Review rights

Target group of this article


All Users

Main User 


IT department 

Detailed description of the functionality

When the Basware P2P application was developed, the system was designed to perform authorization validation on all of the actions the users are taking. For each action a user is taking, the system validates if the user has the rights to perform the action. As an example, if the user collaborates, the system validates the rights for collaboration, or if a user opens a list the system will validate if the user has the rights do so. Basically, all main actions are verified against the user rights.

If all actions would have their own rights, there would simply be too many of them. Therefore the rights were combined together as a single batch of rights to perform the most basic actions in the application, and included behind the review rights. This however leads to the situation that if a user does not have review rights to any organization, the system may believe that the user is not having rights to perform the action and cause unexpected behavior or crashes. This could occur on collaboration or on various other actions in the personal mode.

Recommended actions

As a rule of thumb, all users should have review rights. The easiest way to perform this is to add a new home organization user group to the organization root level and add all users as members of it. Then link the user role containing the Review permission to the group and all members will get review invoice right automatically to their home organization unit. In addition existing roles could be modified to include review rights.