Privileges
These are all of the privileges available in Tungsten AP Essentials.
To access these settings: Navigate to the Users view, click a user name and select the Privileges tab.
You must have the Manage accounts or Manage user accounts privilege to edit user privileges in Admin Center. However, you can grant any privilege you have yourself via the API.
These are all of the privileges available in Tungsten AP Essentials. The settings that appear can vary depending on which services and document processes you use.
Admin privileges
These privileges are available for user accounts with the Admin role.
APPS | |
Access Analytics | Grants access to Analytics reports in Admin Center. |
Access E-Invoice Connect |
Lets admin users on the customer level open E-Invoice Connect from a link that appears on the landing page in Admin Center. The link utilizes single sign-on, so login credentials are not required to access E-Invoice Connect via the link. This setting is only visible if the E-Invoice Connect service is enabled. |
ACCOUNT MANAGEMENT | |
Manage accounts |
This privilege gives the user permission to manage accounts, users and settings in Admin Center. The Manage accounts privilege, also lets you grant the Manage services privilege, even if you do not have the Manage services privilege yourself. This privilege is required to:
Subsidiary administrators with this privilege can:
Partner and Partner group administrators with this privilege can:
Customer administrators with this privilege can only view target system settings. Customer administrators need the Manage target system settings privilege to edit target system settings.:
Partner administrators can modify all service settings with this privilege. However,
customer administrators with this privilege can edit all service settings except for Extraction services
and Target system services.
|
Manage suborganizations |
Grants administrators the ability to create, update, delete, activate/deactivate, group/ungroup, pause/resume and move organizations. Administrators with this privilege can also grant this privilege to other administrators, but cannot remove the privilege from themselves. During customer creation, if a user has the Manage suborganizations privilege, but does not have the Manage services privilege, only these services are available:
|
SERVICE PLAN | |
Manage service plans | Grants permission to edit service plans. |
SERVICE MANAGEMENT | |
Manage services |
Grants permission to add, remove and edit services. Administrators with this privilege can edit the settings of all services. Therefore, they do not need more specific service-management privileges below, such as Manage extraction settings, Manage target system settings etc. |
Manage classification settings |
Grants permission to edit Classification service settings. |
Manage email input settings |
Grants permission to edit Email input service settings. |
Manage E-Invoice Connect settings |
Grants permission to edit E-Invoice Connect service settings. This setting is only visible if the E-Invoice Connect service is enabled. |
Manage extraction settings |
Grants permission to edit Extraction service settings. |
Manage master data settings |
Grants permission to edit Master data service settings. |
Manage notifications settings |
Grants permission to edit Notifications service settings. |
Manage process control settings |
Grants permission to edit Process control service settings. |
Manage purchase order settings |
Grants permission to edit Purchase order service settings. |
Manage storage settings |
Grants permission to edit Storage service settings. This privilege is only available to partner administrators. |
Manage target system settings |
Grants permission to edit Target-system settings. |
Manage validation settings |
Grants permission to edit Validation service settings. This privilege is only available to partner administrators. Customer administrators can edit rules in the document types via the Extraction service if they have the Manage extraction settings privilege. |
Manage verification settings |
Grants permission to edit Verification service settings. |
Manage workflow settings | Grants permission to edit Workflow service settings. |
USER MANAGEMENT | |
Manage user accounts |
Grants permission to add, delete, enable/disable and edit users. This privilege also grants the ability to reset passwords and import/export users. You must have the Manage accounts or Manage user accounts privilege to grant this privilege to another user. You cannot remove this privilege from your own account unless you have the Manage accounts privilege. |
Manage user groups |
Grants permission to add, delete and edit user groups. When copying customers, this privilege also lets user groups be copied too.
If you copy a customer with workflows that reference user groups, and you do not have this privilege, or
the
Manage accounts privilege, the workflows that reference user groups
are not copied.
You must have the Manage accounts or Manage user groups privilege to grant this privilege to another user. You cannot remove this privilege from your own account unless you have the Manage accounts privilege. |
Manage identity providers |
Grants administrators the right to add, edit and delete identity providers in the Identity providers view. This privilege also grants the ability to edit the SINGLE SIGN-ON settings in the User management view. In other words, you can enable/disable single sign-on the account level. Likewise, you can change the Identity provider setting and the Tenant ID setting (if available).This privilege is available to subsidiary and partner administrators. |
DOCUMENT MANAGEMENT | |
Process documents | Grants administrators the right to view, edit and process documents. Among other things, this
privilege lets you open documents via the
Documents view in Admin Center and process them in
AP Essentials Office.
Admin users must have this privilege to:
|
View documents | Grants administrators the right to view documents and document data via Admin Center. You must have this privilege to access, for example, the Documents view. This privilege also lets you open documents in read-only mode in AP Essentials Office. |
RESOURCE MANAGEMENT | |
Manage resources |
Grants administrators the right to add, delete, download, trust and untrust resources in the Resources view. This privilege is available to subsidiary and partner administrators. |
MASTER DATA | |
View supplier bank account numbers | Grants administrators the right to view and edit supplier bank account numbers. Without this
privilege, account numbers are masked to
Admin users.
This privilege is included in the default administrator privileges when an admin user is created via the API. However, it is not included by default when an admin user is created via Admin center. |
User privileges
These privileges are available for user accounts with the User role.
Access APPROVE |
Gives the user permission to approve invoices in a workflow. Also gives exception handlers permission to send rejected invoices to manual separation. |
Access EXPLORE | Grants access to the Processed view on the document list view. |
Access MANAGE |
Gives the user permission to:
|
Access RECEIVED | This privilege is required, in combination with Manual document separation (Split), to perform document separation. |
Access STORAGE - My documents | Grants access to the STORAGE view, but only displays documents the user has processed. |
Access STORAGE | Grants access to the
STORAGE view on the
document list view.
Original emails containing invoices can be viewed on the Attachments tab by Office users with this privilege. |
Access UPLOAD | Grants access to the Upload view. |
Access VERIFY | Grants access to the Verify view. |
Access VERIFY - Reply |
Grants access to the Verify view, but restricts access to documents with the status, Request for information. If you want to restrict access in using this status, you must also disable the Access VERIFY privilege, which supersedes Access VERIFY - Reply. |
Start workflow from Verification |
Lets you select which workflow you want to send an invoice to from the document view by adding a menu to the OK button in the document view. This is helpful if you want to override the default rules for a particular invoice. |
Change bypass verification setting |
Lets users change the bypass verification setting for suppliers. |
Change field visibility per supplier/Change field visibility per customer |
Lets users toggle field visibility during verification. |
Change lock online learning setting |
Lets users change the Lock online learning setting for suppliers or customers. For accounts payable processes, the setting is in the Add/Edit supplier dialog. For accounts receivable processes, the setting is in the Add/Edit customer dialog. |
Delete documents |
Gives users permission to delete documents. This applies to all views and instances where it is possible to delete documents, such as the document view. This privilege is also required to delete files from the Documents and Files views. Users with this privilege can also delete documents that are on hold. |
Edit approval documents |
Gives users permission to approve documents and change invoice field values in a workflow. Normally, you can only change invoice field values during verification, or when an invoice has the status, Pending correction, because it was rejected by the target system. This privilege, however, gives the user the ability to change field values at any time during the approval process. Users with this privilege can also code documents in a workflow, even if the Coding setting is not selected in the workflow step. |
Manual document separation (Split) |
Grants access to the Document separation view and displays the Split button in the document view. The Access RECEIVED privilege is also required to perform document separation |
Reroute approval documents |
Gives users permission to reroute approval documents. |
Unhold documents |
Gives users permission to unhold documents. You do not need this permission to unhold documents that you have put on hold yourself. |
Update online learning |
Determines whether user interactions during verification affect online learning. Disable this privilege to prevent new or inexperienced users from having a detrimental effect on documents that have high identification and extraction rates. This privilege does not override the Lock online learning setting. |