Defining Authorizations 
SAP Business One is equipped with a comprehensive authorization facility that can be tailored to every user. During the implementation phase, the system administrator should devise an authorization policy to prevent unauthorized access to the database. By assigning the correct authorization, changes to document fields can be restricted.
Certain precautions must be taken to ensure that access to the data is monitored. In the General Ledger, users who do not have authorization for the document journal, but are authorized for journal entries, can use the data record pushbuttons to scroll through the database and view documents. In this way, they can display other entries, even though they are not authorized to display lists, for example, in the document journal.
You should grant authorizations to each user according to the user's actual role and responsibilities. SAP Business One provides the following authorization options:
Full Authorization: The user is able to display and modify data for that function.
Read Only: The user can only view, but not change data.
This option targets only data, so it is not available for functions that require user operations (for example, removing business partners).
No Authorization: The user has no access to that function.
Note
A superuser has full authorizations for all functions and these authorizations cannot be modified.
Each user's authorizations are displayed in the Authorizations window. Various Authorizations is displayed for modules with mixed authorizations, such as full authorization for some submodules and read-only for others.
Prerequisites
You are a superuser.
You have created regular users in the system.
You have assigned users to appropriate permission groups. For more information, see Defining Permission Groups.
Procedure
From the SAP Business One Main Menu, choose
Administration 
System Initialization Authorizations General Authorizations 
. The Authorizations window opens.On the Permission Groups tab of the Authorizations window, define authorizations for each permission group.
Each permission group's authorizations are automatically applied to all users within the group.
On the Users tab, fine-tune each user's authorizations to ensure appropriate effective authorizations for all permission items.
[Panama] To hide certain data using encryption, select the Use Encryption checkbox, and then choose the Encryption Table button. In the Encryption Table window that is displayed, specify characters that should appear in place of digits. Choose OK to save the changes. For more information, see Encryption Table: Panama.
Choose the Update button to save the changes in the Authorizations window.
Note
If you grant a user full or read-only authorization for a certain function, make sure that you have assigned an appropriate license to the user. Otherwise, the authorization setting is not effective.