| Subject: | Add security to control which users can create purchase orders for MISC items. [Created from case 8067] |
| Summary: | Hi Sanjay, There is a need for control on which users can create purchase orders for MISC items. XXXXX do not purchase MISC items. Currently, there is no control on the user in adding a MISC item to the purchase order. Refer to scenario below: - A user makes a purchase order and accidentally enters the incorrect product code for Sugar.
- The system will add this as a MISC item.
- While on the receiving screen, although the system will receive this item, the product master screen for sugar would not update, allowing the user to take the product home.
This is a lack of security control in the system, allowing any user to purchase MISC items. This was highlighted in the case header. Solution - Introduce a control on role level to allow users to create purchase orders with MISC parts. Test Plan | Test Number | Description | Results | | 1 | The new control should in be the system under menu 221-4 | | | 2 | User should be able to enable "Read", "Write" and "All" access | | | 3 | Users with access should be able to create and receive PO for misc items | | | 4 | Users with no access should not be able to create and receive PO for misc items | | | 5 | Users who do not have access should not be able to "File Copy" record misc items | | | 6 | All misc item products should be posted in JIWA with the default posting account on 237 | |
|
| Audit Notes: | |
| 06 Apr 2017 | 12:45PM Comment 1 by Aarti Pooja Gayaneshwar (Link Business Solutions) Created from case 8067 |
| 11 Apr 2017 | 10:46AM Comment 2 by Alvis (Link Technologies) Case 8456 added to project 8.12 |
| 11 Apr 2017 | 10:47AM Comment 3 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 11-04-2017 10:47 AM |
| Development meeting Sanjay/Alvis/Vineet/Rashna/Sanjeet Agreed to added a security option to control entering of misc items. |
|
| 24 Apr 2017 | 01:55PM Comment 4 by Alvis (Link Technologies) Case 8456 removed from project 8.12 |
| 24 Apr 2017 | 01:55PM Comment 5 by Alvis (Link Technologies) Case 8456 added to project 8.13 |
| 20 Jun 2017 | 02:09PM Comment 6 by Alvis (Link Technologies) Case 8456 removed from project 8.13 |
| 20 Jun 2017 | 02:25PM Comment 7 by Alvis (Link Technologies) Case 8456 added to project 9.00 |
| 11 Aug 2017 | 10:22AM Comment 8 by Alvis (Link Technologies) Case 8456 removed from project 999 |
| 11 Aug 2017 | 10:22AM Comment 9 by Alvis (Link Technologies) Case 8456 added to project 8.17 |
| 18 Aug 2017 | 03:52PM Comment 10 by Alvis (Link Technologies) Case 8456 removed from project 8.17 |
| 18 Aug 2017 | 03:52PM Comment 11 by Alvis (Link Technologies) Case 8456 added to project 8.18 |
| 05 Sep 2017 | 12:03PM Comment 12 by Alvis (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 05-09-2017 12:03 PM Time Taken: 4.00 |
| Development work for this case has been completed. The change will be available in version: 8.18 Documentation update required(Yes/No. Add change details below): Yes QA required(Yes/No.Include areas that require testing): Yes
1. The following changes were made(Include Database object names, Program classes and any other relevant information):| - Created a new security menu "573-1 - Can create purchase order with MISC Item"
- Added validation on Purchase order entry to validate MISC item for security created above.
- Added validation in Purchase order copy function to validate security created above.
|
|
| 21 Sep 2017 | 02:15PM Comment 13 by Vineet (Link Business Solutions) Assigned To: Alvis (Link Technologies) Followup Date: 21-09-2017 12:00 AM Time Taken: 1.50 |
| Hi Alvis Find below test areas and results | Test Number | Description | Results | | 1 | The new control should in be the system under menu 221-4 | Pass | | 2 | User should be able to enable "Read", "Write" and "All" access | Pass | | 3 | Users with access should be able to create and receive PO for misc items | Pass | | 4 | Users with no access should not be able to create and receive PO for misc items | Pass | | 5 | Users who do not have access should not be able to "File Copy" record misc items | Fail | | 6 | All misc item products should be posted in JIWA with the default posting account on 237 | Pass |
For the failed item, user who does not have access to role 573-1 when loads a Purchase Order with misc item and select file copy record option, user is not prompted with You do not have access to create purchase order with MISC item message. But rather it takes user to the very last LPO created in the system.
Resolution
We can improve this by prompting user with the access denied message and staying on the loaded LPO instead of refreshing to the last created one for further action from this user Regards
Vineet Ram
|
|
| 21 Sep 2017 | 03:25PM Comment 14 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 21-09-2017 03:25 PM Time Taken: 1.00 |
| Changed back office code to display the error message when the user does not have access to create MISC item purchase orders. |
|
| 29 Sep 2017 | 07:10AM Comment 15 by Rashna (Edge Business Solutions) Assigned To: Rashna (Edge Business Solutions) Followup Date: 29-09-2017 07:10 AM Time Taken: 1.00 |
| QA for product and Patch Releases Step 1 - Developer to system test changes until not issues are found - Alvis and Sanjay to sign off on System Test Step 2 - Product expert allocated by Consulting Manager for Product QA. Consulting Manager to allocate resource Consulting Manager to sign off on UAT and Generic Test
STEP 1 - DETAILS OF QA can be entered in case comments. Summary to be maintained in the table below. Tested case in 818 Beta 2 Table 1 - Summarised list of issues | No | Issue Description | Resolved? | | 1 | The new control should in be the system under menu 221-4 | Pass | | 2 | User should be able to enable "Read", "Write" and "All" access | Pass | | 3 | Users with access should be able to create and receive PO for misc items | Pass | | 4 | Users with no access should not be able to create and receive PO for misc items | Pass | | 5 | Users who do not have access should not be able to "File Copy" record misc items | Pass | | 6 | All misc item products should be posted in JIWA with the default posting account on 237 | Pass |
WORKFLOW: - Original case assigned to Development
- When the product is ready for release, System test details are entered into comments and the CASE HEADER Table updated.
- If system test passes, assign case to Consulting Manager for UAT
- If UAT Passes, Assign case for Documentation or close case
|
|
| 02 Oct 2017 | 03:40PM Comment 16 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 02-10-2017 03:40 PM Time Taken: 1.00 |
| Documentation Completed Documentation updated under Backoffice -- Purchasing -- Technical Reference -- Purchasing Menu Access |
|
| 09 Oct 2019 | 08:14AM Comment 17 by Sanjay (Link Technologies) Quality control status: Pass. QC Not required - This case was created before quality check was implemented in version 11 on 30/06/2019 |