- 5 Minutes to read
- Print
- DarkLight
- PDF
Security
- 5 Minutes to read
- Print
- DarkLight
- PDF
Access the Security task in the Consolidation Control Panel to set up security for Centralized and Decentralized users. A centralized user has access to all company members in a scenario. A decentralized user has access to specific dimension members only. The Company/Legal Entity Member Selector distinguishes between Centralized and Decentralized Consolidations. If you are the root member (the top member in the hierarchy), you are interacting as a Centralized user managing the Consolidation Process. If you have been provided specific member access within the hierarchy and you select a Company from the member selector, then you are interacting in Decentralized mode. This means that the modules available may be restricted and you may have limited access to Company intersections for modifying data.
To access Consolidation Security, navigate to Consolidation Control Panel > Administration > Security.
Below are the functionalities available in the Security option:
Select a user to whom you want to assign security permissions from the User dropdown.
Processes
You can assign security permission for the Process using the Processes tab.
Description of fields on the Process table
Process | |||||||||
---|---|---|---|---|---|---|---|---|---|
Action | Standard Journal | Recurring Journal | Dynamic Journal | Non Controlling Interest | Reclass | Eliminations | Actual Data Load | Validations
| Consolidation Process |
Full | Enables all entry and approval actions. Active/Inactive is not applicable. | Enables user to manage all Recurring Journals and post/process. | Enables user to manage all Dynamic Journals and active/inactive applies. | Enables user to manage all non controlling interest and active / inactive applies. | Enables user to manage all reclasses and post/process. | Enables user to manage all Eliminations, clear /unpost, and post/process. | Provides user with ability to load data using Actual Data Load templates in Decentralized mode. User can perform template input and all privileges associated with Actual Data Load. | Enables user to manage all Validations, clear/unpost, post/process, and active /inactive applies.
| Allows user to run the Consolidation Process. |
Manage | Allows user to access Standard Journals, add new journals, and edit journals. . | Allows user to access Recurring Journals, add new journals, and edit journals. | Allows user to access Dynamic Journals, add new journals, and edit journals. | Allows user to access Non Controlling Interest, add new rules, and edit rules. . | Allows user to access Reclasses, add, and edit. | Allows user to access Elims, add, and edit. | Not Applicable. | Allows user to access Validations, add and edit. | Not Applicable. |
Forward | Submit an entry for review. Select a journal entry that is in process and click Forward to move the entry to Pending Review. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. |
Send Back | Return a journal entry to an In Process status to make required changes. This option is only available when the journal is in the Pending Review or Approved statuses. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. |
In Process | A journal entry that has not in a forwarded state. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. |
Approve | Approve a journal entry that is Pending Review, which confirms the entry for posting. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. |
Post / Process | Post the entry to the application. Once posted, a message indicates whether the post was successful or not. | Post the entry to the application. Once posted, a message indicates whether the post was successful or not. You can give a user the ability to post a journal without having full control. | Not Applicable. | Not Applicable. | Post the reclassification to the application. Once posted, a message indicates whether the post was successful or not. | Post the Elimination to the application. Once posted a message indicates whether the post was successful or not. | Not Applicable. | Post the Validation to the application. Once posted a message indicates whether the post was successful or not | Automatically enabled when Full is selected. Entries will post during Consolidation. |
Reject | Refuse a journal entry. To re-use a rejected journal, create a copy of it (which will return the entry to the In Process status) with a new name. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. |
Unpost / Clear Data | Current period or prior period journals can be unposted. This action removes the original posted entry from the system. | Not Applicable. | Not Applicable. | Not Applicable. | Not Applicable. | Current period or prior period Eliminations can be unposted. This action removes the original posting from the system. | Not Applicable. | Current period or prior period Validations can be unposted. This action removes the original posting from the system. | Not Applicable. |
Active / Inactive | Not Applicable. | Not Applicable. | The journal entries that are valid for the period in which they are defined when created. | The non controlling interest that are valid for the period in which they are defined when created. | Not Applicable. | Not Applicable. | Not Applicable. | The Validations that are valid for the period in which they are defined when created. | Not Applicable. |
It is important to note that entry and approval actions that users don't have access to will display in the actions pane, however, these users will not be able to perform the displayed actions. When an action a user doesn't have access to is selected by that user, a message will display indicating so.
Perform the below steps to assign security permissions to a user:
- Select a user from the User dropdown for which you want to assign security privileges.
- Click the Processes tab.
- Assign the selected user with access privileges by checking/unchecking the checkboxes.
- Click Save.
Decentralized
Use the Decentralized tab to grant distributed users access to Consolidation activities. Upon entering the Decentralized page, the entity access tree is grayed out. Select the Decentralized Consolidation checkbox to enable the entity access tree.
Perform the below steps to assign decentralized security permissions:
- Click the Decentralized tab to grant distributed users access to consolidation activities.
- Select a user from the User dropdown for which you want to assign security privileges.
- Select the Decentralized Consolidation checkbox.
- Once you’ve enabled the Entity Access Tree by selecting the Decentralized Consolidation checkbox, select the members you want the selected user to have access to. If you provide a user with access to a descendant but not its parent, the user will have access to the descendant and will have implied access to the parent member. This way, a tree can be created for the user to access only a portion of the Legal Entity/Company hierarchy.
- Click Save.
Preview Assigned
Enable Preview Assigned to display the Security tree in read-only mode. This view is helpful for Security Administrators to view the assigned security details for a selected user.
Export All User Security
Select Export All User Security to download the list of users along with the security permissions they hold.
Related Articles: