User Security - Configurable Features

Our hospital went live on MT almost 2 years ago. Our goal in this go live was to keep our system as 'vanilla' and close to 'as delivered' as possible. This was for two reasons, 1) Ease of CU application and validation and 2) Ease of system administration. This applies to both the infor pages (LPL) and Security Roles & Classes. During the implementation process, our Infor consultants strongly advised us against using the Security Role Configurable Features.

Issue:

After year of production usage, we have now realized that default delivered from INFOR does not allow users, (even admins), to see deleted records. This includes showing deleted records in any replicated data. While for normal day to day users, this is not an issue, but for administrators this is proving to be a large issue when trying to back into problems and recreating scenarios

After several tickets over the course of the last year, the only thing I can get from INFOR with any certainty is that you cannot turn on configurable features by role. It has to be configured for ALL roles or none. This creates a huge testing effort as now all roles now have to be tested. Secondly, I cannot get any straight answers from INFOR on the impacts of this to the CU's. Does this now mean that every role has to be tested for every CU to ensure the features are not broken or turned off/on when they are not needed.

Anyone with experience with these settings and how they are managed would be greatly appreciated.

FYI - I also posted this in the developer community.

Find more posts tagged with

Accepted answers

All comments

ron-newberry-jr

Hello, while opening the ability to change configured features is an all or nothing concept, the features you enable are specific to a role. If you enable Configurable Features, go into Edit Mode and open a role, any role. From that screen you should see a hyperlink next to the Configurable Features Enabled flag called View Configurable Features For All Roles. This will open a list view with all roles and there you can toggle on and off the specific features you want to enable or shut off by role. I hope this helps.

Jimmie Smith

Thank you Ron! One question - Once you turn this on for all roles, (regardless of if the defaults were changed or not), what is the process for validating the security for each CU and release?

sfrazier

Have you entered an enhancement for this, although we are not live yet, I think this is something too our organization could use an alternate approach for?

Thanks for the information

jennie-granberg

@ron-newberry-jr although I understand you are turning on just one role, all the other roles the users with that role have will also have the same abilities. For example, we are working on testing configurable features too, but for Saved Searches and if I turn on Saved Searches on the Buyer Role, any other role that employee has assigned to them will also have the ability to Save Searched, ie: Purchasing Manager, etc. Is that intended?

Also, it is in my understanding that in the past, once you turn on Configurable features all the features listed are now "active" and can be turned on or off...but what you see as the default on the role isn't always accurate because some features are system delivered and that overwrites role delivered, correct? How would one know what features are system delivered? We're struggling with the concept of testing due to how many combinations of roles there could be and making sure if we turn on Configurable features it doesn't disrupt something a user already has access to.

Jimmie Smith

I agree - I want to make sure I understand enough of the impacts before I do this. After two years - the only issue I have that is requiring this configuration is seeing deleted/future records. I would think this is default for administrators and would not have to require all this.

ron-newberry-jr

You are correct on all of the above. Most users will have multiple roles so turning on the feature will allow that user with multiple roles to have it anywhere in the system they have access. It is a slippery slope as, for instance, we enabled Saved Search within the new pivot analysis screens but the roles have to be updated on a per tenant basis to allow the capability to show. While turning on the Configurable Features, most users will not have access to make the role-specific additions/subtractions from the enabled features within. If a feature requires a configurable feature, then yes, that will override the role specifics.

ron-newberry-jr

Hi Jimmie, I am not sure I understand. If I have it right, your question is about what to test when a CU occurs? If so, I would check Release Notes to understand what changed and under what conditions and then test accordingly.

maphillips

One thing we did is create custom roles for the specific configurable feature needed when the feature should not be applicable to all holders of a role. We have a custom SpreadsheetDesignerUpload role and a SpreadsheetDesignerQuery role with only the specific configurable feature applied. Provides more granularity and can control who has access to the feature specifically by role. This also works if you use position to role user provisioning.

Jimmie Smith

@mark Phillips that is an interesting idea. So in your scenario - you set the enable features for all roles - left the default to all roles as they were, then created special roles to only turn on the feature you wanted and assigned to the users who needed it. This removed the fact that it applied to all users and also kept you from having to retest existing roles, correct?

sandra_anderson

See also ER 98651 - Show Deleted And Future Records functionality - New

Jimmie Smith

It may be me, but I cannot find that ER in the new ERS via concierge. Can you post a link?

sandra_anderson

You will need to 'Load All' to get to 98651.
Link - mingle-portal.us2.prd3.inforcloudsuite.com/.../

unknown

Please note that ERS Id 98651 - "Show Deleted And Future Records functionality" has recently had its status changed to "Researching".

If you haven't endorsed this yet, please consider doing so. Thanks!

Copyright © 2025 Infor. All rights reserved.