Skip to main content

Rights — Users / Menus

The Rights — Users / Menus screen joins the effective rights matrix to the menu tree. One line per (Application, User, Role, Object) quadruplet, with the menu breadcrumb (root, level 1 — 3) carried on each row.

This is the answer to "how does the user actually get to that object?". A right exists in theory once SER_RUN = 'Y', but the user can only exercise it if a menu path leads there — or if they know the form name and call it directly.

At a glance

Nomasx-1 · Applications · Rights · Users / MenusUSERROOTLEVEL 1LEVEL 2OBJECTFORMROLEAPMGRG0911Accounts PayableDaily ProcessingP0411W0411AACCT_APAPMGRG0911Accounts PayableSetupP0401W0401AACCT_APAPMGRG43ProcurementApprovalP43081W43081AAPPROVERAPMGR— (no menu)Right granted but no menu pathP03B11W03B11A— (direct)User APMGR · 4 paths · 1 right with no navigation

Goal of the view

For each effective right held by a user, surface the menu path that leads to it:

  • Reachable rights. Most rows pair a right with a menu breadcrumb — the user has both the permission and the navigation.
  • Hidden rights. A right with an empty menu path means the user can technically run the object but no menu entry reaches it. Either the access is exercised through a direct URL / form name, or it is the leftover of a navigation reorganisation.
  • Walkthrough by area. Filtering on Level 1 narrows the rights review to one business area — easier to discuss with the area owner.

Columns

ColumnSourceWhat it tells you
Application IDSER_APPS_ID — application identifier. Filterable.Which application the right applies to.
User IDSER_USER_ID — user holding the right. Filterable, scoped to the application.The right's effective holder.
Role IDSER_ROLE_ID — role granting the right. Filterable by source.The role the right came from.
ObjectSER_OBJECT — technical object. Filterable, scoped to the application.What the right unlocks.
FormSERL_FORM — form code within the object.Specific form.
VersionSER_VERSION — processing version.Configuration variant.
Run / Add / Change / DeleteSER_RUN, SER_ADD, SER_CHG, SER_DELY / N.Action flags.
Root / Menu ID / Level 1 — 3MENU_ROOT, MENU_ID, MENU_LEVEL1, MENU_LEVEL2, MENU_LEVEL3 — text.Menu breadcrumb. Empty when no menu path reaches the right.

Tips & best practices

  • Filter on a User ID then sort by Level 1 — a clean walkthrough of what the user can do, by business area.
  • Rows with an empty Root are rights the user can technically exercise but cannot reach through a menu. Flag them when discussing access cleanup — the easiest is usually to revoke the right rather than reinstate a navigation.
  • Filter on a Menu ID to see every user that can reach a given menu leaf. A high count on a sensitive menu is the row to challenge first.
  • Compare with Roles / Menus to confirm the role grants the menu navigation (not just the right).