When multiple sites operate under a single Sage X3 environment, giving every user access to all sites can lead to unnecessary complexity and security risks. With row-level permissions, administrators can precisely restrict users’ access to one or a few sites based on their roles. This blog demonstrates how to implement these restrictions efficiently and maintain operational control.
In multi-site Sage X3 environments, administrators often need to confine certain users to specific operational sites. This is primarily managed through Row-Level Permissions or Functional Authorizations. This guide explains how to implement such restrictions effectively while maintaining data integrity.
Method 1: Restrict via Row-Level Permissions
If an individual user should be confined to one or a small number of sites, you can utilize Row-Level Permissions. These permissions are configured in two key areas of the system:
under Setup → Users → Row Level Permissions (to define permission codes) and within Setup → Users → Users → Organization tab (where you assign restrictions per user).
New stuff: Validation on Non Existing PO field in Supplier BP Invoice Screen
For instance, to limit a user to a specific site:
1. Access Setup → Users → Row Level Permissions.
2. Search for the code linked to site-specific controls. Typically, this is ‘FCY’ used across multiple functions (e.g., POH, SOH).
3. Assign ‘FCY’ as the permission code for the selected user.
4. Under the Organization tab, specify the Key value (for example, NA10) corresponding to the desired site and save your changes.
Once configured, logging in as this user will display only the assigned site (e.g., NA10) when performing actions such as creating purchase or sales orders. Note that Row-Level Permissions take precedence over any functional authorization settings.
If I log in as the user and go to Purchasing, Orders, Orders and click on New, I will see that the only site available to the user is NA011.
Method 2: Limiting Access via Functional Authorizations
When dealing with multiple users sharing the same function profile, using Functional Authorizations is more efficient. You can manage this from Setup → Users → Function Profile.
1. Open the Function Profile screen and select the profile (for example, SABY).
2. Choose Authorizations → Addition → Recall to load all current authorizations.
3. Under the Type dropdown, choose either ‘Site’ (to restrict to specific sites) or ‘Site grouping’ (to restrict by site groups like company-level access).
4. Input the relevant site or site grouping code (e.g., NA10 for all sites under that group).
5. Check ‘Forced Cancel and Replace’ to clear pre-existing settings when creating a fresh rule, and save your updates.
If additional sites (such as NA20 or FR011) need to be added later, repeat the process but leave the ‘Forced Cancel and Replace’ unchecked. This way, the user retains their previous site permissions while gaining access to new ones.
Example: Granting Access to Multiple Sites and Companies
Consider a user who needs access to all sites within companies NA10 and NA20, plus one standalone site FR011. You would create authorizations for the profile to include NA10 as a Site Grouping, then NA20 without replacing existing rights, and finally FR011 as an individual Site. This ensures the user can manage operations only within these designated areas.
Best Practices and Precautions
• Always test permissions using a copy of a function profile instead of modifying production ones directly.
• Verify that restrictions are applied correctly by performing sample transactions.
• Maintain backups of user settings before deploying changes.
• Avoid overlapping configurations between Row-Level Permissions and Functional Authorizations to prevent ambiguity.
• Regularly audit user access rights, especially after major version updates or role changes.
By properly configuring Row-Level Permissions and Functional Authorizations, Sage X3 administrators can create a secure and well-regulated environment, ensuring users work only within authorized operational scopes.
About Us
Greytrix – a globally recognized and one of the oldest Sage Development Partners is a one-stop solution provider for Sage ERP and Sage CRM organizational needs. Being acknowledged and rewarded for multi-man years of experience and expertise, we bring complete end-to-end assistance for your technical consultations, product customizations, data migration, system integrations, third-party add-on development, and implementation competence.
Greytrix has some unique integration solutions developed for Sage CRM with Sage ERPs namely Sage X3, Sage Intacct, Sage 100, Sage 500, and Sage 300. We also offer best-in-class Sage ERP and Sage CRM customization and development services to Business Partners, End Users, and Sage PSG worldwide. Greytrix helps in the migration of Sage CRM from Salesforce | ACT! | SalesLogix | Goldmine | Sugar CRM | Maximizer. Our Sage CRM Product Suite includes addons like Greytrix Business Manager, Sage CRM Project Manager, Sage CRM Resource Planner, Sage CRM Contract Manager, Sage CRM Event Manager, Sage CRM Budget Planner, Gmail Integration, Sage CRM Mobile Service Signature, Sage CRM CTI Framework.
Greytrix is a recognized Sage Champion Partner for GUMU™ Sage X3 – Sage CRM integration listed on Sage Marketplace and Sage CRM – Sage Intacct integration listed on Sage Intacct Marketplace. The GUMU™ Cloud framework by Greytrix forms the backbone of cloud integrations that are managed in real-time for the processing and execution of application programs at the click of a button.
For more information on our integration solutions, please contact us at sage@greytrix.com. We will be glad to assist you.
