Accounting info. Accounting info 1s 8.3 user settings are not used where

In this article I will look at how to work with users in:

• create a new user;
• configure rights - profiles, roles and access groups;
• how to configure rights restrictions at the record level () in 1C 8.3 - for example, by organization.

The instructions are suitable not only for the accounting program, but also for many others built on the basis of BSP 2.x: 1C Trade Management 11, Salary and Personnel Management 3.0, Small Firm Management and others.

If you are interested in setting up rights from a programmer's point of view, read.

In the 1C program interface, user management is carried out in the “Administration” section, in the “Setting up users and rights” item:

To create a new user in 1C Accounting 3.0 and assign him certain access rights, there is a “User and Rights Settings” item in the “Administration” menu. Let's go there:

The list of users is managed in the “Users” section. Here you can create a new user (or group of users) or edit an existing one. Only a user with administrative rights can manage the list of users.

Let’s create a user group called “Accounting”, and there will be two users in it: “Accountant 1” and “Accountant 2”.

To create a group, click the button highlighted in the figure above and enter a name. If there are other users in the information base who are suitable for the role of accountant, you can immediately add them to the group. In our example there are none, so we click “Record and close”.

Now let's create users. Place the cursor on our group and click the “Create” button:

In the full name we will enter “Accountant 1”, and the login name will be set to “Accountant1” (this is what will be displayed when entering the program). The password will be “1”.

Be sure to make sure that the “Login to the program is allowed” and “Show in the selection list” checkboxes are checked, otherwise the user will not see himself during authorization.

Get 267 video lessons on 1C for free:

Leave “Startup mode” as “Auto”.

Setting up access rights - roles, profiles

Now you need to specify “Access Rights” for this user. But you need to write it down first, otherwise a warning window will appear as shown in the picture above. Click “Record”, then “Access Rights”:

Select the Accountant profile. This profile is standard and configured with the basic rights required by an accountant. Click “Record” and close the window.

In the “User (creation)” window, click “Save and close”. We are also creating a second accountant. We make sure that users are enabled and can work:

It should be noted that the same user can belong to several groups.

We chose access rights for accountants from those that were included in the program by default. But there are situations when it is necessary to add or remove some right. To do this, it is possible to create your own profile with a set of necessary access rights.

Let's go to the "Access Group Profiles" section.

Let's say we need to allow our accountants to view the journal entry.

Creating a profile from scratch is quite labor-intensive, so let’s copy the “Accountant” profile:

And let's make the necessary changes to it - add the role " ":

Let's give the new profile a different name. For example, “Accountant with additions.” And check the “View registration log” checkbox.

Now we need to change the profile of the users we created earlier.

Restricting rights at the recording level in 1C 8.3 (RLS)

Let's figure out what it means to restrict rights at the record level, or, as they call it in 1C, RLS (Record Level Security). To get this opportunity, you need to check the appropriate box:

The program will require confirmation of the action and will inform you that such settings can greatly slow down the system. It is often necessary to prevent some users from seeing documents from certain organizations. It is precisely for such cases that there is an access setting at the record level.

We go again to the profile management section, double-click on the “Accountant with Additions” profile and go to the “Access Restrictions” tab:

“Access type” select “Organizations”, “Access values” select “All allowed, exceptions are assigned in access groups”. Click “Save and close”.

Now we return to the “Users” section and select, for example, the user “Accountant 1”. Click the “Access Rights” button:

Using the “Add” button, select the organization whose data will be seen by “Accountant 1”.

Note! Using a mechanism for separating rights at the record level can affect the performance of the program as a whole. Note for the programmer: the essence of RLS is that the 1C system adds an additional condition to each request, requesting information about whether the user is allowed to read this information.

Other settings

The sections “Copying settings” and “Clearing settings” do not raise any questions; their names speak for themselves. These are settings for the appearance of the program and reports. For example, if you have set up a beautiful appearance for the “Nomenclature” directory, it can be replicated to other users.

Every 1C:Enterprise administrator knows that the task of separating user rights and correspondingly changing the working interface is one of the main ones when implementing an accounting system or adding new users to it. The efficiency of work and data security depend on how well this task is completed. Therefore, today we will talk about the features of setting up user rights and interface in a managed application.

First of all, I would like to note the main aspects of this type of settings. Many approach this issue one-sidedly, considering them purely as a measure of protection against unauthorized access to data or unqualified modification. At the same time, they forget about the other side of the coin: creating a simple and convenient working environment for the user. In cases where the user's working interface is overloaded with unnecessary items, the meaning of which is not completely clear to him, a false impression arises about the excessive complexity of the program and there is a fear of making a mistake. It is clear that this does not contribute in any way to increasing employee productivity.

Ideally, each employee should see only those interface elements that he needs to perform his immediate duties. Then it will be easier to work, and there will be no temptation to climb where you shouldn’t. Moreover, it makes sense to perform such settings even when some subsystems are simply not used or restricting access to them is not required. This will make the interface simpler and more understandable, and, therefore, the user’s work will be easier and more comfortable.

If we go back a little, we can remember that in conventional configurations Roles And Interfaces were part of the configuration and to fine-tune them it was necessary to enable the ability to make changes, but in the basic versions it was impossible at all.

The disadvantages of this approach are obvious: this complicates the maintenance of information bases, and possible conflicts during subsequent updates, when changed configuration objects require changing access rights.

In the managed application, settings for rights and interfaces were finally moved to user mode and can be configured directly from the program interface. A user's rights are assigned based on their membership in access groups. Let's go to Administration - User and rights settings - Access groups - Access group profiles, where we will see pre-installed profiles for the main access groups.

A user can be a member of several access groups at once, in which case the resulting rights will be summed up. In general, everything is quite clear and familiar, except that the settings are now performed in user mode, and not in the configurator.

But if we try to find interface settings, we will fail. In a managed application, the workspace interface is generated automatically, based on access rights. For example, let’s compare the interfaces of the Administrator and Sales Manager section panels:

In general, the idea is sound, if there are access rights to the object, we show it in the interface, if not, we hide it. This is much better than messages popping up in a regular application about access violations when the latter do not comply with the designated interface. If you add rights to an access group or, conversely, remove them, the interface elements associated with them will appear or disappear on their own. Comfortable? Yes.

The user can also independently configure his workspace within the limits of his access rights. At first glance, everything looks good, but there was a fly in the ointment. There is no mechanism that allows you to centrally configure and assign a “default” interface to users in a managed application.

If we look at Administration - User and rights settings - Personal user settings - User settings, we will see there a list of all objects whose settings have been changed by the user, but we cannot change them in any way.

Those. we are asked to log in directly to the user and configure the working interface on his behalf. A controversial decision, especially if there are not two or three users. Fortunately, the developers have provided the ability to copy user settings, which allows us to customize the interface of one user the way we need to quickly apply the settings to everyone else.

In order not to be unfounded, let's look at a practical example. In preparation for the transition to online cash registers, it was decided to automate the cash registers of a small network of dental clinics. The basis for clinic automation was industry-specific software not based on 1C and not providing the ability to connect a fiscal registrar, so it was decided to use the Enterprise Accounting 3.0 configuration, which contains all the necessary functions, to automate cash registers.

Here we are faced with two difficulties, although if we look more closely, we will find that these are two sides of the same coin. In short: the personnel had never worked with 1C before and therefore it was necessary to create a working environment that was as easy to learn as possible, while protecting the information base from possible unqualified influence of personnel. A managed application allows you to quite simply combine business with pleasure, making it so as to limit the user, and at the same time allow him to work comfortably, without noticing the restrictions.

Let's begin. First of all, you need to create a user group profile. If we open the standard profiles, we will see that there is no option to change them. This, in our opinion, is correct; history knows a lot of examples when, in a fit of official zeal, standard rights were shoveled to such a state that they had to be restored from the standard configuration. This can also mislead other users or administrators of this database, who expect to see standard sets of rights under standard profiles.

Therefore, we will find the most suitable profile for our tasks, in our case it is Sales Manager, and make a copy of it, which we will give the name Cashier. Now we can configure the rights at our own discretion. However, the flat list offered by default is not entirely convenient to work with, unless you need to quickly find an option you already know; in most cases, it is much more convenient to work with the list by enabling grouping by subsystems.

We will not dwell on this issue, since the assignment of rights depends on the specific tasks facing the user; we can only advise exercise prudence and not go to extremes. Remember that your task is to create a comfortable and safe working environment, and not to completely prohibit everything possible.

Having created a profile, we assign an access group to the required users and launch the program under one of them. Depending on the assigned rights, you will see an automatically generated interface.

In principle, this is already quite good, but in our case everything is just beginning. To our surprise, many users and administrators still have no idea how to configure the “Taxi” interface and continue to complain about its “inconveniences.”

Let's go to Main menu - View, where we will see a number of settings regarding the interface.

Let's start with section panel settings, in our case, the range was limited to a short list of services, so the warehouse section turned out to be superfluous, in order not to complicate or burden the interface, we’ll just remove it.

Then, in each section, by clicking on the gear in the upper right corner, we will sequentially configure the navigation and actions. Here we will also remove everything that is not necessary in everyday work, and, on the contrary, we will bring to the fore what is necessary.

You can even compare how it was and how it became:

Finally, let’s configure the panels. Since we have few partitions, it makes sense to move the partition panel up and the open panel down, thereby expanding the workspace horizontally, which is important for monitors with a small diagonal or 4:3 format.

After completion, you should check all the settings again; it is best to do this by simulating the real actions of a cashier, which will immediately help you evaluate the ease of working with the interface. In our case, we got a simple and convenient cashier’s workplace; in any case, there were no problems with the staff’s mastery of it:

Now let’s log into the program again as an administrator and go to Administration - User and rights settings - Personal user settings - Copy settings. Our task is to distribute the changes we have made to the remaining users of the Cashiers group. The operation itself is quite simple: select the user whose settings we are copying, indicate to whom and select what exactly.

And finally, you can prevent the user from customizing the interface on their own; to do this, go back to the group profile and uncheck the action Saving user data.

As you can see, setting up the interface and user rights in a managed application is quite simple and, despite some shortcomings, provides administrators with much greater flexibility and convenience, allowing them to quickly create convenient and secure working environments.

• Tags:

Creating a new role for a user in the program "1C: Accounting 8" ed. 2.0

Preface.

This article is a logical continuation of the previous one articles and tells how to independently create and configure a new role for a user in the 1C: Accounting 8 program, ed. 2.0. This program contains a number of accounting reports, such as “Account balance sheet”, “Subconto analysis”, “Account analysis”, “Account turnover”, etc. The entire list can be viewed in the menu " Reports " , at the top of the menu (hereinafter in the text Standard reports). This group Standard reports Allows all users to view any account and access all information, including sensitive information (such as payroll information). A external report(discussed in the previous article) allows limit rights users and prohibit them access to unwanted information.

Referring to the previous article, we consider a specific task, as an example: we need to create a role for a user in which Standard reports would be unavailable. In that article we looked at an example where the username was . Let's call this new role for him Accountant Without Standard Reports, because The user and the role are different things for him; there is also a difference in their names.

Attention! Before making any changes, it is recommended to save a copy of your configuration. To do this, in the “Configuration” submenu you need to select “Save configuration to file”. It is recommended to save it in the same folder with the information base so that it is easy to find if necessary. Further, if something goes wrong, you will have the opportunity to return to the initial version.

Read about our update services

Opening the configuration for editing.

Launch the program "1C: Accounting 8" ed. 2.0 in the "Configurator" mode, using a user with "Full rights" (in the example, this is Administrator). In the menu, select the "Configuration" section and click on the "Open configuration" item ( see fig.1). A window appears on the left side of the screen with all configuration elements.

Fig.1. Opening the configuration.

Default typical program configuration "1C: Accounting 8" ed. 2.0 (like any other 1C program) is supplied without the ability to edit. Those. There is a certain set of configuration elements that the developers have determined to be sufficient for the program to operate. But, if a specific user wants to add new elements to the standard configuration, the ability to change the configuration, provided in advance, is enabled. In our case, the standard configuration is being supplemented with a new role with limited rights, and we need to enable this ability to change. To do this, open the “Configuration” section again, then “Support” and select the “Support Settings” item as shown in Fig.2.

Fig.2. Opening "Support Settings".

In the window that opens, we see the main characteristics of the program: the configuration is called Enterprise Accounting, the supplier is 1C Company and the program version (in the example 2.0.14.5). And at the top of the window, on the right, there is a button “Enable editing”. The important thing is that our program is supported. This means that the supplier (1C Company) provides us with the opportunity to update the program, and we, because We are supported, we are using this opportunity. Under no circumstances should a program be removed from support! But we don't need this. You just need to be careful not to accidentally disable the necessary settings.

The ability to receive support is available both without editing and with the ability to edit the configuration. Therefore, click the “Enable editing ability” button ( see fig.3).

Fig.3. Enable configuration changes(1).

Next, a warning appears that by enabling the ability to change the configuration, we will not be able to perform fully automatic updates. This means that the previously used update method will change. If earlier to update the program configuration "1C: Accounting 8" ed. 2.0 It was enough to indicate the directory where the data to be updated was located and the entire update took place automatically. Now, you will need to specify the directory with the data to be updated and, in a couple of additional steps, indicate what should be updated and what should be left unchanged. Nothing complicated, it just requires a little more human participation.

At the end of the article there is an example of how the configuration will be updated ( see fig.11).

So, we answer the question in the warning “Yes” ( see fig.4). After accepting the changes, our configuration will become available for editing.

Fig.4. Enabling the ability to change the configuration (2).

Creating a new role

There are two ways to create a new role. The first way is to create a role from scratch, i.e. just a new role in which there would be no settings. To do this, in the “Configuration” window, open the “General” list, find “Roles” there and right-click on this item. A window will appear in which there is an “Add” item. Such a role is created without many standard settings, the details of which do not need to be described in this article. If only because the second method suits us.

The second way is to create a new role based on an existing one. Because our goal is to create a role for an accountant who would not have Standard reports, you need to take the existing Accountant role for a new role and make some changes. To do this, simply copy the Accountant role as shown in Fig.5.

Fig.5. We copy the existing Accountant role.

It is named Accountant1 and remains highlighted in blue. The name doesn't matter now, so let's leave it as it is. Double-click on the new role and open a window for setting up its rights. Now we need to close the availability of all reports that we have classified as Standard reports. On Fig.6 An example of how this is done is shown (the “Use” and “View” checkboxes should be unchecked). And here is the complete list of reports that need to be closed in this way: Reverse Balance Sheet, Chess Sheet of Accounting, Reverse Balance Sheet of Account, Account Turnover, Account Analysis, Account Card, Analysis of Sub-Conto, Turnover Between Sub-Conto, Card Sub-Conto, Consolidated Postings, Report on Postings, Main Book, Cost of Accounting and Chart of Accounting even The entire group of these reports is present in the "Reports" expanded list.

Fig.6. Editing the rights of a new role.

Now that the basic settings for the new role have been completed, you need to change its simple name Accountant1 to Accountant Without Standard Reports. To do this, open the properties of the new role and edit the “Name” and “Synonym” fields ( see fig.7). It is recommended to change both of these fields and make them the same.

Fig.7. Change the name of the new role.

Updating the database configuration.

After the new role is created and edited, we need to save our configuration in its new form. To do this, press the corresponding button as shown in Fig.8 or key F7 on keyboard. The process of updating the database configuration can be quite long (depending on the performance of your computer). The long process is explained by the fact that this is the first update of the database configuration since it was opened for editing, and this introduces some specifics.

Fig.8. Updating the database configuration.

Assignment to user Accountant of the material table of the new role.

After waiting for the configuration update to complete, we will perform the final settings. To the user Accountant material desk need to assign the new role we just created. In a programme 1C: Accounting 8" rev. 2.0 (as in any other 1C program), the list of users is available in the "Administration" submenu, in the "Users" item ( see fig.9). Let's open this list.

Fig.9. Users.

A List of Users appears before our eyes, in my case there are only three. Double-click on the user we need, in the example this is Material Desk Accountant, then a window opens to edit it. Click on the “Other” tab and see here all the roles present in our configuration. We assign a new role to the user, in the example this is Accountant Without Standard Reports, and also assign a role Additional right to open external reports and processing and click "OK" ( see fig.10). By the way, the standard roles “Accountant” and “Full Rights” should be inactive for this user, and if they were previously used, they should now be removed.

Fig. 10. Assigning a new role.

Updating the configuration in a new way.

Read about our services for updating standard and non-standard 1C configurations.

For those who read the article in detail, one question remained open, namely: how to update the configuration, taking into account that it has become available for editing? As mentioned earlier, fully automatic updating has become impossible. As you understand, this section does not need to be completed immediately after adding a new role. But, sooner or later a new release of the 1C program will come out and we will need to update the configuration. As before, open the “Configuration” section, then “Support” and select “Update configuration”. Point to the file updates. Next, the following window appears: “Update Main Configuration - New Vendor Configuration”. In it we see that our general module “User Management” has changed (marked in bluish-green color). But, we don’t need to change the entire common module, so in the “Module” line, in the “Combination mode” column, double-click the mouse and then follow Fig.11. As you can see, you only need to leave one procedure, namely, uncheck the corresponding line. In a particular case, there may be several modified procedures in a common module, but we need to uncheck only one procedure, with the name "Check User Capability". Next, click “OK” and in the previous window “Run”. This ends the update. Our goal was to keep the desired procedure in the general "User Management" module unchanged ( see Fig.5.1 and Fig.5.2c this article ).

Fig. 11. Updating the configuration in a new way.

Conclusion.

In this article we will talk about setting up user access rights to 1C system objects.

In 1C 8, to control user access, a separate metadata object is used, which is called Roles.

Note! This article was written to help programmers. Setting up rights in user mode using the example of 1C Accounting is discussed in.

A role defines the set of rights a user has. The role mechanism is very similar to the Windows Active Directory rights mechanisms. For each of the objects (directories, documents), the developer sets his own set of rights - read / write / add / change / ...

Set of available rights - the collection of all permissions in user roles.

If we open the Role metadata object, we can see the following picture:

The object has two tabs - Rights and Restriction Templates. Rights - main tab, Templates - tab for setting rights at the record level in 1C ( RLS). This is a very important topic, which I will try to describe in future articles.

We will only consider the tab Rights.

• Objects— a list for which rights will be set.
• Rights— a list of possible rights settings for setting.
• Restricting access to data— role fields for customization

Please pay attention to the checkboxes at the bottom:

• Set permissions for new objects— if the flag is set for the role, permissive rights will be automatically set on new metadata objects. I recommend installing it if you often forget to set permissions for new objects.
• Set permissions for details and tabular parts by default— a flag, when set, details and tabular parts will inherit the rights of the owner (directory, document, etc.)
• Independent rights of subordinate objects— if the flag is set, then the system will take into account the rights to the parent object when determining the rights to a configuration object

Permission settings for the entire configuration

If we open the Role and click on the configuration root, we will see the following settings:

More details about each rights to the entire configuration:

Get 267 video lessons on 1C for free:

• Administration— administration of the information base (requires the “Data Administration” right)
• Data administration— the right to administrative actions over data
• Updating the Database Configuration- right to
• Monopoly mode— use of exclusive mode
• Active users— view the list of active users
• — log book
• — right to launch a thin client
• - right to launch web client
• Fat client— right to the role of launching the thick client
• Outer join— the right to start an external connection
• Automation— the right to use automation
• All functions mode— in managed application mode
• Saving user data— permission or prohibition to save user data (settings, favorites, history). This is especially true for 1C managed forms.
• Interactive opening of external processing— opening external processing
• Interactive opening of external reports— opening external reports
• Conclusion— printing, recording and copying to the clipboard

Setting up 1C 8.2 rights to other metadata objects

For other main objects (directories, constants, documents, registers...), the set of rights for the role is quite standard:

• Reading- reading (software)
• Addition- adding (software)
• Change- change (software)
• Removal- removal (software)
• View— view
• Interactive addition- interactive addition
• Editing— editing
• Interactive deletion flag— interactive mark for deletion
• Interactively unmark deletion— unmarking for deletion
• Interactive removal of marked— deleting marked objects
• Line input— using line input mode
• Interactive removal— direct deletion (shift +del)

Rights only for documents:

• Interactive conducting— carrying out
• Cancellation— cancellation of documents
• Interactive conducting non-operative— holding (with standard form commands) a document in non-operational mode
• Interactive cancellation— interactive cancellation
• Interactive change of spent— editing the posted document. If the role's right is not set, the user cannot delete a posted document, set a deletion flag, resend it, or make it unposted. The form of such a document opens in viewing mode

P.S. If you still can’t figure out the user roles, you can order .
Video with an example of setting up rights in 1C Accounting 3.0:

By default, when creating a database on the cloud from a template, you must select a user to enter the program Administrator, with empty passwords.
It is not recommended to use this account for everyday work.
To differentiate access rights and increase the level of security, it is recommended to create user accounts and specify certain permissions for working with the database.

Creating users for 1C 8.2 databases

To create a list of users, open the database in Configurator.

Go to the "Administration / Users" menu. To manage the list of users, you must have Full rights in the database.


Click the "Add" button.

In the window that opens, fill in the fields:
Name- the name that will be displayed in the user selection list.
Full name - the name that will appear in the database when performing operations.
flag Authentication 1C:Enterprise- allows you to set a password under which the user will log into this database.
flag Show in selection list- allows you to hide or show the user in the launch window. If the user is hidden in the selection list, then you can log in using his data by directly entering his name and password.


flag Operating system authentication allows you to link an account on 42 Clouds with an account in the 1C database.
When installing this option, you will need to select from the list your login on the 42 Clouds website(tip: start typing your username to search the list).


On the "Other" tab, you need to indicate to users the roles that they can perform in the database.
The list of roles depends on the user's responsibilities.
Note! To launch the database on the cloud, check the “Run thick client” and “Run thin client” flags.

After specifying the required settings, click OK. Now the created user can work in the database.

Creating users for 1C 8.3 databases

Creation of new users in such configurations as Trade Management 11.1, Enterprise Accounting (edition 3.0) occurs in the mode of working with the database, in the Users directories. Created users will be included in the Configurator automatically after creation.

Go to the menu “Administration / Setting up users and rights / Users”. Click the Add button. To manage the list of users, you must have Full rights in the database.

Enter a name, give permission to access the database (by checking the box) and select an authorization method (either entering a login and password, or logging into 1C under a domain account). The fields "Individual" and "Division" are optional and are used for analytics.

To work with the database, you need to add rights to the user in the “Access Rights” section. The set of groups can be changed and edited in the User Group Profiles directory.

Disabling access to the database

To disable access to the 1C user database, simply uncheck the “Access to the infobase is allowed” flag or change the password.
When setting up a user through the Configurator (for 1C 8.2 databases), it is enough to remove the user from the list.

Creating users for 1C 8.3 databases (Taxi Interface)

To configure access rights, log into the database in 1C Enterprise mode on behalf of the Administrator and go to the User and rights settings / Access group profiles section, click Create group.

Enter the name of the group and check the boxes for the roles available to users in this group. An example group that would allow users to use external processing includes the following roles:

• Interactive opening of external reports and processing
• Using additional reports and processing

Click Burn and Close

Return to menu Users and select an employee from the list, click Access rights. In the list of profiles, select the previously created profile. Click Record.