User & Role Management

To add a new user, follow the steps below:

1. Click Add.
   
   
2. Enter a valid Email address; this will serve as the user's login ID.
   
   
3. Select a User Authentication Mode:
   • Native — Log in to Planful using the Login page.
   • SSO Provider — Log in to Planful using Single Sign-On (Planful supports all providers who support the SAML 2.0 standard).
   • Hybrid — Log in to Planful using the Login page, Single Sign-On, or both.
4. Enter the user’s first and last name.
5. Select the user's Status: Active or Inactive. Users must be active to access Planful.
6. Assign a Navigation Role to the user. To learn more about the Navigation Role, click here.
7. Select Regular User or Reporting Administrator for the Reporting Role. A regular user does not have the same access and privileges as a reporting administrator.
   • Report Administrator - Has Full Control of all artifacts, sub-folders, and folders.
   • Regular User - Permissions available for Regular Users are dependent upon the security permissions assigned to the user at the artifact, folder, and sub-folder level.
8. Select Regular User or Admin User for the Task Manager Role.
9. Select Administrator, User, or Budget Manager for the Support Role. 
   1. Administrator: Selecting this role gives the user access to both the Full Experience and the Budget Manager Experience (BME). Also, when a support administrator clicks the Get Help icon, they can find all help and support-related resources under one header.
      
      
   2. User: Selecting this role causes the Budget Manager Experience checkbox to appear. Selecting this checkbox gives the user access to both the Full Experience and the BME. If the checkbox is not selected, the user can only access the Full Experience. Also, when a support user clicks the Get Help icon, they can find all help and support-related resources under one header.
      
      
   3. Budget Manager: Selecting this role allows users to access only the Budget Manager Experience (BME). Within BME, the user can access only the artifacts (templates, reports, or dashboards) that finance teams share with them. The user will not have access to any other functions available in the Full Experience. For more information on the capabilities of a Budget Manager, click here.
10. If you select the Budget Manager role, the user can access only the artifacts (templates or reports) that finance teams share with them. The user will not have access to any other functions of the application. For more information on the capabilities of a Budget Manager, click here.
    Note:

    The number of available Administrator roles is based on your Service Level Agreement (SLA).  
11. Select Yes if you are adding a Dynamic Planning user. The Dynamic Planning Role drop-down list will be displayed.
12. Select Power User or Contributor User or Reviewer User for the Dynamic Planning Role.
    Note:

    The Contributor and Reviewer user needs to be assigned to a user group in the Dynamic Planning application.
13. Support ID is read-only field updated based on your system setup.
14. Select Background Administrator to disable the user from logging into all Planful applications other than through Web Services. This is useful for a typical user account which is created to perform back-end tasks, such as DLR loads, Cloud Scheduler jobs, etc.
15. Select Disable Password Expiration Check so that the normal password expiry policy is not applicable for this user. This is useful for a user account created to perform back-end tasks, such as Data Load Rule loads, Cloud Scheduler jobs, etc.
16. Select Enable Two Step Verificationto prompt users to select a method for receiving a verification code (SMS, email, or phone app) that they will use as part of their login process. This will enhance login security for the users. To learn about selecting a two-step verification method, click here.
    Note:

    Two-step verification is applicable only for login through the application web page, for both Native and SSO user accounts. It does not apply to login authentication via thick clients (Excel Add-in, Offline Planning ) or web service requests.
17. Select Enable Web Service Access to enable web services access for the user to define security access for importing data from an external source into the Planful application through Web Services.
18. Click Save.

You can download the list of users using the Export to Excel and Print option.

The exported data will closely resemble the information displayed on the User page, with slight variations. Both options include the following details:

• User Name & User Email    
• Security
• Status    
• Navigation Role    
• Reporting Role    
• User Type
• Authentication Mode    
• Support Role    
• Created Date    
• Created By    
• Modified Date    
• Modified By    
• Validation Status    
• Mapped Date    
• Expiry Date    
• Last Login Date

Export to Excel

This option allows you to export the user data list in the Excel format.

1. Click Export as Excel.
   
2. Click Ok.
   The data is exported to an Excel sheet.

Print

This option allows you to print the user data list.

• When you click the Print option, you will see the entire user data in the sheet for printing.
  

To edit a user information, follow the steps below:

1. Select the user for whom you want to update details, and then click Edit.
   
2. Make the required changes on the Edit User page and then click Save.
   

You can copy an existing (i.e., source) user, along with all associated permissions and roles, to a target user. This is an easy way to give a new user the same permissions as an existing user.

Permissions and roles that can be copied:

• Approval Role
• Consolidation security 
• Data Integration Security
• Dimension security
• Report Access
• Scenario Access
• Navigation Role
• User Groups, whereby all user groups the source user belongs to will be copied to the target user
• Analytics Security

To copy user permission from a source user to a target user(s), follow the steps below:

1. Select the user whose permissions you want to use as the source user and click Copy Permissions.
   
2. On the Copy User Permissions page, select the target user from the User list and click Right Arrow to add them to the Target users list. You can add multiple users to the target list.
   
   Note:

   • Click Apply Filter to enable the search filter row.
   • To remove the user from the target list, select the user and click Left Arrow.
3. Once the target user(s) is added to the list, click Save.
   The source user’s permissions and roles are copied to the target user(s).

This option is used to delete the user.

1. Select the user you wish to delete and click the Delete icon.
   
2. Click Delete

User Setup Required by Module

The table below provides information on user security related tasks available from the User Management page and the module they are related to. These tasks are to be completed for regular and admin users based on module. Other user security setup is required within the module itself. For example, in Consolidation there is a Security page.

To learn more about the security configuration, refer to Security Configuration. 

Lock User

To prevent a user from signing on to Planful follow the steps below:

1. Select a user you wish to lock and click the Security Options.
2. Select the Lock User checkbox and click OK.
   Note:

   • To unlock, select the user, uncheck the Lock User box, and click OK.

To reset the password for a user or group of users, follow the steps below:

1. Select a user for whom you wish to reset the password and click Reset Password.
   
2. The Password Reset page appears. You can also select multiple users by clicking the checkboxes.
3. Click Send.
   
   The selected user(s) will receive the reset password link via mail at their registered email address.

This option allows you to add a new user group.

To add a new user group, do the following:

1. Click Add.
   
2. Enter a code and descriptive name for the user group.
   Note:

   The group code is unique and cannot be changed once you create the user group.
   
3. Click the Add user name field to add users to this group. Start typing the user name or navigation role, and you can see the users appearing in the drop-down.
   
4. Click Browse users to search further for all the users. The All Users pop-up will have the list of all users within the application.
5. Select the users you want to add to the user group by clicking the checkbox associated with the user name. Use the search field to search by name or navigation role to find the required user.
   
6. Click OK once you complete the selection. You will be back on the Add User Group page and you can see the selected users for the group.
   
7. Click Add and you are done.

Now, you need to configure the security options for the user group. 

You can download the list of user groups (using Print and Export options) and the corresponding mapped users (Export Option).

The export options include:

This option is used to edit the user group.

1. Select the user group you wish to edit and click the edit icon. The Edit User Group appears.
2. Make the required changes and click Save. Edit the security options if required.
   Note:

   You cannot modify the group code.
   

This option is used to delete the user group.

Select the user group you wish to delete and click the delete icon.

Security Options refer to settings or configurations that control access, permissions, and security-related aspects for users within those groups.

First, let's understand the Status Indicators of security icons to assess the level of configurations for each user group. 

When you hover over the security options icon, you can interpret the status as follows: 

• No color: Indicates that no access has been configured.
• Yellow: Indicates that the access has been configured for a few areas.
• Green: Indicates that the access has been configured for all areas.

Additionally, when you click the security options icon, you can determine the configuration status of each area by the associated indicators. There are two statuses: Configured and Not configured. A green checkmark indicates that the configuration is complete, while the other indicator suggests that other areas are yet to be configured.

You can start configuring these settings by selecting the security options icon in two ways:

1. Select the user group and click directly on the security options icon within the user group's Security column.
   
2. Select the user group and click the security options icon in the header.
   

You can configure the following areas for user groups:

• Add-In-Security - Setting up add-in security is important when using Planful Offline Planning, which is an Excel planning tool that allows you to download and perform budgeting tasks while not connected to the application. To learn more about Add-In-Security, click here.
• Data Integration Security - Data integration security is comprised primarily of Data Load Rules. A Data Load Rule tells the system how to handle data values in the data source during a data load. To learn more about Data Integration Security, click here.
• Report Access - To provide users and user groups with access to generated reports, each user or user group must be assigned access privileges. Any user with access to User & Role Management can update Report Access for a user, user group, or artifact. To learn more, click here.
• Scenario Access - To provide users and user groups access to a scenario, each user or user group must be assigned access privileges. To learn more about Scenario Access, click here.
• Workforce Reporting Security - Workforce Reporting enables structured, ad hoc analysis of workforce planning dimensions and measures. Workforce Reporting is integrated into the application as a Reporting Area, allowing you to report on employee-specific compensation and other financial dimensions. To learn more about Workforce Reporting Access, click here.

To create a new navigation role, follow the steps below:

1. Click Add.
   
2. Enter a code and name for the navigation role. 
3. Click Save.
   

Refer to the Navigation Access section below to understand how to assign navigation access to a navigation role. Once assigned, you can link the navigation role to a user during the process of adding or editing the user.

To learn more about adding/editing a user, click here.

To edit the navigation role, follow the steps below:

1. Select the navigation role from the list and click the Edit icon. 
2. Make the required changes on the Edit Navigation Role page and then click Save.

To delete a Navigation Role, follow the steps below:

1. Select the navigation role you wish to delete and click the Delete icon.
2. Click Delete.

The admin user can assign the Navigation Access to a specific Navigation Role. To assign the Navigation Access, follow the steps below:

1. Select the specific Navigation Role to which you want to assign Navigation Access and click Navigation Access. 
2. Use the hierarchy structure to expand and collapse navigation options. Click the checkbox next to the navigation option to allow access to the path. 
3. Click Save.
   Note:

   You can select different Navigation Role from the drop-down list, and assign Navigation Access.

This option is used to filter the navigation role from the list.

1. Click Apply Filter.
   A search filter row appears. 
2. Enter your search keyword in any of the search filter columns. The system will filter and display the data that matches your specified criteria. Note: Click Clear Filter to hide the search filter option.
   Note:

   Click Clear Filter to hide the search filter option.

Export to Excel:

The Export option for the Navigation Role area helps the administrators to export the summary report and the detailed navigation report.

To export the summary report and the detailed navigation report, follow the steps below:

1. Click the Export to Excel icon. 
2. From the drop-down click Download Summary Report or Download Detailed Report. 
   • Download Summary Report: The summary report provides a condensed view of navigation roles. This report includes the list of navigation roles, including role code, name, creation and modification details, and whether they are predefined or custom-created. 
   • Download Detailed Report: The detailed report offers comprehensive navigation role information and access details for different users, highlighting specific permissions and access levels with Yes or No indicators.
3. Click OK.

Print:

This option allows you to print the Navigation role list.

• When you click the Print option, you will see the entire navigation role list in the sheet for printing.

This option allows to create a new approval role. 

To create a new approval role, follow the steps below:

1. Click Add.
   
2. Enter a Code and Name (optional) for the approval role.
3. Select the required Approval Actions for the new approval role from the drop-down to access entity actions.
   
   The list of approval actions is explained below:
   • Forward: This option allows you to forward the budget entities that contain budgets for approval. You can forward budgets when the current status of the budget entity is In Progress. Forwarded budgets are locked to ensure that they are not editable.
   • Approve: This option allows you to approve forwarded budgets.
   • Final Approve: This option allows you to flag all budgets with a Final Approval status. Final-approved budgets are locked and cannot be edited by users or administrators.
   • Workflow History:This option allows you to view the complete workflow history of a budget which includes the action, action date, user name, and comment.
     Note:

     The above options appear on the planning control panel only when you select these for an approval role and assign that approval role to a user. These options appear on the right side of the planning control panel on selecting either roll-up or leaf-level entity.

     
4. Select the required template actions from the Operating Budget Template Actionssection for all the required templates for the approval role.
   Note:

   The availability of the template actions depends on whether the Workflow Setupis enabled or disabled in your application.

   • If the Workflow setup is enabled, you can see All, Input, View, Forward, and Approve.
     
   • If the workflow setup is not enabled, you can see All, Input, View, and Mark Complete. 
   The list of budget template actions is explained below:
   • All—Allow the approval role to perform all template actions.
   • Input—Allow the approval role to open budget templates in Input mode and to enter data.
   • View—Allow the approval role to open budget templates in Read Only mode.
   • Forward— To allow the approval role to access the Forward action in the Planning Control Panel and forward the budget entities comprising budgets for approval. You can forward budgets when the current status of the budget entity is In Progress. Forwarded budgets are locked to ensure that they are not editable. 
   • Approve— To allow the approval role to access the Approve action in the Planning Control Panel and approve forwarded budgets. 
   • Mark Complete—Allow the approval role to mark templates Complete. Once a template is complete, it cannot be opened in Input mode until marked Not Complete.
     Note:

     The above actions can be performed only when you select the leaf-level entity under the roll-up on the Planning Control Plan page.
     
     Note

     When you add templates to a budget model, update security roles to provide the appropriate access privileges.
5. Select the required Initiative Approval Actions to allow budget users to perform workflow actions on Initiative budgets.
   The list of initiative approval actions is explained below:
   • All—Allow the approval role to perform all initiative template actions.
   • Forward—Allow the approval role to forward selected initiatives.
   • Send Back—Allow the approval role to send back forwarded initiatives.
   • Approve—Allow the approval role to approve initiatives.
   • Reset—Allow the approval role to reset initiatives to a status of Work in Progress. All initiatives can be reset even if they are approved. 
6. Click Save.

This option is used to edit the approval role.

1. Select the required Approval Role and click Edit.
   
2. Make the required changes on the Edit Approval Page and then click Save.
   

This option is used to delete the approval role.

Select the required approval role you wish to delete and click Delete.

This option is used to filter the approval role.

1. Click Apply Filter.
   A search filter row appears.
2. Enter your search keyword in any of the search filter columns. The system will filter and display the data that matches your specified criteria.
   

Note:

Click Clear Filter to hide the search filter option.

You can download the list of approval roles data using the Export to Excel and Print option. The exported data will be identical to what is displayed on the Approval Role page and both options include the following details:

• Approval Role Code
• Approval Role
• Created Date
• Created By
• Modified Date
• Modified By

Export to Excel

This option allows you to export the list of approval roles created in the Excel format.

1. Click Export to Excel.
   
2. Click Ok. The data is exported to an Excel sheet.

Print

This option allows you to print the list of approval roles.

• When you click the Print option, you will see the entire approval data in the sheet for printing.