Configuring Security Options

Here's how you can set up add-in security for users and user groups:

1. Navigate to Maintenance > Administration > User & Role Management.
2. Click the User or User Group tab.
3. Select User/User Group and then go to Security Options > Add-In Security.
   Note:

   You can access the Add-in Security option in two ways:

   1. Select the user/user group and click directly on the security options icon within the user group's Security column. (or)
   2. Select the user/user group and click the security options icon in the header.
4. Select the Add-In from the Excel Query or Offline Planning from the drop-down menu.
   
   
5. Select the users and user groups you wish to give access to from the Unmapped Users/User Groups left pane, then click the right arrow to add them to the Mapped Users/User Groups right pane. To unmap users or user groups, select them from the right mapped pane, then click the left arrow to add them to the left unmapped pane.
   
   
6. Click Save.
   
   

Note:

Navigation Access must be given to a user to enable access to the Administration items in the Consolidation Control Panel.

Note:

You can also find Consolidation Security under the Administration section in the Consolidation Control Panel. To configure security from the Consolidation Control Panel, click here.

Processes

You can assign security permission for the Process using the Processes tab. 

Perform the below steps to assign Processes security permissions to a user:

1. Navigate to Maintenance > Administration > User & Role Management.
2. Click the User tab.
3. Click Security Options and select Consolidation Security under Security Configurations.
   
   
4. Select a user from the User dropdown for which you want to assign security privileges.
   
   
5. Click the Processes tab.
6. Assign the selected user with access privileges by checking/unchecking the checkboxes.
   
   
7. Click Save.
   
   

Decentralized

Use the Decentralized tab to grant distributed users access to Consolidation activities. Upon entering the Decentralized page, the entity access tree is grayed out. Select the Decentralized Consolidation checkbox to enable the entity access tree.

Perform the below steps to assign decentralized security permissions:

1. Navigate to Maintenance > Administration > User & Role Management.
2. Click the User tab.
3. Click Security Options and select Consolidation Security under Security Configurations.
   
   
4. Select a user from the User dropdown for which you want to assign security privileges.
   
   
5. Click the Decentralized tab to grant distributed users access to consolidation activities.
6. Select the Decentralized Consolidation checkbox.
   
   
7. Once you’ve enabled the Entity Access Tree by selecting the Decentralized Consolidation checkbox, select the members you want the selected user to have access to. If you provide a user with access to a descendant but not its parent, the user will have access to the descendant and will have implied access to the parent member. This way, a tree can be created for the user to access only a portion of the Legal Entity/Company hierarchy.
8. Click Save.
   

Enable Preview Assigned to display the Security tree in read-only mode. This view is helpful for Security Administrators to view the assigned security details for a selected user.

Select Export All User Security to download the list of users along with the security permissions they hold.

Here's how you can set up Data Integration Security for a User or User Group:

1. Navigate to Maintenance > Administration > User & Role Management.
2. Click the User or User Group tab.
3. Select a user or user group you wish to give access to Data Integration Security and click the Security Options.
   Note:

   You can also select the security icon from the Security column next to the selected user.
4. Click Data Integration Security.
   Note:

   You can select the user or user group and proceed with the security settings from this screen as well.
5. Select one of the following options to assign to the user or user group from the Data Load Rules Access Settings section:
   
   • All rules (View & Load): This option is suitable for Super Users and Admins who have access to all functionality within the Data Integration module. Allows the user or user group to create new data load processes or update existing ones. Select one of the following options:
     • Create & Edit: The selected user or user group can create data load rules and will have edit privileges for all data load rules
     • Edit: The selected user or user group will only have edit privileges for all data load rules
   • Selected rules (View & Load): This option is suitable for regular users. Allows users or user groups to access restricted data load processes and corresponding translations
     • Selecting the Edit option under this section allows the users to edit only the mapped data load rules. The Unmapped and mapped data load rules information is displayed when selected (see Step 5, below)
     • Select the Unmapped ETL Processes and click the forward arrow to move the process to the Mapped ETL Processes pane, which provides the selected user or user group with access
       
   
   
   Note:

   ETL = Extract, Transform, and Load data from a database, as one process.
   4. Click Save. To set up or edit more users or user groups, select them from the User or User Group pull-down menu and repeat the appropriate above steps.

Important Notes on Data Integration Security

• Users without edit permission may still upload files, modify the grid on the Select Sample Input File page, and modify all Load Data page selections
• All functionality on the Data Load Rules page will be disabled for users without edit privileges. The Next button on the Select Sample Input File step takes the user to the Load Data step, bypassing all other pages and selections.
• For Web Services, users without edit privileges will have access to the Load Data page only
• For Actual Data Templates, there is a change in behavior, regardless of the option chosen
• Users without edit privileges may not change the scenario on the Load Data page
• Access to the Define Data Mapping page will be disabled. This impacts the option of performing a partial data load using the across-columns option. A user without edit access will not be able to map additional columns

To set the security configuration, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management.
2. Select the user for whom you want to configure Dimension Security and click the Security Options on the User page.
3. Click Dimension Security.
   
   Note:

   You can also find the Dimension Security option under Maintenance > Reports > Dimension Security.
   
   Before providing dimension security to a user, you must configure it on the Dimension Security Configuration tab.
   
   
4. Go to the Dimension Security Configuration tab.
5. Select the Copy Scenario Security to Report Security checkbox when you want to apply scenario security (defined on the Scenario Accesspage) to report security so that each user has access to view specific scenarios in the Reporting module.
   Note:

   By default, this option is not selected, which means that all the scenarios are displayed (available) to all the users irrespective of the Scenario Access in the Reporting module.
   
   
6. Select the reporting area to secure dimensions.
   • If you select the Sales reporting area, a checkbox appears. Select the Copy Sales Entity Security to Report Security checkbox to allow Planful to copy all sales entity security data to report security data
   • If you select the Financial reporting area, a checkbox appears. Select the Copy Budget Entity Security to Report Security checkbox to allow Planful to copy all budget entity security data to report security data
     
     
7. Select the dimensions you want to secure by clicking the Secure checkbox. This activates dimension security so that you can apply it to users on the Dimension Security Setup page.
   
   
8. Click Save.
   
   Once the security configuration is done, provide dimension security to the user on the Dimension Security Setup tab.
   
   
9. Go to Dimension Security Setup tab.
10. Select a Reporting Area to select associated dimensions.
    
    
11. Once dimensions are displayed, click the arrow next to the dimension to access its respective hierarchy.
    
    
12. Now, choose the necessary hierarchy for configuration.
    
    
13. Then, click Save.
    
    You can set up Dimension Security for other users by changing the User name and following the steps outlined above.

Export Option:

To export the dimension security data, follow the steps below:

1. Click the Export option.
2. Select Export All Users or Export Selected User
   • Export All Users - Export Dimension Security reports for all users
   • Export Selected User - Export the Dimension Security report for the currently selected users
3. Click OK and then click Continue.

Important Details:

• Dimension Security applied to attributes cannot be exported to the Dimension Security report
• You can download a report with a maximum size of 10MB
• You can download a report with a maximum of 100K rows

If you select the Export Selected User option, then the Dimension Security report is downloaded directly to your system. When you select the Export All Users option, a notification is displayed that the Dimension Security report has been submitted for processing. After the process is complete, a link to download the report is displayed. You can either click the link to download or you can view the report sent to your registered email address.

When you export the Dimension Security report, all leaf members are displayed in level-based format if:

• The user has access to a rollup member in the Dimension Hierarchy
• The Copy Scenario Security to Report Security and Copy Budget Entity Security to Report Security checkboxes are selected on the Dimension Security Configuration page

Users must have access to scenarios to perform budget input on a selected scenario entity. To assign scenario access to a user or user group, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management.
2. Click the User or User Group tab.
3. Select a user or user group you wish to give access to Scenario and click the Security Options.
   Note:

   You can also select the security icon from the Security column next to the selected user.
4. Click Scenario Access.
   Notes:

   • The administrators can manage scenario permissions for users at the user group level in addition to the individual user level. When you select any user group and update scenario permissions, all users within the user group get access to the selected scenarios.
   • If the Scenario access is inherited from user groups, click the User Group and select the respective user group from the drop-down
   • The admin user can switch between User or User Group on the Scenario Page
5. Select the scenarios you wish to give the user/user group access to. To provide the user/user group with access to all scenarios, click the All Scenario checkbox.
6. Click Save.
   
   To set up or edit more users or user groups, select them from the User/User Group drop-down menu and repeat 3 to 5 steps.

The following describes the ways in which Workforce Reporting security can be applied across various application features, to secure your reports and data.

Dimension and Scenario Security

Workforce Reporting inherits the Dimension Security applied to the Financial Reporting Area, for dimensions such as Company, Department, Project, etc.

Data is filtered according to user privileges for dimensions. You can also activate dimension security for each user by navigating to Maintenance > Report Administration > Dimension Security > Dimension Security Setup and assigning users to specific reporting areas.

You can also apply Dimension Security so that Scenario Security is honored in the Workforce Reporting Area by navigating to Maintenance > Report Administration > Dimension Security > Dimension Security Configuration and selecting Copy Scenario Security to Report Security.

Budget Entity Security

Data displayed in Workforce Reports is controlled using Budget Entity security, as configured via Maintenance > Administration > User & Role Management > Security Options (icon in the header) > Approval Role Setup page.

Template Access Security

HR data is displayed in Workforce Reports only if the user has access to Workforce Planning for a given budget entity. To provide Workforce Planning access for an employee:

1. Navigate to Maintenance > Workforce > Workforce Planning Setup. The Employees page appears.
2. Select the Budget Entity you want to provide access to.
3. Click Add and enter user information, and then click the Save icon.

Reports Security

You can provide security to users and user groups for Workforce Reports by navigating to Maintenance > Admin > User & Role Management > User, selecting a user from the list, then clicking Security Options (icon in the header) > Report Access.

Security Example

The following table lists example security settings for a user John Doe—approval role, scenario access, and so forth—with a navigation path to the page where the settings are located:

In this example, with these settings, Workforce Reporting security is honored for Dynamic Reports, for the given scenarios and budget entities, in the following ways:

For Budget Scenario:

• 1000-HQ-Exec —John Doe cannot access any employee data as the Approval Role on this Budget Entity does not have the HR Template mapped.
• 1000-HQ-MKTG —John Doe can access Salaries and Bonuses data for all employees for this Scenario and Budget entity combination. However, he cannot view Non-Cash Stock Compensations and Benefits for the employees.
• 1000-HQ-HR —John Doe cannot access any employee data as HR template mapping does not exist for this Scenario and Budget entity combination.

For Forecast Scenario :

• 1000-HQ-MKTG —John Doe cannot access any employee data, even though HR Template is mapped to the given Scenario and Budget Entity combination, because he does not have access to the Forecast scenario.