Now that you have created all the major configuration objects, you can proceed to defining user roles. Administration of a 1C:Enterprise user list and assigning user roles according to job responsibilities is an important part of applied solution interface design, it is how you specify access rights for individual users and actions that are available to them. This is the topic of this lesson.
Until now any user had full access to all sections of your applied solution and to all the configuration objects and commands used in these sections. However, in real life restricting user access to some data stored in the infobase is an important requirement.
For example, managers obviously need to have full access to all the data in the database, while stock clerks, by contrast, only need access to the data related to product receipts and expenses in warehouses without being able to access accounting or human resources data.
Additionally, you need a way to restrict the actions that users can perform on database objects. For example, stock clerks can create and modify receipts since it is their responsibility to account for materials within the company. Technicians may need to view the goods receipts in order to know which products have been received and when. However, technicians do not need the ability to make any changes to those receipts.
A configuration object named Role is intended for defining user rights. Using this object, a developer can describe a set of rights to execute some actions on specific database objects and on the configuration as a whole.
As a rule, a role is created separately for each type of activity, and each user is assigned one or more roles.
When a user is assigned multiple roles, access is granted or denied based on the following rules:
- If any of the roles has the permission, access is granted
- If none of the roles have the permission, access is denied