Contacts      About the site
home Reviews

Accounting info. Adding a user to the infobase Setting up access groups 1c 8.3

01.06.2018

How to configure user access rights in a standard configuration of "1C: Enterprise Accounting" edition 3.0 so that each user can create, view and edit documents of only certain organizations.

The functionality of the standard configuration "1C: Enterprise Accounting" version PROF allows you to keep records on behalf of several organizations (legal entities or individual entrepreneurs) in one common information base, which allows you to use common directories and obtain summary analytical information for several organizations included in the group at once companies.

Naturally, this creates a need for some users to be given the opportunity to work on behalf of only one or several strictly defined organizations and to limit access to data from other organizations.

In programs on the 1C:Enterprise 8.3 technology platform, this problem is solved using the mechanism for restricting data access at the RLS record level, which can be deciphered as Record Level Security (record level security) or Row Level Security (row level security).

Previously, this mechanism had to be built in configuration mode with the help of programmers. In the standard configuration of "1C: Enterprise Accounting" edition 3.0, the functionality of the access restriction mechanism across organizations is already included in the standard functionality and can be enabled and configured by an ordinary user (with administrator rights) independently without the help of specialists.

This method of setting up RLS access rights by organization can be used in the standard configuration "Enterprise Accounting" edition 3.0, both in the local version installed on the user's computer and in the cloud version of 1C: Accounting.


Let's look at setting up RLS using the example of a standard configuration of "1C: Enterprise Accounting 8" edition 3.0 ("Taxi" Interface).

Initial data.

There is an information base in which records are kept of four organizations, of which one is an individual entrepreneur and three are LLCs (see figure)


This information base will have one Administrator and three users: a chief accountant, one department head and a sales manager.



You need to set up user rights as follows:

Settings

The first step is to enable the ability to differentiate access rights by organization. To do this, in the "Administration" section, select "Setting up users and rights"


In the form that opens, in the “Access groups” subsection, check the box next to “Restrict access at the record level.”

Please note that enabling this mechanism for separating rights can lead to a significant decrease in the speed of the system (especially if it was not working quickly before) and increased performance requirements for the computer and server equipment used.
The reason for the decrease in operating speed is that additional selections are added to standard queries when accessing data, and each time the user accesses any information base data, the program will carry out additional checks.
Therefore, before enabling this setting, we recommend that you first check its effect on the speed of the program on a test copy of your infobase.

After this, in the “Users” directory, select the user whose rights we will configure and click the “Access Rights” button.

The "Administrator" profile allows access to all data of all organizations; additional configuration of administrator rights is not required. The system must have at least one user with administrator rights.

First, let's set up the rights of the chief accountant "Ivanova Anna Sergeevna", who needs to be given full access to all organizations.


The rights settings window will open.

You must select the user profile "Chief Accountant".


The chief accountant must have full access to all organizations, so in the right window, in the “Access Value” column, select “All allowed.”

To be fair, it can be noted that the “Chief Accountant” could be assigned “Administrator” rights - this would automatically give access to the data of all organizations, but then the Chief Accountant would also have system administration items in the interface.
This can be done if there is no separate administrator and his role is played by the chief accountant, but you should not assign more than one role to one user.

If the configuration describes several roles with record-level access restrictions (RLS), we do not recommend assigning more than one such role to one user (for example, accountant and HR officer), because when all queries are executed, the conditions of both RLSs will be added to their conditions using logical OR, which can lead to a decrease in the speed of query processing and, ultimately, the entire program

If the settings are made in the cloud service "1C:Fresh", then when saving the settings, the program may request confirmation of changes in access rights, for which you will need to enter the password of the user on whose behalf the settings are being made.


The next user is Vladimir Ivanovich Popov, who needs to be given full access to the documents of one organization "IP Popov V.I."

Restricting access to data can be configured in two ways: according to the “white” or “black list” principle, i.e. the user can configure access to the list of allowed organizations and then the user will have access to the data of the organization that is listed in this list, or vice versa, configure the list of prohibited organizations and then the user will have access to the data of all organizations in the information base, except for those specified in this list.


Select the “Chief Accountant” profile, in the “Type of access” column in the upper right window, select “All prohibited”. After that, in the “Allowed Values” window, click the “Add” button and select IP Popov V.I. from the drop-down menu.

Save the settings.

Let's move on to setting up the rights of the next user, Petr Nikolaevich Sidorov, who needs to be given access only to the extract of primary documents of the sales department on behalf of only two organizations: Leader LLC and Furniture Man LLC.

Select the “Sales Manager” profile. Select the access value “All denied”. In the “Allowed Values” window, first select LLC “Leader”, and then click the add button again and select the second organization LLC “Furniture Man”.

Save the settings.

If this information was useful to you, then like the article on social networks and share the link on your favorite forums))).

Online Company, 2018

How to configure user rights by organization in 1C: Accounting Enterprise edition 3.0, Limiting user access rights at the record level to data of only one organization in 1C: Accounting using the RLS (Record Level Security) mechanism, The user should see documents only of his organization in a multi-company information base 1C:Accounting, How in 1C:Accounting can I use the mechanism for restricting access at the record level (RLS - Record Level Securiy) to configure user rights to documents of only one organization? Setting up a mechanism for separating rights at the RLS (Record Level Security) record level in 1C: Accounting 8.3. In an enterprise, in one information base of the 1C: Enterprise Accounting 3.0 configuration, records are kept for several organizations and database users need to configure access so that each user can see documents of only the necessary organizations? How to allow a user to access data from only one organization in 1C: Accounting 8.3, Configuring the RLS system to limit user rights to access documents of only one organization in the 1C: Enterprise Accounting version 3.0 configuration, How to configure access restriction at the level of RLS records in a typical 1C configuration :Accounting 8.3, Access restrictions by organization in 1C:Accounting 8.3. using the RLS mechanism, How to configure user access rights to data of only one organization in 1C: Accounting 8.3, How to hide organizations for some users in 1C: Accounting 8, Setting up the RLS (Row Level Security) system in 1C: Enterprise Accounting edition 3.0, Restricting access to data of only one organization for a specific user in 1C: Accounting 8.3, How to configure user access rights by organization in a typical configuration of 1C: Enterprise Accounting edition 3.0, How to enable the ability to configure access restrictions at the record level in typical configuration of 1C: Enterprise Accounting rev.3.0, How to allow a user access to documents of only one organization in multi-company accounting in 1C: Accounting, How to configure user access rights to documents of only one organization in the 1C: Enterprise Accounting 3.0 configuration, Setting up the RLS (Record) system Level Security - restriction of rights at the record level) in the 1C: Enterprise Accounting ed.3.0 configuration, Configuring RLS mechanisms to limit user access rights to data of only one organization in the 1C: Enterprise Accounting ed. 3.0, Restricting access to documents of only one organization for a specific user in 1C: Enterprise Accounting 3.0, How to hide documents of one organization in a common 1C: Accounting database for one user, Several organizations are kept in one 1C: Accounting information base, how to set up RLS to could the user see documents only from his organization? An enterprise maintains multi-company accounting in one 1C:Accounting information base, and database users need to configure access so that each user can create, view and edit documents of only certain organizations? How in 1C: Accounting 8.3 using the RLS mechanism (Record Level Security - restriction of rights at the record level) to configure a restriction of document visibility for a specific user in the context of selected organizations?


Tags: Setting up RLS in 1C: Accounting 8.3, How to set up restricted rights at the record level in 1C BP 3.0

By default, when creating a database on the cloud from a template, you must select a user to enter the program Administrator, with empty passwords.
It is not recommended to use this account for everyday work.
To differentiate access rights and increase the level of security, it is recommended to create user accounts and specify certain permissions for working with the database.

Creating users for 1C 8.2 databases

To create a list of users, open the database in mode Configurator.

Go to the "Administration / Users" menu. To manage the list of users, you must have Full rights in the database.


Click the "Add" button.

In the window that opens, fill in the fields:
Name- the name that will be displayed in the user selection list.
Full name - the name that will appear in the database when performing operations.
flag Authentication 1C:Enterprise- allows you to set a password under which the user will log into this database.
flag Show in selection list- allows you to hide or show the user in the launch window. If the user is hidden in the selection list, then you can log in using his data by directly entering his name and password.


flag Operating system authentication allows you to link an account on 42 Clouds with an account in the 1C database.
When installing this option, you will need to select from the list your login on the 42 Clouds website(tip: start typing your username to search the list).


On the "Other" tab, you need to specify for users the roles that they can perform in the database.
The list of roles depends on the user's responsibilities.
Note! To launch the database on the cloud, check the “Run thick client” and “Run thin client” flags.

After specifying the required settings, click OK. Now the created user can work in the database.

Creating users for 1C 8.3 databases

Creation of new users in such configurations as Trade Management 11.1, Enterprise Accounting (edition 3.0) occurs in the mode of working with the database, in the Users directories. Created users will be included in the Configurator automatically after creation.

Go to the menu “Administration / Setting up users and rights / Users”. Click the Add button. To manage the list of users, you must have Full rights in the database.


Enter a name, give permission to access the database (by checking the box) and select an authorization method (either entering a login and password, or logging into 1C under a domain account). The fields "Individual" and "Division" are optional and are used for analytics.


To work with the database, you need to add rights to the user in the “Access Rights” section. The set of groups can be changed and edited in the User Group Profiles directory.

Disabling access to the database

To disable access to the 1C user database, simply uncheck the “Access to the infobase is allowed” flag or change the password.
When setting up a user through the Configurator (for 1C 8.2 databases), it is enough to remove the user from the list.


Creating users for 1C 8.3 databases (Taxi Interface)

To configure access rights, log into the database in 1C Enterprise mode on behalf of the Administrator and go to the User and rights settings / Access group profiles section, click Create group.

Enter the name of the group and check the boxes for the roles available to users in this group. An example group that would allow users to use external processing includes the following roles:

  • Interactive opening of external reports and processing
  • Using additional reports and processing

Click Burn and Close

Return to menu Users and select an employee from the list, click Access rights. In the list of profiles, select the previously created profile. Click Record.

Every novice 1C information database administrator sooner or later faces the question: how to add a user to 1C. And if in version 7 of the program the answer to this question could be given unambiguously: through the Configurator, then in version 8, depending on the version of the program, the methods for adding a user can vary significantly.

Why do you need to differentiate by users?

Each infobase user has a set of specific rights and roles. To limit access to specific configuration objects and eliminate conflict situations associated with incorrect input and correction of information, there is a list of users.

In addition, the user list allows you to:

  1. Adjust the program interface, excluding from the visual display those elements to which access is not needed;
  2. Record changes in the database in the context of this list.

The main rule when editing this list: a user with full (administrative) rights should always be added first.

Adding a user via the Configurator

In fact, from the programmer's point of view, the main list of users is stored in the Configurator. It is this that can be opened by going to the Administration->Users menu (Fig. 1)

In the table that opens, two columns will be visible: “Name” and “Full name” of the user. Actions with an existing user (limiting and adding rights, changing the password, etc.) can be performed by activating the line by double clicking the mouse.

To add a new user, you must click the icon on the command panel of the table or the Insert (Ins) button on the keyboard, as a result, a dialog box will open (Fig. 2)

Rice. 2

Briefly about the form elements on the “Basic” tab:

  • Name – contains textual information that will be displayed in the user selection list when logging in; the name of the current user can be read in the code of the program modules using the Username() method;
  • Full name - can be the same as the username, most often the full name of the employee is written here.
  1. Internal means of the program, for which you need to set a user password;
  2. Operating system tools;
  3. Using OpenID.

The “Show in selection list” checkbox set in the “1C Enterprise Authentication” submenu indicates that the user will be displayed in the list called up when the system starts. If you do not install it, then to log in this user will have to enter his name (as it is set in the Configurator) using the keyboard in the appropriate window.

Rice. 3

There are only four elements on the “Other” tab (Fig. 3):

  • Available roles (by checking certain boxes, you can significantly limit or increase the possibilities for changing information);
  • Main interface (you can adjust the visual display of the system);
  • Language (main program language);
  • Launch mode (managed or regular application).

Adding a user in 1C Enterprise mode

Starting from platform 8.2, adding new users became available in 1C Enterprise mode. For this purpose, the corresponding “Users” directory was added to the database.

In thin client mode, you can access it by going to the “Administration” tab (Fig. 4) -> User and rights settings -> Users

Rice. 4

In the form that opens, to create a new user, you must click the “Create” button. A window will appear (Fig. 5)

Rice. 5

As you can see, some of the elements of this window coincide with the window for creating a new employee in the Configurator. Significant differences in this method of adding:

  • The user can be matched to a specific individual from the corresponding directory;
  • By checking the “Require password setting at login” checkbox, you can additionally protect the database from unauthorized access (the protection mechanism is as follows: the administrator who adds a new element sets the simplest password and tells it to the user, this password is entered when you first log in to the system, and when the system starts, a window appears asking new identification data, so no one except the user will be able to log in to the system);
  • Specific access permissions for a particular user are not issued by turning on and off his roles, but by adding him to certain access groups, where you can get by activating the appropriate link on the form.

The profile that defines the set of rights is stored in the "User Groups" directory; you can change and add a profile in the "User Group Profiles" directory. Thus, the Administrator does not need to control each specific user, changing access parameters is carried out for the entire group as a whole.

In the normal application mode, the "Users" references can be found in the Operations->References menu (Fig. 6)

Rice. 6

In principle, the window for adding a new performer in this mode differs little from those presented above and there is no need to re-describe each of its elements.

In the article, we would like to pay attention to the menu "Additional information" (Fig. 7)

Rice. 7

It contains 4 points:

  1. User Settings;
  2. Contact Information;
  3. Access groups;
  4. Additional rights (not available when the user has a profile).

The first menu item allows you to automate some actions of the performer: set up auto-substitution of document details, display calendars and events, prefixes, etc.

As the experience of using the 1C system shows, the "Additional rights" menu is most often required to be able to enable editing of printed forms of documents. It is here that the corresponding checkbox is located.

The user created in the program will automatically be added to the list in the Configurator. There is no feedback in new versions of the program, which is extremely inconvenient and unusual for administrators working the old fashioned way.

Here we will tell you how to add a new user to work in the 1C:Enterprise 7.7 system.

1. Adding a user in the configurator

Users in the 1C:Enterprise 7.7 system are defined separately for each information base. To add a new user, you need to run 1C in the mode configurator by selecting the required database.

In the configurator that opens, go to “ Administration» — « Users» .

A list of users registered in the current database will open. To add a new one, go to the menu “ Actions» — « New» .

The window “ User Properties". On the " Attributes» fill in:


Now go to the tab " Role» where to choose Set of rights And Interface from the drop-down menu and click " OK» .

The next thing we need to do is create a password to log in to the system. To do this, select the newly added user in the list and go to the menu “ Actions» — « Change password". Then enter the password twice.

This completes the creation of the user. It remains only to save all changes by selecting " File» — « Save» .

User properties are edited similarly to creation, in the same list.

2. Default value settings (only for "Trade and Warehouse" configuration)

If the “Trade and Warehouse” configuration is used, then it is also possible to define default values ​​for the new user.

When a user logs into the system, 1C:Enterprise looks in the directory for " Users» element with a name similar to the user name specified in the configurator. For example, if the user name in the configurator is set as “Onyanov”, then the directory element must have exactly the same name (including spaces). If the element is not found (for example, when the user first logs in), a new position with the same name is created. And in the message window you can see the corresponding inscription:

This directory stores the default settings that will be used when entering new documents, opening reports, etc. throughout the session. To set these values, open the reference book “ Users"(in the standard general interface " Directories» — « The structure of the company» — « Users") and find the required element in it. Or you can click a button with an image of a person sitting at a computer from under the session of this user:

On the " Default values"You can, in fact, select these values.

Or by going to the tab " Main", it is possible to select the user from whom the default values ​​will be inherited.

Having selected the necessary parameters, click “ OK» to save the results.

Did this article help you?

In this article I will look at how to work with users in:

  • create a new user;
  • configure rights - profiles, roles and access groups;
  • how to configure rights restrictions at the record level () in 1C 8.3 - for example, by organization.

The instruction is suitable not only for the accounting program, but also for many others built on the basis of BSP 2.x: 1C Trade Management 11, Payroll and Human Resources Management 3.0, Small Business Management and others.

If you are interested in setting up rights from a programmer's point of view, read.

In the interface of the 1C program, user management is carried out in the "Administration" section, in the "Setting up users and rights" item:

To create a new user in 1C Accounting 3.0 and assign certain access rights to him, in the "Administration" menu there is an item "User and rights settings". Let's go there:

The list of users is managed in the “Users” section. Here you can create a new user (or group of users) or edit an existing one. Only a user with administrative rights can manage the list of users.

Let’s create a user group called “Accounting”, and there will be two users in it: “Accountant 1” and “Accountant 2”.

To create a group, click the button highlighted in the figure above and enter a name. If there are other users in the information base who are suitable for the role of accountant, you can immediately add them to the group. In our example there are none, so we click “Save and close”.

Now let's create users. Place the cursor on our group and click the “Create” button:

In the full name we will enter “Accountant 1”, and the login name will be set to “Accountant1” (this is what will be displayed when entering the program). The password will be "1".

Be sure to make sure that the “Login to the program is allowed” and “Show in the selection list” checkboxes are checked, otherwise the user will not see himself during authorization.

Get 267 video lessons on 1C for free:

Leave “Startup mode” as “Auto”.

Setting up access rights - roles, profiles

Now you need to specify “Access Rights” for this user. But you need to write it down first, otherwise a warning window will appear as shown in the picture above. Click “Record”, then “Access Rights”:

Select the Accountant profile. This profile is standard and configured with the basic rights required by an accountant. Click “Record” and close the window.

In the “User (creation)” window, click “Save and close”. We are also creating a second accountant. We make sure that users are enabled and can work:

It should be noted that the same user can belong to several groups.

We chose access rights for accountants from those that were included in the program by default. But there are situations when it is necessary to add or remove some right. To do this, it is possible to create your own profile with a set of necessary access rights.

Let's go to the "Access Group Profiles" section.

Let's say we need to allow our accountants to view the journal entry.

Creating a profile from scratch is quite labor-intensive, so let’s copy the “Accountant” profile:

And let's make the necessary changes to it - add the role " ":

Let's give the new profile a different name. For example, “Accountant with additions.” And check the “View registration log” checkbox.

Now we need to change the profile of the users we created earlier.

Restricting rights at the recording level in 1C 8.3 (RLS)

Let's figure out what it means to restrict rights at the record level, or, as they call it in 1C, RLS (Record Level Security). To get this opportunity, you need to check the appropriate box:

The program will require confirmation of the action and will inform you that such settings can greatly slow down the system. It is often necessary to prevent some users from seeing documents from certain organizations. It is precisely for such cases that there is an access setting at the record level.

We go again to the profile management section, double-click on the “Accountant with Additions” profile and go to the “Access Restrictions” tab:

“Access type” select “Organizations”, “Access values” select “All allowed, exceptions are assigned in access groups”. Click “Save and close”.

Now we return to the “Users” section and select, for example, the user “Accountant 1”. Click the "Permissions" button:

Using the “Add” button, select the organization whose data will be seen by “Accountant 1”.

Note! Using a mechanism for separating rights at the record level can affect the performance of the program as a whole. Note for the programmer: the essence of RLS is that the 1C system adds an additional condition to each request, requesting information about whether the user is allowed to read this information.

Other settings

The sections "Copy settings" and "Clear settings" do not cause questions, their names speak for themselves. These are settings for the appearance of the program and reports. For example, if you have set up a beautiful appearance of the "Nomenclature" reference book, it can be replicated for other users.

Share with friends or save for yourself:

Loading...
We recommend articles on the topic
Phones
Motorola phones, old models: remember the past
Smartphones with the best camera Phase detection autofocus: a fast and advanced alternative
Smartphones with the best camera Phase detection autofocus: a fast and advanced alternative
For discerning connoisseurs or fanatical fans?
For discerning connoisseurs or fanatical fans?