ACUMATICA

Acumatica User Security Roles: Complete Guide

February 1, 2024 12 min read

Introduction

Acumatica's robust security framework allows organizations to implement granular access controls through user roles and permissions. Understanding how to properly configure user security roles is essential for maintaining data integrity and ensuring users have appropriate access to perform their job functions.

This comprehensive guide covers everything from basic role configuration to advanced row-level security implementations in Acumatica ERP.

Understanding Roles

Acumatica roles define what actions users can perform and what data they can access. Each role consists of:

  • Module Permissions - Access to specific functional areas
  • Screen Permissions - Ability to view, edit, or delete records
  • Field-Level Security - Control over specific fields
  • Row-Level Security - Data visibility based on conditions

Acumatica includes predefined roles such as Administrator, Accountant, and Customer Service Representative that can be used as templates for custom roles.

Creating Custom Roles

To create a custom role in Acumatica:

// Navigate to: System → User Management → Roles
// Click "Add Row" to create a new role

Role ID: SALESMGR
Role Name: Sales Manager
Description: Manages sales team and customer data

After creating the role, you need to assign permissions to define what the role can access.

Managing Permissions

Permissions can be assigned at three levels in Acumatica:

Screen-Level Permissions

// Permission Types:
- Access: Allow/deny access to screens
- Update: Allow editing records
- Insert: Allow creating new records  
- Delete: Allow removing records
- Execute: Allow running actions

Field-Level Security

// Configure field visibility and editability
// Navigate to: Role → Details → Field Security

Screen: AR303000 (Customers)
Field: CreditLimit
- Visible: Checked
- Editable: Only for Finance Manager role

Row-Level Security

Row-level security in Acumatica allows you to restrict data visibility based on specific criteria. This is particularly useful for multi-company setups or regional data separation.

// Row-Level Security Configuration
// Navigate to: Role → Row-Level Security

// Example: Restrict access to only assigned branch
Condition: BranchID = @CurrentBranchID

// Example: Restrict to own records only
Condition: CreatedByID = @CurrentUserID

Row-level security can be configured using the Acumatica Screen Builder or through code using PXRowExtension.

Best Practices

  • Principle of Least Privilege - Grant only the minimum permissions needed
  • Use Role Templates - Start with predefined roles and customize as needed
  • Document Changes - Keep records of role modifications
  • Regular Audits - Review user role assignments periodically
  • Test Thoroughly - Verify access controls in a test environment
  • Use Row-Level Security - Implement for multi-company and branch-specific data

Summary

Proper user security role configuration is critical for protecting your Acumatica data. By understanding roles, permissions, and row-level security, you can implement a robust security framework that balances usability with data protection.

For more Acumatica tutorials, check out our guides on System Maintenance and REST API Integration.