Skip to main content

How To Configuring Users, User Roles and User Templates

Introduction

The purpose of this guide is to show how to configure Users, User Templates and User Roles to allow you to set up different access to meet your organisation's needs.

Access covers a certain set of functions a user will be allowed to perform. For example, a Sales Assistant might be able to sell but not do returns, or there may be tendering limits for certain groups. In order to do this, this guide walks you through how you can define and configure your own User Roles with the set of enabled permissions (privileges), configure new User Templates and Users, and be able to assign the User Roles to specific Users as required.

Overview

This guide covers the configuration for the following:

  1. User Role Configuration - to set up and assign privileges so as to assign what functions a User can have access to perform.
  2. User Template Configuration - to template a set of users with common behaviour using User Templates.
  3. User Configuration - to set the user information, passwords and individual user settings.
  4. User Group Configuration - to set up a hierarchical structure to group users for group selection such as task allocation.
  5. User Team Configuration - to set up a team of users that associates with a location and cost centre. A team manager, the users who belong to the team and the customers that the team supports are specified here as well.
  6. Functional Authorisation Codes - limiting users' tender limits and reason code limits.

User Role Configuration

The User Role configuration element provides a convenient method of grouping together privileges, which may then be associated with one or more Users who require them. This allows certain users to access only certain functions, for example: Returns, Loyalty, Ordering.

The most basic elements of application functionality in Enactor Retail are Functions, and these are typically associated with Privileges which are a requirement for access to the Function. Each function requires that a privilege is available in at least one of the User Roles associated with the User's Account, which grants access for the User to run that function. All functions and their privileges are grouped into Processes, and these Processes are grouped into Packages.

User Role

To create a new User Role, navigate to User Role Maintenance using the Search or the path: Main Menu > Configuration > HR > User Roles

Navigation path showing Main Menu, Configuration, HR, User Roles

On the User Role Maintenance page, select Create a New User Role.

User Role Maintenance list

The User Role Maintenance list shows all configured roles. Select Create a New User Role to begin, or use the action icons to edit, copy, or delete an existing role.

Select the Region from the Region drop-down, then enter a unique User Role ID. The ID can be alphanumeric and contain a maximum of 20 characters. Use of a systematic and business-specific naming convention is recommended.

Create User Role dialog

Select the Region and enter a unique User Role ID - up to 20 alphanumeric characters. Use a systematic naming convention to make roles easy to identify. Click Create to proceed.

The User Role Maintenance page for the newly created User Role is presented with four key tabs: General, Authorised Functions, Special Functions and Report Functions.

General Tab

The General Tab captures the basic identity of the User Role and the Authorisation Level for it.

User Role General Tab

The General Tab sets the role's identity. Enter a meaningful Description and set the Authorisation Level - a value from 0-100 where higher numbers give greater priority when two roles share the same function.
FieldDescription
DescriptionEnter a user-friendly, meaningful name by which Users will be able to identify and select the Role in other locations of the Estate Manager. Use of a systematic and business-specific naming convention is recommended. Maximum 30 alphanumeric characters.
Authorisation LevelA numeric value ranging from 0-100 that ranks this Role against other Roles with the same privileges. A higher value gives a higher priority. For example, the Manager Role should have a higher value than the Sales Assistant Role so that when both use the same function, the Manager is given higher priority.

Authorised Functions Tab

The Authorised Functions Tab is used to assign Privileges for User Roles in relation to Functions. Each Function is associated with a Process and each Process is associated with an Application Package. The tab provides dropdown lists to filter and enable privileges as required.

Authorised Functions Tab

The Authorised Functions Tab controls which functions this role can access. Select an Application Package and Process, then tick the checkboxes for the functions to enable. Use Enable All or Disable All for convenience.

The most commonly used Application Packages are:

Application PackageDescription
Enactor Cash ManagementContains all cash management related functions and privileges for Estate Manager and Back Office.
Enactor POSContains all POS related functionalities and privileges that are accessed when using the Enactor POS.
Enactor Web MaintenanceContains all UI related functionalities and privileges that are accessed when using the Enactor Web Maintenance.

Additional Application Packages available include:

Application PackageDescription
Enactor Address Lookup ServiceContains functionalities and privileges required when accessing AFD, PA, Postcode, QAS and Internal Services.
Enactor Application Download ServiceContains functionalities and privileges required when accessing Application Download Services.
Enactor CRMContains all CRM functionalities and privileges such as Customer Activity Flow Service Access.
Enactor Card PaymentContains ICC Reader related functionalities and privileges for Enactor Card Payment.
Enactor Card Payment ServicesContains all Card Payment functionalities and privileges required when accessing Card Payment Services.
Enactor Core ReportingContains all Reporting functionalities and privileges required when accessing Report functions such as viewing saved reports and charts.
Enactor Customer Orders MaintenanceContains all Customer Order functionalities and privileges for Estate Manager and Order Manager.
Enactor Customer Orders RetailContains functionalities and privileges required for Retail Customer Orders.
Enactor Customer Orders ProcessingContains all Customer Order Processing functionalities and privileges for running Customer Orders.
Enactor DiaryContains functionalities and privileges required for viewing, editing, running and removing entries in the Diary Entry Maintenance of the Estate Manager.
Payment Gateway - Card ServicesContains Payment Gateway Card Service functionalities and privileges for generating card tokens and bulk tokenisation.
Receipt MaintenanceContains all Receipt functionalities and privileges required when accessing Receipt-based functions in the Receipt Maintenance.
Enactor Repairs ManagerContains all Repairs Management related functionalities and privileges for Repairs Manager.
Restaurant MaintenanceContains all Restaurant Management related functionalities and privileges when accessing Restaurant processes.
Enactor Web Maintenance - CRMContains all UI related functionalities and privileges that are accessed when using the CRM related Maintenance of Enactor Web Maintenance.
Enactor Web Maintenance - InventoryContains all Inventory Management related functionalities and privileges that are accessed when using the Inventory related Maintenance of Enactor Web Maintenance.
note

It is common for a function to have both an allowed privilege and an authorised privilege. The allowed privilege lets the User start the function; the authorised privilege allows them to complete it.

The following example shows how to enable the Allowed and Authorised privileges for Item Return transactions in the Enactor POS for the Manager - Returns Role. Filter the Authorised Functions tab as follows: Application Package > Enactor POS; Function ID > Contains, returnitem.

Filtering Authorised Functions for Item Return

Filter by Application Package and Function ID to locate specific privileges. Entering returnitem in the Function ID filter shows all Item Return-related privileges for the selected package.

You will see the enactor.pos.ReturnItemAllowed privilege (allows starting the Item Return function) and the enactor.pos.AuthorisesReturnItem privilege (allows completing the Item Return function). Check both checkboxes and click Save.

Item Return privileges enabled

Tick both the Allowed privilege (lets the user start the function) and the Authorised privilege (lets them complete it). Click Save to apply the changes to the role.
tip

The example above assigns only Item Return privileges. In a more realistic scenario, other return-related privileges such as tender rules and receipt returns should also be assigned to this User Role.

FieldDescription
PackagesSelect from a drop-list of available packages, for example Enactor POS. The various Processes and Functions of the Enactor Retail System are organised into Packages.
ProcessesSelect from a drop-list of all available Processes defined for the selected Application Package.
Enable/Disable PrivilegesA fixed set of Functions and their checkboxes is presented for the selected Process. Checked checkboxes indicate the Function is enabled for this Role. Convenience options below the table allow all checkboxes for the selected Process to be enabled or disabled at once.

Special Functions Tab

The Special Functions Tab is used to create and remove User-defined Function Codes, which are further described in the Functional Authorisation Codes section of this guide.

Special Functions Tab

The Special Functions Tab lists Functional Authorisation Codes for this role. Tick a code's checkbox to activate it. See the Functional Authorisation Codes section of this guide for full configuration details.

Report Functions Tab

The Report Functions Tab is used to select a User-Defined Report Category and configure permissions for the Role to enable or disable individual elements of Reporting-specific functions. The Report Categories are configured using the Report Categories Maintenance (not covered in this guide).

Select a Report Category from the list on the left-hand side of the page, then enable or disable permissions for specific functions. The Enable All Process Functions and Disable All Process Functions options are available for convenience.

Report Functions Tab

The Report Functions Tab controls report access for this role. Select a Report Category on the left, then enable or disable individual report functions on the right.

After configuring all four tabs, click Save to complete creating the new User Role.

This completes the User Role configuration.

User Template Configuration

User Templates can be set up and assigned to a User so that common behaviour can be applied to many Users. This makes it convenient to create new Users, since all the functional roles configured in the User Template apply automatically to any new User created from it. A User Template can be set up for a specific type of user, for example: Store Operator, Store Manager.

Using templates also means that if a new privilege is added to a Role, all Users based on that template will automatically benefit from the change, without needing to edit each user individually.

User Template

To create a new User Template, navigate to User Template Maintenance using the Search or the path: Main Menu > Configuration > HR > User Templates

Navigation path showing Main Menu, Configuration, HR, User Templates

On the User Template Maintenance page, select Create New User Template.

User Template Maintenance list

The User Template Maintenance list shows all configured templates. Select Create New User Template to begin, or use the action icons to edit or copy an existing template.

Enter a unique Template ID. The ID can be alphanumeric and contain a maximum of 20 characters. Use of a systematic and business-specific naming convention is recommended.

Create User Template dialog

Enter a unique Template ID - up to 20 alphanumeric characters. Use a name that reflects the user type, such as STORE_MANAGER or SALES_ASSISTANT. Click Create to proceed.

The User Template Maintenance page for the newly created User Template is presented with five key tabs: General, Roles, Security, Access Times and Associated Locations.

General Tab

The General Tab captures the basic information of the new User Template.

User Template General Tab

The General Tab sets the template's identity and default values. Enter a Template Description and set field rules - Optional, Fixed, or Mandatory - to control how each field behaves when a new user is created from this template.
FieldDescription
Template DescriptionEnter a user-friendly, meaningful name by which Users will identify and select the Template in other locations of the Estate Manager. Use of a systematic and business-specific naming convention is recommended. Maximum 30 alphanumeric characters.
LocaleSelect from a drop-list of all configured Locales.
Rules for specific fieldsWhen creating a user from a template, field rules are inherited from the User Template. Optional - the field will be optional when creating a new user. Fixed - the field will be pre-filled and cannot be changed when creating a new user. Mandatory - the field must be entered when creating a new user.

Roles Tab

The Roles Tab allows you to specify the Roles that have been configured in User Role Maintenance for this User Template. Select the checkbox corresponding to each required Role.

User Template Roles Tab

The Roles Tab assigns User Roles to this template. Tick each role the template users should inherit - all ticked roles are automatically applied to any user created from this template.

Security Tab

The Security Tab contains security-related configurations. Setting values in the User Template saves time when setting up new Users. Security tab settings can also be configured as optional, fixed or mandatory.

User Template Security Tab

The Security Tab sets password policy and sign-on behaviour. Configure Minimum and Maximum Password Length, Password Expiry Time, and inactivity delays. Use field rules to control what can be overridden at the individual user level.
FieldDescription
Preferred Authentication MethodSelect from a fixed drop-list: Default Enactor Internal or Active Directory.
Single Sign-On User IDA User ID (alphanumeric; maximum 20 characters) used for linking to single sign-on directory services such as Active Directory.
Single Sign-On Common NameCommon name for single sign-on use.
Minimum Password LengthThe minimum length of the password. Integer value, minimum 1.
Maximum Password LengthThe maximum length of the password. Integer value, maximum 20.
Password Expiry Time (days)Number of days until the password expires. Integer value, maximum 999; 0 means unlimited.
Force Alpha-Numeric PasswordIf checked, the User will be forced to use alphanumeric characters when changing their password.
Force Mixed Case PasswordIf checked, the User will be forced to use mixed-case characters when changing their password.
Prevent Password Re-UseIf checked, the User will be prevented from using a previously used password.
Prevent Password similar to User IdIf checked, the User will be prevented from using a password that bears similarity to the User ID.
Inactivity Delay (seconds)The delay in seconds after which this User is automatically logged off the POS system. Maximum 86400; 0 means unlimited.
Maintenance Inactivity Delay (seconds)The delay in seconds after which this User is automatically logged off Web Maintenance. Maximum 86400; 0 takes the value of the Inactivity Delay field above.
Training ModeIf checked, this User is operating in training mode and will have reduced privileges.
Disallow Multi-Device Sign OnIf checked, this User is prevented from signing on to the system at more than one location at any one time.
Allow Sign-On with Card OnlyIf checked, this User can only sign on to the system with a card.
Skip Password Validation if Sign-On with CardIf checked, password validation will be skipped if this User logs on using a card.
Rules for specific fieldsOptional - the field will be optional when creating a new user. Fixed - the field will be pre-filled and cannot be changed. Mandatory - the field must be entered when creating a new user.

After configuring all tabs, click Save to complete creating the new User Template.

This completes the User Template configuration.

User Configuration

User configuration defines the User Accounts via which staff who have access to the software applications may sign on, and assigns them permissions to the application functions they need to use. User configuration also captures information about the staff member that is required by the system.

The maintenance of User configuration is typically a responsibility of the System Administrator. Each person requiring access to applications of the Enactor Retail System must be identified to the system via a User Account, which provides for authentication at sign-on time and, through enabled Roles configuration, defines their access to application functionality.

User

To create a new User, navigate to User Maintenance using the Search or the path: Main Menu > Configuration > HR > Users

Navigation path showing Main Menu, Configuration, HR, Users

On the User Maintenance page, select Create New User.

User Maintenance list

The User Maintenance list shows all configured user accounts. Select Create New User to begin, or use the action icons to edit or manage an existing user.

Enter a unique User ID. The ID can be alphanumeric and contain a maximum of 20 characters. If you wish to apply a User Template, select it from the Template ID drop-down.

Create User dialog

Enter a unique User ID - up to 20 alphanumeric characters. Select a Template ID to pre-populate settings from an existing template. Click Create to proceed.

The User Maintenance page for the newly created User is presented with eight key tabs: General, Address, Roles, Security, Access Times, E-mail, Biometrics and Associated Locations.

note

When a User Template has been selected, most fields will already be configured by the template. Only a few fields in the General and Address tabs typically need to be completed.

General Tab

The General Tab captures the basic information of the new User. Only Display Name and Surname are mandatory fields.

User General Tab

The General Tab captures the user's identity. Display Name and Surname are the only mandatory fields - the Display Name appears on POS screens and receipts, so it should be recognisable to staff.
FieldDescription
Display NameAlphanumeric; maximum 30 characters. Enter a value that meaningfully associates with the User and by which they and other Users will recognise their User Account. This name is displayed on screens and on receipts.
SurnameAlphanumeric; maximum 100 characters. Enter the User's surname.

Address Tab

The Address Tab captures the standard address information for the User.

User Address Tab

The Address Tab captures the user's contact address. All fields are optional - complete them as required by your organisation's HR records or reporting needs.

Access Times Tab

The Access Times Tab allows you to set the times during which a User can access the Enactor system.

User Access Times Tab

The Access Times Tab restricts the hours during which a user can sign on. Configure allowed time slots per day - leave all slots open to allow unrestricted access at any time.

Associated Locations Tab

The Associated Locations Tab allows you to specify additional locations that a User is to be given access to.

User Associated Locations Tab

The Associated Locations Tab grants access to additional locations beyond the user's primary site. Add each location required - useful for roving staff or administrators covering multiple sites.

Biometrics Tab

The Biometrics Tab allows fingerprint scanning to be enabled for the User. This configuration is not covered in this guide.

User Biometrics Tab

The Biometrics Tab enables fingerprint scanning for this user. Biometric configuration requires additional hardware setup and is not covered in this guide.
tip

The Roles and Security configurations for Users are described in the User Template Configuration section of this guide. These settings are inherited from the User Template when one is selected.

After configuring all eight tabs, click Save to complete creating the new User.

This completes the User configuration.

User Group Configuration

The User Group type is a hierarchical structure that can be defined with up to 10 levels. It is used to group Users for group selection, for example in task allocation.

User Group

To create a new User Group, navigate to Groups Maintenance using the Search or the path: Main Menu > Configuration > Organisation > Groups

Navigation path showing Main Menu, Configuration, Organisation, Groups

On the Groups Maintenance page, filter Group Type as User Group from the drop-down, then select Create New User Group Hierarchy.

Group Hierarchy Maintenance

The Group Hierarchy Maintenance page lists all User Group hierarchies. Filter Group Type to User Group, then select Create New User Group Hierarchy to begin a new structure.

Enter a unique Hierarchy ID and select the Region from the Region drop-down.

Create User Group Hierarchy dialog

Enter a unique Hierarchy ID and select the applicable Region. Click Create to proceed to the hierarchy editor where group nodes can be added and arranged.

Once the Group Hierarchy has been created, the User Group Hierarchy Edit page is available to add, edit or remove Group nodes in the hierarchy.

User Group Hierarchy Edit

The User Group Hierarchy Edit page shows the group tree structure. Use the add, edit, and remove controls to build the hierarchy. Groups configured here can be assigned to users and user templates.

After configuring the hierarchy, click Save. These User Groups can be assigned when creating a new User or User Template.

This completes the User Group configuration.

User Team Configuration

User Teams are created to give a team a name, associate it with a Location and Cost Centre, specify a Team Manager, identify the Users who belong to the team, and the Customers that the team supports. A User Team may also be created with just a required identifier and no further input.

User Team

To create a new User Team, navigate to Team Maintenance using the Search or the path: Main Menu > Configuration > HR > Teams

Navigation path showing Main Menu, Configuration, HR, Teams

On the Team Maintenance page, select Create a New Team.

Team Maintenance list

The Team Maintenance list shows all configured user teams. Select Create a New Team to begin, or use the action icons to edit an existing team.

Enter a unique Team ID. The ID can be alphanumeric and contain a maximum of 20 characters. Use of a systematic and business-specific naming convention is recommended.

Create Team dialog

Enter a unique Team ID - up to 20 alphanumeric characters. Use a name that identifies the team's location or purpose. Click Create to proceed.

The Team Maintenance page for the newly created User Team is presented with three key tabs: General, Team Customers and Team Users.

General Tab

The General Tab captures the basic information of the new User Team.

User Team General Tab

The General Tab defines the team's key associations. Enter a Name, then select the associated Location, Manager, and Cost Centre from their respective drop-down lists.
FieldDescription
NameEnter a user-friendly, meaningful name for the Team by which Users may recognise and select it in other UIs. Alphanumeric; maximum 40 characters.
LocationSelect from a drop-list of all configured Locations.
ManagerSelect from a drop-list of all configured Users.
Cost CentreSelect from a drop-list of all configured Cost Centres.

Team Customers Tab

The Team Customers Tab contains a list of Customers affiliated with this Team. The list is built by selecting the Add option. Customers appear in the list with a Delete icon which can be used to remove a Customer from the list.

User Team Team Customers Tab

The Team Customers Tab lists customers affiliated with this team. Select Add to link a customer, or use the Delete icon to remove one from the list.

Team Users Tab

The Team Users Tab contains a list of Users belonging to the Team. The list is built by selecting the Add option. Users appear in the list with a Delete icon which can be used to remove a User from the list.

User Team Team Users Tab

The Team Users Tab defines the team's members. Select Add to assign a user, then enter a Relationship Name and Relationship ID to describe their role within the team.
FieldDescription
UserThe User belonging to the Team.
Relationship NameThe relationship of the User to the Team. Enter a user-defined, meaningful name for the Team-User relationship. Alphanumeric; maximum 40 characters.
Relationship IDUniquely identifies the relationship of the User to the Team. Enter a user-defined, unique ID for this relationship. Alphanumeric; maximum 20 characters.

After configuring all tabs, click Save. These User Teams can be assigned when creating a new User or User Template.

This completes the User Team configuration.

Functional Authorisation Codes

Functional Authorisation Codes can be created in the Role Maintenance page of Web Maintenance while editing any Role. Once created they are available for association with any other Role. Various Web Maintenance configurations provide for qualifying access to an option based on a Functional Authorisation Code.

The main uses of Functional Authorisation Codes are to set Tender debit limits and to limit specific Reason codes to certain users.

Setting Functional Codes in User Roles

In User Role Maintenance, edit a Role and go to the Special Functions Tab. To create a new Function Code, enter a Function Code and Description and click Add Function. To activate the special function for the Role, ensure the checkbox is selected and click Save.

Special Functions Tab showing function code entry

Enter a Function Code and Description, then click Add Function to create a new Functional Authorisation Code. Tick the checkbox beside each code to activate it for this role, then click Save.
FieldDescription
Function CodeMaximum 20 alphanumeric characters. Enter a user-defined, unique value.
DescriptionMaximum 30 alphanumeric characters. Enter a user-friendly, meaningful value by which Users will identify and select the Function Code in other UIs.

Configuring Tender Limits Using Functional Codes

Tender limits can be set on each Tender for a Functional Code. A sales assistant may be able to tender up to a different amount than a manager. Configuring a tender limit using a Functional Code will limit the User if they try to tender over this limit and request authorisation from a manager.

To configure a tender limit:

  1. Sign on to Estate Manager.
  2. Navigate to Configuration > Financial > Tender.
  3. Edit the Tender and go to the User Limits Tab.
  4. Add the Authorisation Code and set the user limit.

Tender Maintenance User Limits Tab

The User Limits Tab sets tender limits per Functional Authorisation Code. Add the Authorisation Code and enter the maximum tender value - users without the code who exceed this limit will be prompted to obtain manager authorisation.
info

For changes to take effect, the Tender entity must be broadcast to the POS.

Configuring Reasons for Specific Functional Codes

It is possible to limit the use of specific Reason codes to Users who have the correct Functional Code. For example, a transaction discount reason may be restricted so that when a User tries to use it, they are required to get authorisation from a User who has the correct Functional Code.

To configure a Reason with a Functional Authorisation Code:

  1. Sign on to Estate Manager.
  2. Navigate to Configuration > Organisation > Reasons.
  3. Edit the Reason and set the Functional Authorisation Code.

Reason Maintenance with Functional Authorisation Code

Set the Functional Authorisation Code field to restrict use of this reason to authorised users. At the POS, users without the matching code will be prompted to obtain manager authorisation before the reason can be applied.
info

For changes to take effect, the Reasons entity must be broadcast to the POS.

Broadcasting

To deliver all configuration changes to the POS, broadcast the following entities:

  • Role
  • User
  • User Template
  • Group
  • Team
  • Tender
  • Reasons

POS Functionality

The following screens demonstrate sign-on and the key configured functions in action at the POS.

Sign-on using the STORE_MANAGER_UK user:

POS sign-on screen

The POS sign-on screen. The STORE_MANAGER_UK user has the Manager - Returns role assigned, demonstrating the effect of the User Role and User configuration completed in this guide.

Item Return using the Manager - Returns Role privileges:

POS Item Return step 1

With the ReturnItemAllowed privilege active, the user can initiate an Item Return at the POS. The transaction is started and the item to be returned is selected.

POS Item Return step 2

The Item Return completes successfully, confirming the AuthorisesReturnItem privilege is active. Both the Allowed and Authorised privileges must be enabled on the role for the full transaction to complete.

Manager Transaction Discount with Functional Authorisation Code:

The following screens show a Sales Assistant User attempting to apply a Manager Transaction Discount for which a Functional Authorisation Code has been configured against the reason. When the reason is selected, the POS prompts for a Manager to authorise. The STORE_MANAGER_UK user authorises the reason, allowing the Sales Assistant to successfully add the discount.

Sales Assistant selecting Manager Transaction Discount

A Sales Assistant selects the Manager Transaction Discount reason. Because a Functional Authorisation Code is configured against this reason, the POS requires manager approval before the discount can be applied.

Functional Authorisation Code prompt

The POS displays an authorisation prompt. A user whose role includes the required Functional Authorisation Code must sign in to approve the action before the Sales Assistant can proceed.

Manager authorisation in progress

The STORE_MANAGER_UK user enters their credentials to authorise the discount. Their role includes the required Functional Authorisation Code, granting them authority to approve the transaction.

Transaction Discount successfully authorised

The Manager Transaction Discount is successfully authorised and applied to the transaction. The Sales Assistant can now complete the sale with the discount active.