If you have configured Groups, it is strongly recommended that you control user permissions with the Groups you created or use a combination of group and user controls rather than manually setting permissions for individual users.

A combination of group and user controls means that you select a User in the Users tab. The group(s) to which the employee belongs sets permissions for the individual based on the Group configuration. Use user level controls to override Group settings for new and existing users. For example, in the Groups tab you can add a user to the All Labor Reports group. However, you don't want them to have access to some of the Forecasting Reports, so go into the Actions tab and select the Deny check box beside the specific Forecasting Reports for which you want to deny access.

The configuration process for adding users consists of entering information for the following tabs:

General
Properties
Groups
Actions
Data
Labor Structure
Budget Lines
EXECUScope
Authorization Levels

Controls on the Users screen

Control	Description
Search field	Search for a specific user.
Save	Save changes to users.
New	Click ( ) to add a new user.
Copy	Copies settings for the selected user to a new user record. Copying a user creates a new record with the same settings. This function is helpful if you have several users who have similar restrictions and permissions. Note: You can only copy users who have equal or lesser permissions than you have. This button is not available for selection if you are trying to copy a user who has a higher permission level than you have.
Delete	Deletes the selected user.
Edit Users	Select to work with users.
Edit Groups	Select to work with groups.
Client	Select the client to work with. For example, if your company owns Brand A and Brand B, you have the possibility of having three clients: Brand A only, Brand B only, Brands A & B combined. This field allows you to filter the user list by Client. Generally, you will only see or have access to one client. Usually it is the name of your company.
Status	Filter the user list by: All—Both active and inactive employees. Active—Active users only. Inactive—Inactive users only.

General tab

With the General tab, you can enter some general information about the user.

Fields on the General tab

Field	Description	Notes
Login Id	User name that the user logs in with.	Required.
E-Mail	Email address for the user.	Required.
Password	Login password for the user.	Required.
Confirm Password	Reenter the login password for the user.	Required.
Type	Select a user type. These types have default restrictions. Database Admin—Allows the user to have access to User Administration. The Database Admin is the highest level of administrator and can add and manage all users associated with a Client. In general, there is one Database Admin per client. Property Admin—Allows the user to have access to User Administration. The Property Admin manages all users for the properties to which the Property Admin has been given access by the Database Admin. In general, there is one Property Admin per property in the database. If there is only one property in the database, there is no need for a Property Admin. Normal User—Allows the user to have varying levels of access, but does not have access to User Administration. Generally, most users will be Normal Users. For more information see Security administrator types and permissions.	Required.
Locale	Select the location and language of the user. This selection determines what language the software runs in.	Required.
Client	Associates the user with a specific client.	Required.
Active	Indicates whether the user's record is active of not.	Required.

Properties tab

The Properties tab is used to determine the properties for which a user has access. Until you have given the user access to at least one property, none of the other tabs are visible.

Fields on the Properties tab

Field	Description
Add Database	Add a new database.
Delete Database	Delete a database.
Property	Displays a list of the properties that are associated with the database(s) you selected. You can control access to specific properties, as well as designate the user as an Admin for specific properties.
Can Access	Control access to specific properties for this user.
RMS Admin	Denotes that the user is a RMS Admin. If selected at the topmost level, the user has access to all areas of the program for that property. You can also expand a Property level and select specific properties. If not selected, the user only has access to the areas of the program that you define in the other tabs (Actions, Labor Structure, Data Access, Reports) or in a Group(s).

Groups tab

The Groups tab lists all available groups, that you created, to which a user can be assigned. You can restrict a user's access to LMS by using top-level Groups.

Fields on the Groups tab

Field	Description
Database	Represents the databases to which you have access. You can associate users with a specific database(s).
Groups	Provides a list of all configured Groups, and you can control access to specific modules and sections of modules by using the settings of a Group(s). Groups are configured when in Group mode. By default, a user can be assigned to multiple groups, however if requested, Support can turn on the single group feature. With this feature, you can assign a user to one Group at a time.

Actions tab

The Actions tab lists all available functions in all the

RMS

products you own. You can restrict a user's access to certain parts of each item.

Fields on the Actions tab

Field	Description	Notes
Property	Displays the list of properties in the selected database.
Item	Displays a list of the actions available for this user to access.
Allow	Give access to specific items and sections of items for this group. You are not required to make a selection for each item.	If you neither Allow or Deny a group to access an item, by default, the group will not have access to that item.
Deny	Deny access to specific items and sections of items for this group. You are not required to make a selection for each item.	If you neither Allow or Deny a group to access an item, by default, the group will not have access to that item.
Summary	See at a glance if a user has access to an Action at either the user or group level. If there is not a check mark in the Allow column, but there is a check mark in the Summary column, it means that the user was granted permissions through the Groups tab. All parent lines above the selected item will be checked to indicate that something below that parent is selected. The Summary column is read-only. Figure 1-20 shows that the user has been given access to some or all of the Global and Configuration screens at the Group level. You know that because a check mark appears in the Summary column but nothing is selected in the Allow column. However, the user has been denied access to all Forecasting and some Labor Reports. You know that the user has access to at least one Labor Planning Report because there is a check in the Summary column, as well as a check in the Deny column. If a check appears in the Summary column it means that permissions have been set for at least one child. You must expand the tree to see exactly which reports the user is allowed to access.

Data tab

The Data tab lists all available securable data items, such as market groups, KBIs, etc. in all the products you own. You can control a user's access to certain parts of each data type.

Fields on the Data tab

Field	Description	Notes
Property	Displays the list of properties in the selected database.
Item	Displays a list of the data types that are available for this user to access.
Allow	Give access to specific items and sections of items for this group. You are not required to make a selection for each item.	If you neither Allow or Deny a group to access an item, by default, the group will not have access to that item.
Deny	Deny access to specific items and sections of items for this group. You are not required to make a selection for each item.	If you neither Allow or Deny a group to access an item, by default, the group will not have access to that item.
Summary	See at a glance if a user has access to a type of Data at either the user or group level. If there is not a check mark in the Allow column, but there is a check mark in the Summary column, it means that the user was granted permissions through the Groups tab. All parent lines above the selected item will be checked to indicate that something below that parent is selected. The Summary column is read-only. The example below shows that the user has been given access to some or all of the Market Groups and Revenue Centers screens at the Group level. You know that because a check mark appears in the Summary column but nothing is selected in the Allow column. However, the user has not been given access to any KBIs, Operating Codes, Schedules Groups, and Standard Sets data types. You know that the user has access to at least one Revenue Center because there is a check in the Summary column of the parent line. If a check appears in the Summary column it means that permissions have been set for at least one child. The tree is expanded, so you can see that the user is allowed to access Buffet data. None of the Group settings have been overridden in this example. Control has been set at the Group level. If the Group level settings are changed, the settings for this user will also be changed.

Labor Structure tab

The Labor Structure tab lists all available labor items for each of your properties. You can restrict a user's access to schedules, reports and/or configuration of specific labor items.

There are two Items that warrant a special note. If you Deny a user access to Labor Structure, but Allow them to access View Labor Structure, the user will not have any editing privileges. They will only be able to view. If you Allow a user to access Labor Structure, they will be able to edit all fields.

Fields on the Labor Structure tab

Field	Description	Notes
Property	Displays the list of properties in the selected database.
Add Labor Item	Control access to items in the labor structure.
Delete Labor Item	Delete a labor item.
Division	Displays all configured divisions.
Department	Displays all configured departments.
Job Class	Displays all configured jobs.
Schedules	Determines the available options in the Division/Department/Job selectors throughout Labor and Time & Attendance. If the check box is selected, the user can select divisions, departments, or jobs for those items.
Notifications	Notify the employee's manager with employee alerts (for example, Late Employees, In But Not Scheduled, and Late to Clock Out). If the check box is cleared, the manager does not receive alerts.
Reports	Determines the user's ability to run reports for the labor items that you specify.
Configuration	Determines the user's ability to modify the configuration of the labor items that you specify.
Approval	Determines the user's ability to approve schedules in the Schedule Approvals screens. For more information, see Schedule Approvals.	When setting up new users, the Approval check box is the only check box that is not selected by default.
Summary	See, at a glance, which divisions/departments/job classes a user has access to, at either the user or group level.	Read-only.

Budget Lines tab

The Budget Lines tab lists all configured Budget Lines. You can restrict a user's access to specific budget lines.

Fields on the Budget Lines tab

Field	Description
Property	Displays the list of properties in the selected database.
Override Groups	Select the check box to override the group-level authorization value.
Budget Lines	Displays a list of the configured Budget Lines available for this user to access.
Access Level	Control access to specific Budget Lines for this user. Available access levels are: Hide—Users will not have access to that budget line. Show Line Only—Users will be able to view, but not edit, the budget line. Show Line and Values—Users will be able to view and edit the budget line.

EXECUScope tab

The EXECUScope tab lists all customized items and reports for the

RMS

products you own. You can control a user's access to those specific items/reports.

Fields on the EXECUScope tab

Field	Description	Notes
Database	Represents the databases to which you have access. You can associate users with a specific database(s).
Item	Displays a list of the data types that are available for this user to access.
Allow	Give access to specific items and sections of items for this group. You are not required to make a selection for each item.	If you neither Allow or Deny a group to access an item, by default, the group will not have access to that item.
Deny	Deny access to specific items and sections of items for this group. You are not required to make a selection for each item.	If you neither Allow or Deny a group to access an item, by default, the group will not have access to that item.
Summary	See, at a glance, if a user has access to any of the customized EXECUScope items at either the user or group level. If there is not a check mark in the Allow column, but there is a check mark in the Summary column, it means that the user was granted permissions through the Groups tab. All parent lines above the selected item will be checked to indicate that something below that parent is selected.	Read-only.