> Creating LDAP Roles

Create LDAP roles to define a template containing the information necessary to enable the LDAP server to create Datastream 7i users based on their corresponding LDAP roles.

LDAP (Light Directory Access Protocol) is an Internet/network protocol that uses hierarchical data definitions to access information directories across platforms. LDAP enables you to centrally maintain user and password information for each application that you may use on the LDAP server. If you are using LDAP, when a user logs in to Datastream 7i, Datastream 7i authenticates the user ID and password on the LDAP server rather than performing the authentication within Datastream 7i. Datastream 7i user information is stored and maintained in the R5USERS table. After the LDAP authentication process verifies the user information, Datastream 7i uses the LDAP role associated with its corresponding Datastream 7i user to determine the user’s Datastream 7i system privileges.

   System privileges and permissions are always maintained in Datastream 7i. System privileges and permissions are associated with Datastream 7i user groups that are associated with LDAP roles.

The LDAPPATH installation parameter determines whether user authentication is done within Datastream 7i or on the LDAP server. If LDAPPATH is set to ON, then the LDAP server handles user authentication, and when you log in to Datastream 7i, the logon form verifies the login information via the LDAP server.

If the entered login information is valid but it does not identify an existing Datastream 7i user, then the authentication process creates a Datastream 7i user using the LDAP role you have defined.

After creating an LDAP role, you can update the role as necessary.

Follow these steps to create LDAP roles.

  1. Open the Role setup form (BMROLE).

  2. Click the Record view tab. Datastream 7i displays the Record view page.

  3. Role—Enter a unique code identifying the LDAP role to create as a user, and then enter a description of the role in the adjacent field.

  4. Organization—Click to select the default organization for the role/user.

  5. Extended locale—Click to select the geographic location for which to set the number format for numeric fields within the system. Selecting an extended locale determines the manner in which commas and decimals are used in numeric data. The setting of the LOCALE installation parameter determines the default extended locale for all users. However, selecting an extended locale at the role level overrides the setting of the LOCALE installation parameter.

  6. Language—Click to select a default language for the role/user.

  7. First function—Click to select the code identifying the function to which Datastream 7i defaults when the role is used to log in to Datastream 7i.

  8. Extended first function—Click to select the code identifying the function to which Datastream 7i Extended defaults when the role is used to log in to Datastream 7i Extended.

  9. Buyer—Select if the role/user can buy materials/services.

   The materials management module must be installed to use the buyer feature.

  1. Screener—Select if the role/user can screen work requests.

  2. Approver—Select if the role/user can approve pick lists.

  3. Datastream 7i—Select to indicate that the user is an active Datastream 7i user.

  4. Datastream 7i Requestor—Select to indicate that this user is a Requestor user.

  Enter the Requestor user group for User Group to associate the Requestor user with the Requestor user group.

 The Requestor user may only submit work requests and/or purchase requests.

 You cannot select Datastream 7i and Datastream 7i Requestor for the same user; however, you must select either Datastream 7i or Datastream 7i Requestor.

  1. Datastream 7i Mobile—Select to indicate that the user is a Datastream 7i Mobile user.

  2. Datastream 7i Barcoding—Select to indicate that the user is a Datastream 7i Barcoding user.

  3. Datastream 7i Connector—Select to indicate that the user is a Datastream 7i Connector user.

  4. Datastream 7i Analytics—Select to indicate that the user is a Datastream 7i Analytics user.

  5. User group—Click to select the user group to which the role is assigned.

  6. Department—Click to select a default department for the role/user.

  7. Requisition limit—Enter the maximum amount the role/user can enter as a user on a requisition or requisition line.

  8. Purchase order limit—Enter the maximum amount the role/user can enter as a user on a purchase order or purchase order line.

  9. Req auth limit—Enter the maximum amount the role/user can approve for a requisition or requisition line.

  10. PO auth limit—Enter the maximum amount the role/user can approve on a purchase order or purchase order line.

   Set Requisition limit, Req auth limit, Purchase order limit, and PO auth limit at either the header level or the line-item level on the Installation codes form (BNINST). You do not need to define them for every role.

  1. Invoice approve limit—Enter the maximum amount the role/user can approve on invoices and invoice lines.

  2. Non-PO invoice approve limit—Enter the maximum amount the role/user can approve on non-purchase order invoices.

  3. Pick list limit—Enter the maximum amount of parts that the role/user can approve for pick lists.

   If multi-organization security is activated, you must define purchase order and requisition limits on the Organization page of the Users form (BMUSER).

  1. Choose File | Save from the menu bar. Datastream 7i saves the information to the database.