Managing User & Roles

The User & Role Management page allows administrators to create users and user groups, assign approval roles, and manage access permissions. This section empowers administrators to seamlessly control roles and permissions, ensuring that users only have access to the areas of the application necessary for their roles, thus maintaining security and operational efficiency.

Key Features for Administrators:

1. Add Users: This tab allows administrators to add new users to the system.
2. Create User Groups: This tab allows administrators to group users for easier management and role assignments.
3. Configure Security: The Security options in both the User and User Group tabs enable administrators to set and manage security configurations, ensuring that access to sensitive areas is restricted appropriately.
4. Assign Approval Roles: The Approval Role Setup allows administrators to assign specific approval roles, tailoring permissions based on user responsibilities.
5. Define Navigation Roles: The Navigation Role tab enables administrators to create and assign navigation roles, controlling which areas of the application users can access.
6. Model Permissions: This tab allows power users to map/unmap the model permissions and update the security permissions to the dimension members.

Navigate to Maintenance > Administration > User & Role Management.

Now, let's explore all the options available on User & Role Management.

User

The User tab displays all users and provides functionality to add, edit, delete, and copy user permissions, providing access to application pages and other user actions. It also ensures data security and maintains Planful users.

Admin users will have access to add and maintain Planful users and provide access to application pages and data security for those users.

Add

Adding a new user is essential for managing access and permissions, ensuring users have the right roles and security settings for their tasks.

In addition, the users can be added by using APIs and Data Load Rules (DLR). To learn more about loading users to Planful, click here.

Export Options

Exporting user data can be done using two methods: Export to Excel and Print. These options allow you to easily download or print a comprehensive list of user details.

Edit

Use the edit option to update user roles and properties when there are changes in job responsibilities or access needs.

Copy Permissions

The admin can copy an existing (i.e., source) user and all associated permissions and roles to a target user. This is an easy way to give a new user the same permissions as an existing user.

Delete

Use the delete option to remove a user's access to the application. 

Security Configurations

User Setup Required by Module

The table below provides information on user security related tasks available from the User & Role Management page and the module they are related to. These tasks are to be completed for regular and admin users based on the module. Other user security setup is required within the module itself. For example, in Consolidation there is a Security page.

To learn more about the security configuration, refer to Security Configuration. 

Reset Password

Administrators can send a password reset link to the user's registered email address.

User Group

The User Group tab is used to add and edit groups of categorized users. If you need to provide a group of users with the same access privileges, it is easier to create a user group and assign group privileges rather than assign privileges to each user one by one.

Add

The add option lets administrators add groups of users, making it easier to assign the same access privileges to multiple users at once by managing them collectively.

Export Options

Exporting user group data can be done using two methods: Export to Excel and Print. These options allow you to download or print a comprehensive list of user groups easily.

Edit

Using the edit option, the administrator can modify existing user groups by adding or removing users as needed. This ensures user groups reflect current roles, responsibilities, or organizational changes.

Delete

Administrators can delete the user group when it is no longer needed.

Security Options

Security options refer to settings or configurations that control access, permissions, and security-related aspects for users within those groups. You can configure the following areas for user groups:

• Add-In-Security - Setting up add-in security is important when using Planful Offline Planning, which is an Excel planning tool that allows you to download and perform budgeting tasks while not connected to the application. To learn more about Add-In-Security, click here.
• Data Integration Security - Data integration security is comprised primarily of Data Load Rules. A Data Load Rule tells the system how to handle data values in the data source during a data load. To learn more about Data Integration Security, click here.
• Report Access - To provide users and user groups with access to generated reports, each user or user group must be assigned access privileges. Any user with access to User & Role Management can update Report Access for a user, user group, or artifact. To learn more, click here.
• Scenario Access - To provide users and user groups access to a scenario, each user or user group must be assigned access privileges. To learn more about Scenario Access, click here.
• Workforce Reporting Security - Workforce Reporting enables structured, ad hoc analysis of workforce planning dimensions and measures. Workforce Reporting is integrated into the application as a Reporting Area, allowing you to report on employee-specific compensation and other financial dimensions. To learn more about Workforce Reporting Access, click here.

Navigation Role

Navigation roles in the Planful application determine the specific navigation paths that grant users access to certain pages and their associated functionalities. By assigning navigation roles, the application ensures that users have appropriate access levels and enhances the overall user experience.

The admin user can create a Navigation Role and assign Navigation Access to a specific Navigation Role. Then the Navigation Role can be assigned to users. This ensures users can only access the designated paths based on their assigned roles.

Navigation: Maintenance > Administration > User & Role Management > Navigation Role

Add

A Navigation Role defines a unique role that helps customize user access within the system.

Edit

Use the Edit option to make the changes to the existing Navigation Role.

Delete

Use the Delete option to permanently delete the Navigation Role.

Navigation Access

Administrators can assign specific navigation paths to designated roles to manage user access within the application. This ensures that users within those roles can access only the appropriate sections of the system.

Apply Filter

Use the filter option to narrow the list to match your search criteria. This option is used to filter the Navigation Role from the list.

1. Click Apply Filter. A search filter row appears.
   
2. Enter your search keyword in any of the search filter columns. The system will filter and display the data that matches your specified criteria.
   
   Note:

   Click Clear Filter to hide the search filter option.

Export Options

The Export option for the Navigation Role area helps the administrators export the summary and detailed navigation reports.

Approval Role

The Approval Role tab is used to create and configure roles with specific actions for users. Approval roles specify the actions that users can perform during the budgeting process.

For example, you can assign a budget manager with an approval role to approve certain budgets. Approval roles can have varying levels of user responsibility for budget entities. For example, a user has access to two entities (A and B), but has HR responsibility for entity B only. You can then restrict the user to view only specific data based on HR access for the approval role assigned to the entity.

Example of a Typical Approval Role Configuration

The following shows a typical Approval Role setup for a Budget Administrator and a Regular Budget User.

Business Value:

You can create approval roles for users to ensure clarity, alignment, and accountability within an organization and improve the regular functioning of the business.

The grid displays the following information:

• Approval Role Code: Displays the unique code to identify an approval role
• Approval Role Name: Shows the name by which you can identify an approval role
• Created Date: Indicates displays the date and time when an approval role was created
• Created By: Displays the user’s name who created the approval role
• Modified Date: Indicates the date and time when an existing approval role was last modified
• Modified By: Displays the user’s name who had made the last changes to an existing approval role

Add

To define approval actions for users, administrators can create new Approval Roles, ensuring users have the appropriate access to entity and template workflows.

Edit

This option is used to edit the approval role.

Delete

This option is used to delete the approval role.

Apply Filter

Use the filter option to narrow the list to match your search criteria. 

1. Click Apply Filter to make the search filter row visible. A search filter row appears. 
   
2. Enter your search keyword in any of the search filter columns. The system will filter and display the data that matches your specified criteria.
   

Note:

Click Clear Filter to hide the search filter option.

Export Options

The Export options for the Approval Role help the administrator export the list of approval roles.

Model Permissions

The Model Permissions tab displays the list of existing Model Permissions and allows the power user to map/unmap user groups to the model. Additionally, the power user can secure specific dimension members, ensuring that user groups cannot access those members.

The Model Permissions page displays a list of models along with their details, such as dimensions and associated user groups. There are three types of models available:

• Analytical Models
• Direct Access to PCR (DAP) Models 
• External Source Models (ESM) Models
  

Power users can grant access to user groups for different models, including their respective dimensions and members. 

You can review permissions for a model and its user group(s) by selecting the model in the Select Model drop-down within the Preview Permissions link.

To learn How to Define User Permissions for a Model, click here. 

Related Articles

• Approval Role Setup
• Offline planning