Use the Restricted check box within the authority role in setup to prevent authorized users who can edit Profiles from increasing permissions or increase system rights via the Authority Override field located in the person Profile tab.
This means if the Restricted check box is not checked then the restriction is turned off for that authority role and any user who can access & edit other people’s Profile tab will have access to that authority role.
For example, suppose the authority Full Access does not have the Restrict check box selected. Don, a data entry clerk has permission to add and edit profiles for personnel. This means Don can change any user’s system rights to full access because Don has access to the override authority menu and Full Access is not restricted and therefore visible in Authority Override menu.
Restricted authority roles are only accessible to authorized users who have the permission Setup: Authority in their system authority assignment. This means, if the user has Setup: Authority and Add, Edit Profile... rights then the restricted Full Access authority in the previous example appears in the Authority Override menu.
Best Practice |
---|
At minimum, select the Restricted check box on the authority role of Full Access. |