SUB-ARTICLE under Access management in Sapera. Describes the permissions for actors
(customers, suppliers, employees, etc.). Status: DRAFT pending approval.
This article covers the permissions that govern work with actors — that is, customers, suppliers, employees and other contacts — including access to CPR (SSN) numbers, merging actors, and the visibility of setup screens.
You assign these permissions in Financial under Security → Groups → select a group → Permissions (set Allow/Deny per permission). They govern functions for actors.
Allows you to see the full CPR (SSN) number on an actor.
Important: This permission does not hide the actor. If a user does not have the permission, the user can still see the actor — but the CPR number is shown masked, where the last 4 digits are replaced with `*`. Only with the permission does the user see the whole number. The permission also controls whether the CPR field is shown on the actor's edit screen.
Allows you to change the CPR field when creating or editing an actor. Without the permission, an attempt to save a CPR number is rejected with "access denied". A user with Edit can also see the full CPR number.
Allows you to merge two actors into one. Without the permission, the merge is rejected and the "Merge" button is not shown on the actor's edit screen.
In addition to the fixed permissions above, Sapera automatically creates a set of rights for each actor role. It works like this:
For each actor role marked as "directory" (e.g. Customer, Supplier, Employee) the system automatically creates four rights.
They appear in the permission tree as "<Role name> - Create", "<Role name> - Edit", "<Role name> - Achive / Unarchive" and "<Role name> - Delete" — e.g. *Customer - Create*, *Customer - Edit*, *Customer - Achive / Unarchive*, *Customer - Delete*.
The rights apply per organizational unit (store/department): a group may be allowed to create customers in one store but not in another.
What the four control:
<Role name> - Create — create an actor with this role.
<Role name> - Edit — edit an actor with this role. (A user may always edit their own actor.)
<Role name> - Achive / Unarchive — archive and unarchive an actor with this role. The same permission covers both directions.
<Role name> - Delete — delete an actor with this role.
Note the spelling: the text "Achive" appears like this in the permission tree (without the "r"). It is a known detail in the user interface — look for "Achive / Unarchive", not "Archive".
These permissions control whether a menu item/screen is shown. They hide or show the entry point to the screens in question.
Access directory — controls whether the customer/actor directory is shown (also the "Customers" page in the Sapera mobile app).
Access attachment types — controls whether the setup screen for actors' attachment types is shown.
Access Actors Setup — controls whether the setup screen for actors is shown.
Access Actors metadata records — controls whether the screen for actors' metadata records is shown.
The per-role rights apply per organizational unit. Assign them in the store/department where they should apply.
Administrators automatically get the CPR permissions and all role rights as new roles are created.
Allow vs. Deny: An explicit Deny wins over an inherited Allow.
Want to know more?
Read more in these related articles:
Access management in Sapera (overview)
What permissions are, where to find them, how they are scoped, and links to one sub-article per area.
Users and passwords (permissions)
The permissions that control administration of employee logins — create, edit, disable, delete, passwords and 2-factor.
Documents and notes (permissions)
The permissions that control editing and deleting other users' notes, plus visibility of the Documents screen.
