Managing User & Roles

The User & Role Management page allows administrators to create users and user groups, assign approval roles, and manage access permissions. This section empowers administrators to seamlessly control roles and permissions, ensuring that users only have access to the areas of the application necessary for their roles, thus maintaining security and operational efficiency.

Key Features for Administrators:

1. Add Users: This tab allows administrators to add new users to the system.
2. Create User Groups: This tab allows administrators to group users for easier management and role assignments.
3. Configure Security: The Security options in both the User and User Group tabs enable administrators to set and manage security configurations, ensuring that access to sensitive areas is restricted appropriately.
4. Assign Approval Roles: The Approval Role Setup allows administrators to assign specific approval roles, tailoring permissions based on user responsibilities.
5. Define Navigation Roles: The Navigation Role tab enables administrators to create and assign navigation roles, controlling which areas of the application users can access.
6. Model Permissions: This tab allows power users to map/unmap the model permissions and update the security permissions to the dimension members.

Navigate to Maintenance > Administration > User & Role Management.

Now, let's explore all the options available on User & Role Management.

User

The User tab displays all users and provides functionality to add, edit, delete, and copy user permissions, providing access to application pages and other user actions. It also ensures data security and maintains Planful users.

Admin users will have access to add and maintain Planful users and provide access to application pages and data security for those users.

• Add: Adding a new user is essential for managing access and permissions, ensuring users have the right roles and security settings for their tasks.
  In addition, users can be added using APIs and Data Load Rules (DLR). To learn more about loading users to Planful, click here.
• Export Options: Exporting user data can be done using two methods: Export to Excel and Print. These options allow you to easily download or print a comprehensive list of user details.
• Edit: Use the edit option to update user roles and properties when there are changes in job responsibilities or access needs.
• Copy Permissions: The admin can copy an existing (i.e., source) user and all associated permissions and roles to a target user. This is an easy way to give a new user the same permissions as an existing user.
• Delete: Use the delete option to remove a user's access to the application. 
• Security Configurations: Security Options refer to settings or configurations that control access, permissions, and security-related aspects for users or user groups.
  • User Setup Required by Module
    The table below provides information on user security-related tasks available from the User & Role Management page and the module they are related to. These tasks are to be completed for regular and admin users based on the module. Other user security setup is required within the module itself. For example, in Consolidation, there is a Security page.
    

    	Planning	Consolidation	Reporting	Dynamic Planning	Admin Only
    Scenario Access	Required	Required	Required	Required
    Approval Roles	Required
    Data Integration	Required	Required	Required		Required
    Report Access			Required
    Add-In Security	Only required if users need access to Offline Planning
    Workforce Reporting Security	Only required to secure Workforce Reports if you're using Workforce Planning		Required

• Reset Password: Administrators can send a password reset link to the user's registered email address.

User Group

The User Group tab is used to add and edit groups of categorized users. If you need to provide a group of users with the same access privileges, it is easier to create a user group and assign group privileges rather than assign privileges to each user one by one.

• Add: The add option lets administrators add groups of users, making it easier to assign the same access privileges to multiple users at once by managing them collectively.
• Export Options: Exporting user group data can be done using two methods: Export to Excel and Print. These options allow you to download or print a comprehensive list of user groups easily.
• Edit: Using the edit option, the administrator can modify existing user groups by adding or removing users as needed. This ensures user groups reflect current roles, responsibilities, or organizational changes.
• Delete: Administrators can delete the user group when it is no longer needed.
• Security Options: Security options refer to settings or configurations that control access, permissions, and security-related aspects for users within those groups. You can configure the following areas for user groups:
  • Add-In-Security - Setting up add-in security is important when using Planful Offline Planning, which is an Excel planning tool that allows you to download and perform budgeting tasks while not connected to the application. To learn more about Add-In-Security, click here.
  • Data Integration Security - Data integration security is comprised primarily of Data Load Rules. A Data Load Rule tells the system how to handle data values in the data source during a data load. To learn more about Data Integration Security, click here.
  • Report Access - To provide users and user groups with access to generated reports, each user or user group must be assigned access privileges. Any user with access to User & Role Management can update Report Access for a user, user group, or artifact. To learn more, click here.
  • Scenario Access - To provide users and user groups access to a scenario, each user or user group must be assigned access privileges. To learn more about Scenario Access, click here.
  • Workforce Reporting Security - Workforce Reporting enables structured, ad hoc analysis of workforce planning dimensions and measures. Workforce Reporting is integrated into the application as a Reporting Area, allowing you to report on employee-specific compensation and other financial dimensions. To learn more about Workforce Reporting Access, click here.

Navigation Role

Navigation roles in the Planful application determine the specific navigation paths that grant users access to certain pages and their associated functionalities. By assigning navigation roles, the application ensures that users have appropriate access levels and enhances the overall user experience.

The admin user can create a Navigation Role and assign Navigation Access to a specific Navigation Role. Then the Navigation Role can be assigned to users. This ensures users can only access the designated paths based on their assigned roles.

Navigation: Maintenance > Administration > User & Role Management > Navigation Role

• Add: A Navigation Role defines a unique role that helps customize user access within the system.
• Edit: Use the Edit option to make the changes to the existing Navigation Role.
• Delete: Use the Delete option to permanently delete the Navigation Role.
• Navigation Access: Administrators can assign specific navigation paths to designated roles to manage user access within the application. This ensures that users within those roles can access only the appropriate sections of the system.
• Apply Filter: Use the filter option to narrow the Navigation Role list to match your search criteria. Click the Apply Filter icon to display a search filter row. Enter your keyword in any filter column to display matching data.
  
  
  Note: 

  Click the Clear Filter icon to hide the search filter option.
• Export Options: The Export option for the Navigation Role area helps the administrators export the summary and detailed navigation reports.

Approval Role

The Approval Role tab is used to create and configure roles with specific actions for users. Approval roles specify the actions that users can perform during the budgeting process.

For example, you can assign a budget manager with an approval role to approve certain budgets. Approval roles can have varying levels of user responsibility for budget entities. For example, a user has access to two entities (A and B), but has HR responsibility for entity B only. You can then restrict the user to view only specific data based on HR access for the approval role assigned to the entity.

Example of a Typical Approval Role Configuration

The following shows a typical Approval Role setup for a Budget Administrator and a Regular Budget User.

Business Value:

You can create approval roles for users to ensure clarity, alignment, and accountability within an organization and improve the regular functioning of the business.

• Add: To define approval actions for users, administrators can create new Approval Roles, ensuring users have the appropriate access to entity and template workflows.
• Edit: This option is used to edit the approval role.
• Delete: This option is used to delete the approval role.
• Apply Filter: Use the filter option to narrow the Approval Role list to match your search criteria. Click the Apply Filtericon to display a search filter row. Enter your keyword in any filter column to display matching data.

  Note:

  Click Clear Filter to hide the search filter option.

  

• Export Options: The Export options for the Approval Role help the administrator export the list of approval roles.

The grid displays the following information:

• Approval Role Code: Displays the unique code to identify an approval role
• Approval Role Name: Shows the name by which you can identify an approval role
• Created Date: Indicates displays the date and time when an approval role was created
• Created By: Displays the user’s name who created the approval role
• Modified Date: Indicates the date and time when an existing approval role was last modified
• Modified By: Displays the user’s name who had made the last changes to an existing approval role

Model Permissions

The Model Permissions tab displays the list of existing Model Permissions and allows the power user to map/unmap user groups to the model. Additionally, the power user can secure specific dimension members, ensuring that user groups cannot access those members.

The Model Permissions page displays a list of models along with their details, such as dimensions and associated user groups. There are three types of models available:

• Analytical Models
• Direct Access to PCR (DAP) Models 
• External Source Models (ESM) Models
  

Power users can grant access to user groups for different models, including their respective dimensions and members. 

You can review permissions for a model and its user group(s) by selecting the model in the Select Model drop-down within the Preview Permissions link.

To learn how to define user permissions for a model, click here. 

Related Articles

• Approval Role Setup
• Offline planning