Roles play a central part in defining users of the M5 system. They are the foundation records for building Application Users. The next sections address the details of role creation and maintenance and illustrate how critical it is to understand the steps required and the sequences to follow when creating and maintaining them.
Before creating a role, there
are necessary preparation steps. Primarily these involve the creation
of groups for locations (Location Groups),
operational entities
(Operational Entity Group), and
customized menus (Menu Maintenance)
with field restrictions. Additional setup includes KPI/PMM Groups, Printing
and Reporting capabilities, and Department/Chat Groups.
There are three general steps for creating a new user. First, you must create the Database User ID. Then create a Role by using this frame with the necessary menus, privileges and a database user id. Finally, you create the Application User and assign them to the appropriate role.
Create a New Role
Within the General Information section, enter a new role id in the Role field. It’s helpful to style the ID in a way that is easily associated with the employees you anticipate assigning to this role. For example, MECH for mechanics. Your company may already have common abbreviations for various groups that could also be used in this situation.
Enter a Description for the Role.
Enter the data for any of the remaining fields on the General tab that apply: Notes, Restricted Home Page, Outside User checkbox, and Database User ID.
The Restricted Home Page field allows you to enter a specific home page for application users assigned to the role. If a value is entered, it overrides any value set at the App User level and does not allow them to change their individual Home Page.
Two Factor Authentication can be activated by using the M5 Parameters frame. If the Email_By_Role value is chosen and the checkbox is selected, as users attempt to log in the system sends the appropriate email address an authorization number.
Enter a Maximum Allowable PO Line Value, as applicable.
Enter a Maximum Allowable PO Line Value, as applicable.
Enter a value in the Part Request Approval Amount field.
Enter a value in the Commercial Request for Service Approval Amount field.
Two Factor Authentication
Users have:
One chance to enter the code. If it is incorrect, it must be re-entered. Dashes must be included.
10 minutes to enter the code in the frame that is presented (you are unable to use the same code in a different one, should you try to log on again a new code is generated).
If the user does not enter the correct code in the allotted time, the notification, "code expired" displays and you are required to attempt to log in again (and will subsequently be given a new code).
Part Request Approval Amount
If the Part Request Approval Amount is:
Blank - No restrictions are needed to approve part requests.
Entered as 0 (Zero) - All part requests require an approval for this role.
Entered as a dollar value - Any part requests total exceeding this value require an approval.
Note: Works in conjunction with the APPROVE PART REQUEST and APP OWN PART REQUEST privileges.
Commercial Request for Service Approval Amount
If the Commercial Request for Service Approval Amount is:
Blank - No restrictions will be needed to approve commercial requests for service.
Entered as 0 (Zero) - All commercial requests for service require an approval for this role.
Entered as a dollar value - Any commercial requests for service total exceeding this value require an approval.
Note: Works in conjunction with the APPROVE SVC REQUEST and APP OWN SVC REQUEST privileges.
The Locations/Oper Entities tab allows you to assign any Location Groups or Operational Entity Groups that apply to the specific role. These are generally used as additional system security measures to ensure users are only accessing locations and parts of the system that pertain to their job function.
On the Menus/KPIs tab you can assign any custom menus from Menu Maintenance as well as KPI Groups that the role has access to. See the KPI Groups frame for more information about setting up these groups.
The Privileges tab is perhaps the most important aspect of Role Maintenance. M5 uses role privileges to determine what users with the role can and cannot do within the system.
See the Role Privileges Table for a complete listing of role privileges and what they do.
The Reporting tab allows you to assign any Printer Groups or Report Groups that the role needs for use with Crystal Reports.
The Application Users tab gives you the ability to view the application users currently assigned this specific role. Each record displays in read-only format and contains the Application User id, user Name, Division, Phone number, and Disabled/Expires information, if applicable.
The Departments/Chat Groups tab allows you to manage and assign Department Groups or Chat Groups to the role. To assign a group, select the group to highlight it, and then use the >> and << button to move the groups between the two columns.
The Disable DAF for reports checkbox allows users to run any reports regardless of DAF settings.
The Indirect Accounts tab allows you to authorize or unauthorize Indirect Account Groups for a specific user role. Use the >> and << buttons to move groups between the two columns.
Role Privileges Table
System Administration Application User Training
Last Updated: 01/17/2020, 01/2025
NOTE: To view a list of System Flags and Role Privileges that may impact this screen, hover over the screen title in M5 to display the bubble help/tooltip. At the bottom of the bubble help/tool tip, there is a Settings hyperlink. Click that hyperlink to display the list of flags and privileges.
Additional training and technical documents on this subject may be available in the Resource Files area.