Managing User & Roles

To add a new user, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > User.
2. Click Add.
   
   
3. Enter a valid Email address; this will serve as the user's login ID.
   
   
4. Select a User Authentication Mode:
   1. Native — Log in to Planful using the Login page
   2. SSO Provider — Log in to Planful using Single Sign-On (Planful supports all providers who support the SAML 2.0 standard)
   3. Hybrid — Log in to Planful using the Login page, Single Sign-On, or both
5. Enter the user’s first and last name.
6. Select the user's Status: Active or Inactive. Users must be active to access Planful.
7. Assign a Navigation Role to the user. To learn more about the Navigation Role, click here.
8. Select Regular User or Reporting Administrator for the Reporting Role. A regular user does not have the same access and privileges as a reporting administrator.
   1. Report Administrator - Has Full Control of all artifacts, sub-folders and folders
   2. Regular User - Permissions available for Regular Users is dependent upon the security permissions assigned to the user at the artifact, folder, and sub folder level
9. Select Regular User or Admin User for the Task Manager Role.
10. Select Administrator, User, or Budget Manager for the Support Role. 
    1. Administrator: Selecting this role gives the user access to both the Full Experience and the Budget Manager Experience (BME). Also, when a support administrator clicks the Get Help icon, they can find all help and support-related resources under one header.
       
       
    2. User: Selecting this role causes the Budget Manager Experience checkbox to appear. Selecting this checkbox gives the user access to both the Full Experience and the BME. If the checkbox is not selected, the user can only access the Full Experience.
    3. Budget Manager: Selecting this role allows users to access only the Budget Manager Experience (BME). Within BME, the user can access only the artifacts (templates, reports, or dashboards) that finance teams share with them. The user will not have access to any other functions available in the Full Experience. For more information on the capabilities of a Budget Manager, click here.
       
       Note:

       The number of available Administrator roles is based on your Service Level Agreement (SLA).  
11. Select Yes if you are adding a Dynamic Planning user. The Dynamic Planning Role drop-down list will be displayed.
    • Select Power User or Contributor User or Reviewer User for the Dynamic Planning Role.
      Note:

      The Contributor and Reviewer user needs to be assigned to a user group in the Dynamic Planning application.
12. Additionally, configure the following settings to enable or disable specific user access and security features:
    1. Select Background Administrator to disable the user from logging into all Planful applications other than through Web Services. This is useful for a typical user account which is created to perform back-end tasks, such as DLR loads, Cloud Scheduler jobs, etc.
    2. Select Disable Password Expiration Check so that the normal password expiry policy is not applicable for this user. This is useful for a user account created to perform back-end tasks, such as Data Load Rule loads, Cloud Scheduler jobs, etc.
    3. Select Enable Two Step Verification to prompt users to select a method for receiving a verification code (SMS, email, or phone app) that they will use as part of their login process. This will enhance login security for the users. To learn about selecting a two-step verification method, click here.
       Note:

       Two-step verification is applicable only for login through the application web page, for both Native and SSO user accounts. It does not apply to login authentication via Excel Add-in, Offline Planning or web service requests.
    4. Select Enable Web Service Access to allow the user to import data from external sources into the application through Web Services.
    5. Select Enable Post Message to allow the user to post announcements.
13. Click Save.

You can download the list of users using the Export to Excel and Print option.

The exported data will closely resemble the information displayed on the User page, with slight variations. Both options include the following details:

• User Name & User Email    
• Security
• Status    
• Navigation Role    
• Reporting Role    
• User Type
• Authentication Mode    
• Support Role    
• Created Date    
• Created By    
• Modified Date    
• Modified By    
• Validation Status    
• Mapped Date    
• Expiry Date    
• Last Login Date

Export to Excel

To export the list of users in the application to Excel format, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > User.
2. Click Export as Excel.
   
3. Click Ok.
   The data is exported to an Excel sheet.

Print

This option allows you to print the user data list.

1. Navigate to Maintenance > Administration > User & Role Management > User.
2. When you click the Print option, you will see the entire user data in the sheet for printing
   

To edit a user information, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > User.
2. Select the user for whom you want to update details, and then click Edit.
   
   
3. Make the required changes on the Edit User page and then click Save.
   

Permissions and roles that can be copied:

• Approval Role
• Consolidation security 
• Data Integration Security
• Dimension security
• Report Access
• Scenario Access
• Navigation Role
• User Groups, whereby all user groups the source user belongs to will be copied to the target user
• Analytics Security

To copy user permission from a source user to a target user(s), follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > User.
2. Select the user whose permissions you want to use as the source user and click Copy Permissions.
   
3. On the Copy User Permissions page, select the target user from the User list and click Right Arrow to add them to the Target users list. You can add multiple users to the target list.
   
   Note:

   • Click Apply Filter to enable the search filter row.
   • To remove the user from the target list, select the user and click Left Arrow.
4. Once the target user(s) is added to the list, click Save.
   The source user’s permissions and roles are copied to the target user(s).

To send the reset password link for a user or group of users, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > User.
2. Select a user for whom you wish to reset the password and click Reset Password.
   
   
3. The Password Reset page appears. You can also select multiple users by clicking the checkboxes.
4. Click Send.
   The selected user(s) will receive the reset password link via mail at their registered email address.
   

To add a new user group, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > User Group.
2. Click Add.
   
3. Enter a descriptive name and code for the User Group.
   Note:

   The group code is unique and cannot be changed once you create the User Group.
   
4. Click the Add user name field to add users to this group. Start typing the user name or navigation role, and you can see the users appearing in the drop-down.
   
   Alternatively, click Browse users to search for all the users. The All Users pop-up will have the list of all users within the application. Select the users you want to add to the user group by clicking the checkbox associated with the user name. Use the search field to search by name or navigation role to find the required user. Click Add once you complete the selection.
   
   You will return to the Add User Group page where you can see the selected users for the group.
5. Click Add.
   

Now, you need to configure the security options for the user group. 

You can download the list of user groups (using Print and Export options) and the corresponding mapped users (Export Option).

The export options include:

Export as Excel

Using this option you can export the list of user groups and the corresponding mapped users.

1. Navigate to Maintenance > Administration > User & Role Management > User Group.
2. Click the Export option.
3. Click one of the following. 
   1. Export User Groups:When you export the list of user groups, the following information is available in the Excel sheet.
      • User Group Code
      • User Group Name
      • Created Date
      • Created By
      • Modified Date
      • Modified By
   2. Export Mapped Users:This option is used to export the list of users associated with all the user groups displayed in this tab in an Excel sheet. If a user is part of multiple user groups, then the user’s name will repeat in the respective user groups. You can also use the Export User Groups option to export the list of user groups displayed in the User Groups tab. When you export the list of mapped users, the following information is available in the Excel sheet related to each user:
      • User Group Code
      • User Group Name
      • User First Name
      • User Last Name
      • User Email ID
        
4. Click OK. 

Print

This option allows you to print the entire user group List.

The data will be identical to what is displayed on the User Group tab. To print, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > User Group.
2. When you click the print option, the following information is available in the sheet:

• User Group Code
• User Group Name
• Created Date
• Created By
• Modified Date
• Modified By

To edit the User Group, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > User Group.
2. Select the user group you wish to edit and click the edit icon. The Edit User Group appears.
3. Make the required changes and click Save. Edit the security options if required.
   Note:

   You cannot modify the group code.
   

To delete the user group, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > User Group.
2. Select the user group you wish to delete and click the delete icon.

The Status Indicators of security icons to assess the level of configurations for each user group. 

When you hover over the security options icon, you can interpret the status as follows: 

• No color: Indicates that no access has been configured
• Red: Indicates that the access has been configured for a few areas
• Green: Indicates that the access has been configured for all areas
  

Additionally, when you click the security options icon, you can determine the configuration status of each area by the associated indicators. There are two statuses: Configured and Not configured. A green checkmark indicates that the configuration is complete, while the red exclamation point indicates the areas are yet to be configured.

You can start configuring these settings by selecting the security options icon in two ways:

1. Navigate to Maintenance > Administration > User & Role Management > User Group.
2. Select the user group and click directly on the security options icon within the user group's Security column. (or)
   
   Select the user group and click the security options icon in the menu.
   
3. You can configure the following areas for user groups:
   • Add-In-Security - Setting up add-in security is important when using Planful Offline Planning, which is an Excel planning tool that allows you to download and perform budgeting tasks while not connected to the application. To learn more about Add-In-Security, click here.
   • Data Integration Security - Data integration security is comprised primarily of Data Load Rules. A Data Load Rule tells the system how to handle data values in the data source during a data load. To learn more about Data Integration Security, click here.
   • Report Access - To provide users and user groups with access to generated reports, each user or user group must be assigned access privileges. Any user with access to User & Role Management can update Report Access for a user, user group, or artifact. To learn more, click here.
   • Scenario Access - To provide users and user groups access to a scenario, each user or user group must be assigned access privileges. To learn more about Scenario Access, click here.
   • Workforce Reporting Security - Workforce Reporting enables structured, ad hoc analysis of workforce planning dimensions and measures. Workforce Reporting is integrated into the application as a Reporting Area, allowing you to report on employee-specific compensation and other financial dimensions. To learn more about Workforce Reporting Access, click here.

To create a new Navigation Role, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > Navigation Role.
2. Click Add.
   
3. Enter a code and name for the navigation role.
   
4. Click Save.
   
   

Refer to the Navigation Access section below to understand how to assign Navigation Access to a Navigation Role. Once assigned, you can link the Navigation Role to a user during the process of adding or editing the user.

The admin user can assign the Navigation Access to a specific Navigation Role. To assign the Navigation Access, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > Navigation Role.
2. Select the specific Navigation Role to which you want to assign Navigation Access and click Navigation Access.
   
3. Use the hierarchy structure to expand and collapse navigation options. Click the checkbox next to the navigation option to allow access to the path.
   
4. Click Save.
   Note:

   You can select different Navigation Role from the drop-down list, and assign Navigation Access.

This option is used to filter the Navigation Role from the list.

1. Click Apply Filter.
   
   A search filter row appears.
   
2. Enter your search keyword in any of the search filter columns. The system will filter and display the data that matches your specified criteria.
   
   Note:

   Click Clear Filter to hide the search filter option.
   
   

Export to Excel:

The Export option for the Navigation Role area helps the administrators to export the summary report and the detailed navigation report.

To export the summary report and the detailed navigation report, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > Navigation Role.
2. Click the Export to Excel icon.
   
3. From the drop-down click Download Summary Report or Download Detailed Report. 
   • Download Summary Report: The summary report provides a condensed view of navigation roles. This report includes the list of navigation roles, including role code, name, creation and modification details, and whether they are predefined or custom-created. 
   • Download Detailed Report: The detailed report offers comprehensive navigation role information and access details for different users, highlighting specific permissions and access levels with Yes or No indicators.
4. Click OK.

Print:

This option allows you to print the Navigation role list.

1. Navigate to Maintenance > Administration > User & Role Management > Navigation Role.
2. When you click the Print option, you will see the entire navigation role list in the sheet for printing.

This option allows to create a new Approval Role. 

To create a new Approval Role, follow the steps below:

1. Navigate to Maintenance > Administration > User & Role Management > Approval Role.
2. Click Add.
   
3. Enter a Code and Name (optional) for the Approval Role.
4. Select the required Approval Actions for the new Approval Role from the drop-down to access entity actions.
   
   The list of approval actions is explained below:
   • Forward: This option allows you to forward the budget entities that contain budgets for approval. You can forward budgets when the current status of the budget entity is In Progress. Forwarded budgets are locked to ensure that they are not editable
   • Approve: This option allows you to approve forwarded budgets
   • Final Approve: This option allows you to flag all budgets with a Final Approval status. Final-approved budgets are locked and cannot be edited by users or administrators
   • Workflow History: This option allows you to view the complete workflow history of a budget which includes the action, action date, user name, and comment
     Note:

     The selected Approval Actions appear in the Entity Workflow section (Actions menu on the right pane) of the Planning Control Panel only when the approval role is assigned to the user. To view the Entity Workflow actions, select either a roll-up or leaf-level entity.

     
5. Select the required template actions from the Operating Budget Template Actions section for all the required templates for the approval role.
   Note:

   The availability of the template actions depends on whether the Workflow Setup is enabled or disabled in your application.

   • If the Workflow setup is enabled, you can see All, Input, View, Forward, and Approve
     
   • If the workflow setup is not enabled, you can see All, Input, View, and Mark Complete
   The list of budget template actions is explained below:
   • All: Allow the approval role to perform all template actions
   • Input: Allow the approval role to open budget templates in Input mode and to enter data
   • View: Allow the approval role to open budget templates in Read Only mode
   • Forward: Allow users to forward a template for approval once they input all the required information 
   • Approve: To allow the approval role to access the Approve action in the Planning Control Panel and approve forwarded budgets 
   • Mark Complete: Allow the approval role to mark templates Complete. Once a template is complete, it cannot be opened in Input mode until marked Not Complete
     Note:

     The above actions can be performed only when you select the leaf-level entity under the roll-up on the Planning Control Plan page.
     
     Note

     When you add templates to a budget model, update security roles to provide the appropriate access privileges.
6. Select the required Initiative Approval Actions to allow budget users to perform workflow actions on Initiative budgets.
   
   The list of initiative approval actions is explained below:
   • All: Allow the approval role to perform all initiative template actions
   • Forward: Allow the approval role to forward selected initiatives
   • Send Back: Allow the approval role to send back forwarded initiatives
   • Approve: Allow the approval role to approve initiatives
   • Reset: Allow the approval role to reset initiatives to a status of Work in Progress. All initiatives can be reset even if they are approved
7. Click Save.

This option is used to filter the approval role.

1. Navigate to Maintenance > Administration > User & Role Management > Approval Role.
2. Click Apply Filter to make the search filter row visible.
   A search filter row appears.
3. Enter your search keyword in any of the search filter columns. The system will filter and display the data that matches your specified criteria.
   

Note:

Click Clear Filter to hide the search filter option.

You can download the list of approval roles data using the Export to Excel and Print option. The exported data will be identical to what is displayed on the Approval Role page and both options include the following details:

• Approval Role Code
• Approval Role
• Created Date
• Created By
• Modified Date
• Modified By

Export to Excel

This option allows you to export the list of approval roles created in the Excel format.

1. Navigate to Maintenance > Administration > User & Role Management > Approval Role.
2. Click Export to Excel.
   
3. Click Ok. The data is exported to an Excel sheet.

Print

This option allows you to print the list of approval roles.

• When you click the Print option, you will see the entire approval data in the sheet for printing.