Configure restriction groups

Configure restriction groups /visma-net-erp/help/access-management/row-level-security/configure-restriction-groups section Restriction groups provide the capability to limit the visibility of system entities for users. 2026-02-19T17:09:06+01:00 # Configure restriction groups Restriction groups provide the capability to limit the visibility of system entities for users. Restriction groups provide the capability to limit the visibility of system entities for users. To start using restriction groups, you need to plan how to use these and configure them, as described in these topics. About preparation for configuration /visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-preparation-for-configuration page Before you start configuring restriction groups, you need to gather the information that will help you to plan your restriction groups. 2026-02-19T17:09:06+01:00 # About preparation for configuration Before you start configuring restriction groups, you need to gather the information that will help you to plan your restriction groups. Before you create and configure restriction groups, you need to follow the three steps explained in this topic, for each visibility-related task you want to resolve. ## STEP 1 - Determine whether or not to include users The following table explains when to include users in your restriction group or not. |IF|THEN| |---|---| |you need to limit the visibility of entities (for example: customers) for users,|the restriction group consists of users and entities.| |you need to restrict the visibility of entities (for example: subaccounts) when they are used with particular entities of a different type (for example: general ledger accounts),|the restriction group consists of only entities.| For details, see: [About restriction groups in Visma.net ERP](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## STEP 2 - Select the restriction group type The following tables explain the type of restriction group to use with and without users respectively. ### For a group with users |IF|THEN| |---|---| |a smaller number of users **should** see the entities,|you select a group with direct restriction.| |a smaller number of users **should not** see the entities,|you select a group with inverse restriction.| ### For a group with entities (no users) For example entities of Type 1 and Type 2 in the table below (for example subaccounts and accounts). |IF|THEN| |---|---| |the number of subaccounts that **should** be visible when an account is selected, is smaller than the number of subaccounts that shouldn't be visible,|you select a group with direct restriction.| |if the number of subaccounts **shouldn’t** be visible when an account is selected, is smaller than the number of subaccounts that should be visible,|you select a group with inverse restriction.| ## STEP 3 - Estimate the number of restriction groups You determine how many groups you need to create by using the following guidelines: |IF|THEN| |---|---| |a particular user or a set of users should (or shouldn't) see entities of different types (such as customers or general ledger accounts),|you need to create a separate restriction group for each entity type.| |multiple sets of users should (or shouldn't) see different values of entities of the same type (such as warehouses),|you need to create a separate group for each entity value or set of entity values.| |you need to control the accounts and subaccounts that can be used together,|you must create at least two groups and include all subaccounts in either of the groups.| |you want include particular combinations of entities in one group with users,|see [About restriction groups in Visma.net ERP](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/) for supported combinations of entities.| For examples of using restriction groups, see: [About practical scenarios with Restriction groups](/visma-net-erp/help/access-management/row-level-security/about-practical-scenarios-with-restriction-groups/). About operations with restriction groups /visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups page The operations that you can perform with restriction groups (such as creating the groups, adding entities to a group, deleting entities from a group, and viewing group details) depend on the window. 2026-02-19T17:09:06+01:00 # About operations with restriction groups The operations that you can perform with restriction groups (such as creating the groups, adding entities to a group, deleting entities from a group, and viewing group details) depend on the window. This topic describes the operations that you can perform with restriction groups. ## Creating a restriction group The following table explains how to create a restriction group to restrict the visibility of some system entities.

STEP	ACTION
1	Open one of the windows in the Row-level security workspace, which you can use to create restriction groups with the particular system entities you want to add. For examples of combination of restriction groups, see: About restriction groups in Visma.net ERP.
2	Enter a group name that reflects what the group limits visibility to.
3	Select the group type. For information about the types of restriction groups, see: About types of restriction groups.
4	If the group includes users, select the users that will be included in the group on the Users tab.
5	Select the values of the entity that should be included in the group on the tab with the list of entities. For example: If the entity is warehouses, you select the particular warehouses you want to include in the group.
6	Repeat this step for each entity type that you want to include in the group.
7	Save your changes.

## Deactivating a restriction group If you do not want to apply the restrictions of a group to the entities included in the group, you do the following.

STEP	ACTION
1	Open the Restriction groups (SM201030) window.
2	In the Selection area, select the restriction group you want to edit.
3	Clear the Active check box.
4	Save your changes.
5	Result: Restrictions configured in the group are no longer applied to the entities.

## Setting up default restriction groups for supplier and customer classes To simplify the process of adding new supplier and customers to restriction groups, you can specify a default restriction group for a supplier or customer class. This means that suppliers and customers of the selected class will be included in the restriction group automatically. The following table explains the steps to specify a default restriction group for a supplier class.

STEP	ACTION
1	Go to the Supplier classes (AP201000) window.
1	In the Class ID field, select the supplier class for which you want to specify the default restriction group.
2	Go to the General settings tab, and in the Default restriction group field of the Default general settings, select the default restriction group that will be used for the selected supplier class.
3	Click Apply restriction settings to all suppliers in the window toolbar, to include all entities of the class in the default restriction group.
4	Save your changes.

You perform similar steps in the [Customer classes (AR201000)](/visma-net-erp/help/customer-ledger/customer-ledger-windows/customer-classes-ar201000/) window when you want to specify a default restriction group for a customer class. ## Removing class entities from a default restriction group The following table explains how to remove all class entities from a default restriction group to cancel the visibility restriction for entities of a supplier class.

STEP	ACTION
1	Open the Supplier classes (AP201000) window.
2	Go to the General settings tab, and in the Default general settings section, clear the value in the Default restriction group field.
3	Click Apply restriction settings to all suppliers in the window toolbar.
4	Save your changes.

In the [Customer classes (AR201000)](/visma-net-erp/help/customer-ledger/customer-ledger-windows/customer-classes-ar201000/) window, you can perform similar steps to remove customers of a class from the default restriction group. ## Adding entities to an existing restriction group While addressing your everyday tasks, you may need to add users and entities to restriction groups that you have created and configured previously. Suppose that a new employee of your organisation should use accounts with limited visibility, or that new stock items have been added to the system and should be in a particular restriction group. Follow these steps to add an entity to an existing group.

STEP	ACTION
1	Go to the Row-level security workspace.
2	Open the window that displays restriction groups for the entity you want to add to the restriction group. For example: For a user, you open the Restriction groups by user (SM201035) window.
3	In the top part, select the entity that you want to add to a restriction group. For example: In the Login field, you select Todd Bloom.
4	In the table with the list of restriction groups, select the unlabelled Included check box for each group in which you want to include the selected entity.
5	Save your changes.

After you have included the entity in the restriction groups, the system applies the visibility limitations to the entity. Similarly, you can remove entities from a restriction group by clearing the **Included** check box for this group.