Roles, Tasks and Views! Oh My!

We have upgraded from XE to 8.12/8.97.1.1 and have been using menus for our users through fast path. This is not how we should be doing this and now I have the task to setup Roles and Tasks for all users.

I don't even know where to start. I have a set of guides from a consultant friend as well as the Solutions Explorer guide but I can't figure out how you filter out all the other "stuff" and only display the tasks for each role.

I have created tasks and assigned to a role but it still shows everything when the user logs in.

Menu's are definitely not the right approach to security especially with Filtering multi-roles... If you have to deal with a SOX Audit eventually they will catch you on hidden programs in that model.

You will most likely have to do a re-definition if you have moved from XE (*GROUP) to Roles with *ALL functionality in 8.12. The filtering naturally fits after this task. The first step is to analyze current state and see what you can re-use as filtered roles. The second step is to restructure (All Doors Closed Model Highly Advised) into roles with Sequencing.

I can direct you to a Team that has done many successful projects like this and can help you. Project plans, Estimates, Best Practice, etc…

The way I like to think is: security first. Using the recommended model of removing all applications, and granting back only what the role needs will satisfy most auditors, whether you need to be SOx-compliant or not. The added benefit is that it takes care of a lot of your menu filtering, since the user can't see what they can't run.

As for creating the menu, I like to create a custom Task View, and build into it all the applications that will be needed by all the users in the organization, and then filter it by role. I also like to secure every other Task View so that they aren't inundated by the number of menus available at the top level.

You may still need to do some menu filtering, but by starting with security, most of your job is done.

As for what your current problem may be with menu filtering, did you "View by Role" before you starting cutting stuff out of the view? Don't forget to Save it afterwards. Even then, you will likely have to clear cache for the HTML client (or at least have them sign out and back in) before the changes take effect.

Finally, don't forget to apply Solution Explorer Security (type A in Security Workbench). Most users should be set at Preset 1.

Thank you for the excellant advice.

Can you point me to a document that addresses the steps needed to setup this kind of tasks? I'm new to the whole security setup and this is a little overwhelming. I just can't seem to wrap my brain around the whole task view thing. I can create tasks and assign them to roles but all menus still show up for the users.

I guess my question is how do I secure out the task views that I don't want the user to see? I created my own task view for all users to use.

Cody,

Solution Exploder is a very different critter than the OW menus. For one thing, as originally designed, there is one menu, the end user task view, for all users. Then you use "fine cut" to filter out the items on the menu that is not relevant to role. This makes life a challenge if you have a lot of roles to define menus for. That is the reason why we started down the solution exploder road for XE, and then reversed course and stayed with Menus. We are still trying to hash out our strategy for 8.12. I'll send you off line a white paper I wrote on the topic for XE. it might give you some ideas for 8.12.

Gregg

Cody,
You should secure all vanilla task views (Including OneWorld Menus) then add one custom tree like Klw defined. To do this you have to create a custom 55 task view and leave it unsecured. Secure all the others, by default they are unsecured. This is done in the task view definition, just a checkbox. You will also need SE security setup at each profile or role, Do not do at *PUBLIC.

I would strongly advise capitalizing the opportunity with multi roles and filtering. Architect for the end user and keep it simple.

How can I delete Task Views?

P9000. They are TMTASKTYPE = 00 in F9000 while F9001 holds the corresponding relationships with tasks.

Thanks John!
I figured it out.

P9000 > (Form exit) Task Views

Cody,
I suggest you do not delete the EnterpriseOne vanilla task view; it may be VERY useful for your customization (try and keep the Daily, Periodic, ... tasks).
You may hide the view - there's no need to delete it.

Thanks for the advice Adrian!
I can use all I can get for this task.

I only want to "delete" the task views I created before I knew what I was doing. I'm only working in the 8.97 Standalone. I'm going to do my learning here before I move to our DV812 environment.

Adrien,
How do I hide a task view?
I can't get it to NOT show up for all users.

Cody,

Have a look at Disable multiple menus - Thread 116222.