david.ruprecht
Member
My questions are itemized at the end of this post if background is not desired.
Background: I have read the documentation on User Roles and Profiles as well as many documents on security timeouts and cache purging but I cannot seem to find the explanation of what I am experiencing.
Motivation: I am researching security and security timeouts to give my users a better feel for the behavior they should experience after a security change is made.
Questions: After reading security documentation I seem to be experiencing different results from what is expected.
1) When I make a role change using the P95921 to a user and have them log out and log in to the system the change does not seem to instantly take affect. The permissions seem to have a slight lag between when they log on and when they take the new role security. Should the new role security be obtained upon log on?
2) Also when I assign a user two roles using the P95921, the user is given the ability to run all the applications within the union of those roles but the user only sees the menus allowed to the lower security role. Even when the user changes his/her role under the roles tab on the menu bar the user is only able to see the menu items allowed to the lower security role. Is there a timeout the user is waiting for?
3) The disconnect I am experiencing between the application security and the menu filtering makes me think they are used and resolved in different ways. Is this the case?
Note: My "Security Cache Purge Timeout" is set to "600000" in the Server Manager. What parts of "security" does this timeout influence? Is this a per-user instance timeout or does this start when services are started?
Thank you to anyone who can offer some explanation on this topic.
Background: I have read the documentation on User Roles and Profiles as well as many documents on security timeouts and cache purging but I cannot seem to find the explanation of what I am experiencing.
Motivation: I am researching security and security timeouts to give my users a better feel for the behavior they should experience after a security change is made.
Questions: After reading security documentation I seem to be experiencing different results from what is expected.
1) When I make a role change using the P95921 to a user and have them log out and log in to the system the change does not seem to instantly take affect. The permissions seem to have a slight lag between when they log on and when they take the new role security. Should the new role security be obtained upon log on?
2) Also when I assign a user two roles using the P95921, the user is given the ability to run all the applications within the union of those roles but the user only sees the menus allowed to the lower security role. Even when the user changes his/her role under the roles tab on the menu bar the user is only able to see the menu items allowed to the lower security role. Is there a timeout the user is waiting for?
3) The disconnect I am experiencing between the application security and the menu filtering makes me think they are used and resolved in different ways. Is this the case?
Note: My "Security Cache Purge Timeout" is set to "600000" in the Server Manager. What parts of "security" does this timeout influence? Is this a per-user instance timeout or does this start when services are started?
Thank you to anyone who can offer some explanation on this topic.