You can edit, add, and delete multiple users, roles, and subsystems simultaneously within a spreadsheet interface.

Only users with access to security can use this feature: admins, users with the Administer Security permission, and subsystem admins. The spreadsheet is limited as appropriate depending on the user's rights.

The following items cannot be edited in the spreadsheet interface; you must use the Security Management page for these items:

File and folder access to any Axiom library (settings defined in the Files tab)
Startup documents (settings defined in the Startup tab)

Open security in a spreadsheet

To manage security in a spreadsheet:

On the Axiom tab, in the Administration group, click Security > Open in Spreadsheet.

NOTE: In systems with installed products, this feature may be located on the Admin tab. In the System Management group, click Security > Open in Spreadsheet.

The Open Security in Spreadsheet page opens.
At the top of the page, specify how you want users and roles presented in the spreadsheet:
- Horizontally (default): Users, roles, and subsystems are displayed horizontally across columns. The security settings are displayed in rows.
- Vertically: Users, roles, and subsystems are displayed vertically down rows. The security settings are displayed in columns.
Optional. If you want to limit the security settings that display in the spreadsheet, modify the check boxes in the Select items to include section.

For example, you might only want to work with a particular file group or table type. General user and role properties (such as name, email, and so on) are always included in the spreadsheet.

Clear the check boxes for any items that you do not want to display in the spreadsheet. You can select or clear items by major category (File Groups, Tables, and so on), or you can expand the major categories to select or clear the individual items (such as individual file groups).

Optional. If you want to filter the users that display in the spreadsheet, select the Filter users check box. By default, the spreadsheet displays all users, roles, and subsystems for the current system.

If Filter users is checked, you can specify the following options to filter users:

Item	Description
Include users who are	Select the following options to include those users in the spreadsheet: Enabled users Disabled users By default, both options are selected, which means that both enabled and disabled users will be included in the spreadsheet. If both options are cleared, only roles (and subsystems, if applicable) are included in the spreadsheet.
Include users in these roles	If you want to only view users that belong to specific roles, select the check boxes for those roles. You can also choose to view users who do not belong to any roles. You can use the Select All and Clear All links to select or clear all roles. This selection also limits the role records that will be included in the spreadsheet.
Include users from these subsystems	If you want to only view users that belong to specific subsystems, select the check boxes for those subsystems. You can also choose to view users who do not belong to any subsystems. You can use the Select All and Clear All links to select or clear all roles. This also limits the subsystem records that are included in the spreadsheet. This option only displays if subsystems are enabled for your system.

Item

Description

Include users who are

Select the following options to include those users in the spreadsheet:

Enabled users
Disabled users

By default, both options are selected, which means that both enabled and disabled users will be included in the spreadsheet.

If both options are cleared, only roles (and subsystems, if applicable) are included in the spreadsheet.

Include users in these roles

If you want to only view users that belong to specific roles, select the check boxes for those roles. You can also choose to view users who do not belong to any roles. You can use the Select All and Clear All links to select or clear all roles.

This selection also limits the role records that will be included in the spreadsheet.

Include users from these subsystems

If you want to only view users that belong to specific subsystems, select the check boxes for those subsystems. You can also choose to view users who do not belong to any subsystems. You can use the Select All and Clear All links to select or clear all roles.

This also limits the subsystem records that are included in the spreadsheet.

This option only displays if subsystems are enabled for your system.

Selections from multiple categories are combined. For example, if you select the Finance role and subsystem 5, the spreadsheet contains all users that are in either the Finance role or subsystem 5 (not users who only belong to subsystem 5 and the Finance role).

Click OK.

The spreadsheet opens with the selected security options.

Edit existing records

To edit the settings for a user, role, or subsystem, make changes directly in the spreadsheet. See the following section Security settings in the spreadsheet interface for more information about editing settings within the spreadsheet interface.

NOTE: You cannot edit user login names or role and subsystem names within the spreadsheet interface. If the name is changed, it is saved as a new record, and the existing record remains unchanged.

For subsystem admins, only users and roles that belong to their assigned subsystems are brought into the spreadsheet. Subsystem settings are not brought into the spreadsheet.

Add new records

You can add new users, roles, and subsystems within the spreadsheet interface.

To add a new user, enter the new user's login name in an empty cell in row 1 or column A (depending on the spreadsheet orientation), and complete the preferred security settings for that user. Note the following:

Last name, first name, and email address are required for new users. If these items are blank, a save error is displayed. Other user properties, such as license type and authentication type, use the same default values as when you add a new user in the Security Management page.
You can enter a password or leave the password blank. If left blank, the user is assigned a randomly generated password.

To add a new role, enter the role name in an empty cell in row 1 or column A (depending on the spreadsheet orientation), prefixed by role:. For example, enter role:MyRole. If the name is not prefixed by role:, it is interpreted as a user login name. Be aware of the following items:

No other settings are required to save a role.
To assign users to the new role within the spreadsheet interface, you must add the role name to each individual user. There is no option to add users directly to the role record, like you can within the Security Management page.

NOTE: Adding subsystems works identically as adding roles, except the subsystem name must be prefixed by subsystem:. For example, subsystem:MySubsystem.

When adding new users, roles, or subsystems to the spreadsheet, all settings must be entered (or copied and pasted from other records). Dropdowns are only available when editing existing records. For more information on the valid inputs for the settings, see the following section Security settings in the spreadsheet interface.

Users who are subsystem administrators can only create new users and roles. The new users and roles must be assigned to their subsystem.

Delete records

You can delete users, roles, and subsystems within the spreadsheet interface. To delete a user or role, set Delete to Yes.

NOTE: When editing security in a spreadsheet, you can delete a role or a subsystem regardless of whether any users are assigned to it. The users will be updated to remove the assignment.

Users who are subsystem administrators can only delete users and roles that belong to their subsystem.

Save changes

To save changes made in the spreadsheet:

On the Axiom tab, in the File Options group, click Save.

A confirmation prompt lists the number of users, roles, and subsystems that you are about to update, create, or delete.

Settings are validated before the save occurs. If errors are found, they are displayed in the Save Errors pane. Any errors must be resolved before the save can occur.

After a successful save, you are prompted to refresh the spreadsheet to bring in the most recent data.

Security settings in the spreadsheet interface

The following is a reference for completing or editing security settings using the spreadsheet interface.

NOTES:

If an item is not explicitly described here, its input is the same as in the Security Management page. This section only describes items that are completed differently than in the Security Management page.
Most check boxes in the Security Management page correspond to TRUE (checked) and FALSE (unchecked) in the spreadsheet interface. Any deviations are noted in the following table.

For more information about the purpose of each security setting, see Configure security settings.

Item	Description
Login, role, or subsystem	The user's login name, the role's name, or the subsystem's name. Role names must be prefixed by `role:`. Subsystem names must be prefixed by `subsystem:`. For example, to create a role named Finance, enter `role:Finance`. If users have been imported from Active Directory, those usernames are prefixed with the Active Directory domain. For example, Corporate\JDoe. NOTE: You cannot rename existing records using the spreadsheet interface. If a name is changed, it is interpreted as a new record.
Delete	Select Yes if you want to delete the record. Otherwise, leave the default of No.
General	This section works the same way as the Security Management page, with the following exceptions: Role assignments: For users, you can view and edit the list of roles that the user is assigned to. Each role name is separated by a semicolon. (The same thing applies to subsystem assignments if subsystems are enabled.) User assignments: For roles, you cannot view or edit the list of assigned users in this interface. If you want to view all users assigned to a role or edit this list from the role perspective, then you must use the Security Management page. NOTE: The password display is always blank. You can change a user’s password by entering a new password. When you save and then refresh the spreadsheet, the password field reverts to blank.
Permissions	For users, specify one of the following: Inherit: The user inherits the permission from any role assignments. True: The user is explicitly granted this permission; role inheritance is ignored. False: The user is explicitly denied this permission; role inheritance is ignored. For roles and subsystems, specify either True or False.
File Groups	This section works the same way as the Security Management page with the following exceptions: FGName [calc method permission]: This item combines the Allow Calc Method Insert and Allow Calc Method Change options from the Security Management page. Valid entries are Insert, Change, or Insert/Change. FGName [create new records]: This item is listed for all file groups, but only applies to on-demand file groups. A save error results if this item is set to TRUE for a standard file group. If a user has multiple permission sets, you can only edit the first set within the spreadsheet interface.
Tables and Table Types	All table types are listed first, followed by all individual tables. If [write filter enabled] is False for a table or table type, the user or role's write access permissions are the same as their read permissions. In this case, the other write access permissions in the spreadsheet can be ignored because they do not apply. For example, the following user has full read and write access to the GL table type, because [full read access] is True and [write filter enabled] is False. Even though [full write access] displays False, it does not matter because the setting does not apply. If [write filter enabled] is True, the [full write access] permission and the [write filter] permission determine the user's level of write permissions.