AME Part Three – Roles and Grants for AME

By default, the “Approvals Management Administrator” and “Approvals Management Business Analyst” responsibilities do not have any functions associated with them, because their access is restricted by Role Based Access Control (RBAC). In this section, I will detail the steps needed to add functions so that we can get into using AME.

Firstly, we’ll create a new user for this demonstration, and assign them the two responsibilities, thus:

Screenshot showing new user creation with responsibilities "Approvals Management Administrator" and "Approvals Management Business Analyst"

If I now log into the eBusiness Suite as that user and try to switch to either of those responsibilities, the system indicates that there are no functions available for the user (see screenshot below).  As I said above, this is because role based access control ensures that only users with the right roles as well as responsibilities can access the functions.

By default, there are no functions available for this user and responsibility

So, now we need to modify the user to give them the right roles to administer AME properly.  As a system administrator, open the “User Management” responsibility, as shown below.

System Administrator - User Management responsibility

If you do not have any functions assigned to the responsibility, then you will need to use the SYSADMIN user and assign the “Security Administrator” role to your user. Select the “Users” option to continue.

Search for the user that you want to add the functions to (in my case, the AMEADMIN user I created earlier), open the user details and then click on the “Assign Roles” button. You are then presented with a search window, where you should search for all Roles beginning “Approval”:

Searching for the AME roles to grant

You are then returned to the user screen, where you should complete a justification for granting the roles to the user – if you don’t then the screen will prevent you from continuing.  Once you have entered the justification, you should then hit the Apply button.

Log out as this user, and when you log in as the AME user, you now have functions associated with the two responsibilities:

AME Administrator now has functions associated with the responsibilities

Now that we have granted the roles to the user, they can access the functions correctly.  However, RBAC means that when we open the Dashboard, the data is still protected and cannot be viewed:

No Transaction Types available

Again, we need to grant some RBAC roles to allow the user to access the different transaction types. The main principle behind this is to enable organizations to split the Transaction Type maintenance between different roles – for example to allow HR Super Users to maintain only the HR rules.

Using a different user, navigate to the Functional Administrator responsibility and click on the “Create Grant” button to create the new grant. In this example, we will create a specific grant for the AMEADMIN user, however in the real world it is more likely that you will create the grant for a group of users. The Object is set to “AME Transaction Types”, thus:

Define a grant for the AMEADMIN user

In the second step, accept the default data context type of “All Rows” and continue to the third step. Define the “Set” to be “AME Calling Applications” as shown in the following screenshot:

Choose the "AME Calling Applications" set to define access

Finally, review the settings that you have entered and click on the “Finish” button. In order to ensure that the changes are replicated, now flush the cache by clicking on the “Core Services” tab then choose the “Caching Framework” sub-menu. Choose “Global Configuration” from the sidebar and then click on the “Clear All Cache” button. You will be presented with a warning message (see below) which you can ignore and click on the “Yes” button.

Cache reset warning

Log out of this user and log back in as the AMEADMIN user, and navigate to one of the AME responsibilities – you are now given a list of the AME Transaction Types that are configured in the system:

User can administer Transaction Types

In the next blog post, I’ll be providing a practical example of customizing AME within iRecruitment.

3 thoughts on “AME Part Three – Roles and Grants for AME

  1. This post is great – thank you very much. One thing – when I got to the FINISH button – I then got an error “you have encountered an unexpected error”. I found the solution at another post
    “We need to set the AME: Installed Profile option as well to make it work. Set this profile option to Yes at application level (Human Resources).”
    After setting this profile the Grant was saved correctly

Comments are closed.

By continuing to use the site, you agree to the use of cookies. more information

In common with almost all professionally run websites, this website logs the IP address of each visitor in order to keep it running reliably. This is also essential for protecting the website and its visitors from malicious attacks, including infection with malware.

This website provides information as a service to visitors such as yourself, and to do this reliably and efficiently, it sometimes places small amounts of information on your computer or device (e.g. mobile phone). This includes small files known as cookies. The cookies stored by this website cannot be used to identify you personally.

We use cookies to understand what pages and information visitors find useful, and to detect problems such as broken links, or pages which are taking a long time to load.

We sometimes use cookies to remember a choice you make on one page, when you have moved to another page if that information can be used to make the website work better. For example:
- avoiding the need to ask for the same information several times during a session (e.g. when filling in forms), or
- remembering that you have logged in, so that you don’t have to re-enter your username and password on every page.

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit.