User Security
  • 17 Minutes to read
  • Dark
    Light
  • PDF

User Security

  • Dark
    Light
  • PDF

Article summary

User Roles

There are three user roles available in Dynamic Planning. The tables below provide information on the tasks and subtasks available to each user role:

Power Users

Dynamic Planning FunctionalitySpotlightXL (Excel Add-In)Spotlight (Web front end)
AnalyzeXX
DataXX
Design ViewXX
Design ReportX 
Design Excel ReportX 
Design Word ReportX 
Design PowerPoint ReportX 
ReportXX
RunXX
DesignX 
Excel ReportX 
Model + All SubtasksXX
Manage + All SubtasksX 

Contributor Users

Dynamic Planning FunctionalitySpotlightXL (Excel Add-In)Spotlight (Web front end)
AnalyzeXX
DataXX
Design ViewXX
Design ReportX 
Design Excel ReportX 
Design Word ReportX 
Design PowerPoint ReportX 
ReportXX
RunXX
DesignX 
Excel ReportX 
Model + All SubtasksXX
Manage + All Subtasks  

Reviewer Users

Dynamic Planning FunctionalitySpotlightXL (Excel Add-In)Spotlight (Web front end)
AnalyzeXX
DataXX
Design ViewXX
Design Report  
Design Excel Report  
Design Word Report  
Design PowerPoint Report  
ReportXX
RunXX
Design  
Excel ReportX 
Model + All Subtasks  
Manage + All Subtasks  


When logged in, users can access information such as their role, group assignments, the currently used application, and the product version from the "Info" menu item.

User Role Permissions, Access, and Security

Permissions and SecurityPower UserContributor UserReviewer User
Model Access
  • Access to all models, views, and reports
  • Access to assigned models, shared views, and shared reports
  • Access to assigned models, shared views, and shared reports
Group Security
  • Group security is not applicable. Power User does not have to belong to a group to assign any group access. However, the group must belong to the model.
  • Group security is applicable. Contributors can not assign or revoke groups on any artifact.
Note:
Contributor must belong to the Group in order to assign or revoke Group access, and the Group must belong to the Model.
  • Group security is applicable. Reviewers cannot assign or revoke groups on any artifact.
View Access and Security
  • Has access to the default view for all models

  • Can create a view and share it by assigning it to any group

  • Can create a personal view

  • Can modify any shared or personal view, and assign or revoke any group

  • Can modify any personal view

  • Can delete any personal or shared view

  • Will see a list of all groups in the Property mode

  • Has access to the default view of all assigned models

  • Can create a view and share it by assigning to any group the user belongs to

  • Can create a personal view

  • Can assign or revoke any group the user belongs to

  • Can modify any personal view

  • Can delete any personal or shared view that the user belongs to

  • Will see only the list of groups the user belongs to in the Property mode

  • Has access to the default view of all assigned models

  • Cannot create a view and share it

  • Can create a personal view

  • Can modify personal views(those that belong to the Reviewer user only)

  • Can delete a personal view

  • Will not see any groups in the Property mode(Reviewers will not see their Group in Property mode)

View Dimension Security
  • Dimension Security is not applicable.
  • Dimension Security is applicable. If multiple rollups are specified as filters, the user will see the root of the first rollup in the default view

  • Users will see multiple rollup in the Dimension Member Tree drop-down

  • If the user tries to access a view that contains members filtered by dimension security, the Contributor user will see only those members to which he or she has access

  • If a user creates a view, and then dimension security is applied, the user will be able to access the view and see the members he or she has access

  • Dimension Security is applicable. If multiple rollups are specified as filters, the user will see the root of the first rollup in the default view

  • Users will see multiple rollups in the Dimension Member Tree drop-down

  • If the user tries to access a view that contains members filtered by dimension security, the Reviewer user will see only those members to which he or she has access. If a user creates a view, and then dimension security is applied, the user will be able to access the view and see the members he or she has access.

Report Access and Security
  • Has access to all reports

  • Can create a report and share it by assigning it to any group

  • Can create a personal report

  • Can modify any shared or personal report and assign or revoke any group

  • Can modify any personal report

  • Can delete any personal or shared report

  • Will see a list of all groups in the Property mode

  • Has access to all shared or personal reports

  • Can create a report and share it by assigning to any group the user belongs to

  • Can create a personal report

  • Can modify any shared or personal report and assign or revoke any group the user belongs to

  • Can modify any personal report

  • Can delete any personal or shared report

  • Will see only the list of groups, the user belongs to in the Property mode

  • Has access to all shared reports
  • Cannot create modify or delete a report
Report Dimension SecurityDimension Security is not applicable.Dimension Security is applied.Dimension Security is applied.

Define User Security

When you define user security, you are assigning a role (Power, Contributor, or Reviewer) to the user. For details on access and security based on user roles, refer to the User Roles and User Role Access tables above.

To find details on setting up a user, click here.

Step 1 – Define Groups

To create a new user, refer to the User and Role Management article. Please note that the Dynamic Planning user option MUST be checked and a role assigned as shown below: 

Step 2 – Define Groups

Define a group of users that have access to specific models, sub-models, views, and reports.

  1. Access the Groups page by selecting Manage > Group Management > Group.

  2. Define groups by entering the name of the group under the Group cell.

Note:
Only Power users can assign and remove a user's access to a group.

Step 3 - Add Users to Defined Groups

Add users to groups defined on the Group page.

  1. Select the Manage > Group Management > User Group.

  2. Enter the user's login id under the Username cell and enter the group the user belongs to under the Group cell.

Note:
Only Power users can assign and remove users to and from groups.

Group permission does not take effect until you log off and then log in again. For example, if you assign a contributor user to a new group, the user must log off and then log in again to gain access to the newly defined group.

Step 4 – Define Group Access

To assign access to specific artifacts, follow these steps:

  1. Go to Manage > Group Management > Group Access.
  2. Make the desired selections for Artifact, Group, and Model.
  3. In the table below, update the desired intersections where you want the group to have access to Yes.
  4. Click Save.

Step 5 – Define Navigation Access

To assign navigation access, follow these steps:

  1. Go to Manage > Navigation Access.
  2. Choose either Contributor or Reviewer, or select a specific user to assign navigation access.
  3. On the Navigation Access page, each field under Analyze, Report, Model, External Source Model, and ModelAdministrationrepresents a subtask.
    1. Select Yes to allow access to a subtask.
    2. Select No to deny access to a subtask.
  4. Click Save.
Note:
This is already set up for contributors or reviewers and is optional if they wish to make changes.

Step 6 – Define Dimension Security

Dimension security is defined at the User Group level. For example, you can define a group to have access to Company Division 1 and 2, but not 3.

To define dimension security:

  1. Go to Manage > Application Administration > Model Permissions. The model permissions subtask allows you to provide access to specific dimensions for a user group.

  2. Select the model and the group you want to assign security to.

  3. Select the dimension you want to secure. When using a single dimension, use filters to assign access to specific dimension members (values).

  4. Click Save.

Note:
This step is optional and provides additional security.

Power users have access to all models, views, and reports, eliminating the need to assign Group access as you would for Contributor or Reviewer users.

Set up a Contributor/Reviewer User with Access to Specific Models

To create a new user, click here.

Create a Group for Contributor/Reviewer Users

To set up a group for Contributor/Reviewer users, follow these steps:

  1. Navigate to Manage > Group Management > Group.
  2. Enter a name for the group in the Group field.
  3. Click Save.

Map the Contributor/Reviewer User to the New Group

After creating the user and the group, map the user to the group with these steps:

  1. Go to Manage > Group Management > User Group.
  2. Enter the Contributor or Reviewer user’s email address in the Username field.
  3. Select the group name you created earlier.
  4. Click Save.

Assign Group Access to Models, Reports, and Views

To assign access to specific models, reports, and views, follow these steps:

  1. Go to Manage > Group Management > Group Access.
  2. Make the desired selections for Artifact, Group, and Model.
  3. In the table below, update the desired intersections where you want the group to have access to Yes.
  4. Click Save.

Assign Dimension Security to a Contributor or Reviewer User

A user can assign dimension security to a contributor or reviewer by following these steps:

  1. Select Manage > Application Administration > Model Permissions.

  2. The groups list will show the current groups that have access to the selected model.

  3. Enter the desired Group.

  4. Enter the desired Dimension.

  5. Select the desired Filter and Value.

  6. Click Save.


Notes:
  • This is an optional step.
  • The same steps can be taken to assign dimension security to a Contributor user.

Assign Access to Reports and Views

Power users can define views and reports to be shared with Contributors and Reviewers, who can then access these reports or views while maintaining the dimension security.

Example: If a Power user creates a view or report with a Department dimension filter (e.g., Sales) and selects the "All Departments" member, the reviewer will see only Sales data.

To assign group access to a view, complete the following steps:

  1. Go to Analyze > Data.
  2. Select the view to which you want to assign group access.
  3. Select the Design View subtask.
  4. Click the Properties action.
  5. In the Group column, select the name of the group you want to grant access to.
  6. Insert an additional row to ensure there is a blank row after adding the group name.

To assign group access to a report, complete the following steps:

  1. Go to Report > Design 

  2. Select the desired report.

  3. Click the Properties action.

  4. In the Group column, select the name of the group you want to grant access to.

  5. Insert an additional row to ensure there is a blank row after adding the group name.

  6. Continue designing the report as needed.

  7. Click Save.

Quick Summary of How to Assign or Restrict Access

The following table summarizes different ways to assign or restrict access to all aspects of models. Sometimes, there is more than one way to accomplish the same task, but one way may be more efficient than another. The table lists the more efficient methods above the less efficient methods. For example, you can assign access to a Model for a Group of users using either Model Permissions or Group Access, with Group Access being the more efficient method.

Reminder :

  • Roles : the predefined Dynamic Planning Roles are Power, Contributor, and Reviewer. Power users can see which user is assigned to which role with Manage > User & Role Management. The roles have default navigation permissions to areas of the application associated with their access. To see or edit those default permissions, navigate to Manage > Navigation Access.

  • Groups : groups are user-defined lists of users in your organization. They are defined within Manage > Group Management > User Group.

  • Types : the predefined User Types are Business and External. User Types define whether someone can create or modify other user accounts. The Business user type is for all users within your organization that use Dynamic Planning. The External user type is for users outside of your organization who need to access your application for diagnostics, development, or debugging work, such as Planful Support or Partner Consultants.

ArtifactBy Group or RoleWays to Define Access to this Artifact

Models

By Role or User

Manage > Navigation Access

Models

Model Permissions

Manage > Application Administration > Model Permissions

Models

By Group

Manage > Group Management > Group Access

Dimensions

By Group

Manage > Application Administration > Model Permissions

Views

By Role or User

Manage > Navigation Access

Views

By Group

Analyze > Design View > Properties

Reports

By Role or User

Manage > Navigation Access

Reports

By Group

Report > Design Report > Properties

Calculations

By Role or User

Manage > Navigation Access

Calculations

By Group *

Manage > Group Management > Group Access

Calculations

By Group *

Model > Calculation

Attributes

By Role or User

Manage > Navigation Access

Maps

By Role or User

Manage > Navigation Access

Scopes

By Role or User

Manage > Navigation Access

Formulas

By Role or User

Manage > Navigation Access

Substitution Variables

By Role or User

Manage > Navigation Access

Data Loading

By Role or User

Manage > Navigation Access

Import/Export Data

By Role or User

Manage > Navigation Access

External Source Model Actions

By Role or User

Manage > Navigation Access

Model Validation

By Role or User

Manage > Navigation Access

Model Lookups

By Role or User

Manage > Navigation Access

 

 

 

* You must first enable Calculation Access by Group: Manage, Application Administration, Application Settings, Calculation section, Enable Group Permissions, then logoff and login again.

User Types

User Types define whether users belong to your business internally or externally. Users within your organization are called Business users, while those outside your organization are called External users.

Business User
External User 
Internal to your organization.External to your organization.
Access is limited to your organization's application or application group.Access to your and other organizations' applications.
Counts toward your organization's license count.Does not count toward your organization's license count.
Business admin users can modify other Business user accounts.

External users, often Planful employees, can modify any user account.

Best Practices/Tips

  • As a Best Practice, Business users should manage only Business users. For any changes related to External users, contact Planful Support.

    • If you are a Business user, you can only add new Business users. You do not have permission to add new External users.

    • Only External users can create new External users.

    • However, if you are a Business user, you can add an External user to your application if the External user name already exists.

    • For example, External Partner A has worked with Business Customer P before, and External Partner A has an External username. When Business Customer X starts working with External Partner A, they can add External Partner A to their application because External Partner A already has a username (usernames are global). However, Business Customer X cannot add a new External Partner B if that username does not already exist in the Planful system.

    • Business Power users can change the password of a Business user but not an External user. If an External user wants to change their password, they should contact Planful Support.

Automatic Signout

Automatic sign-out from Dynamic Planning occurs in two scenarios:

  • Inactive Session: If your session remains inactive for 60 minutes, the system will automatically log you out.
  • Foreground Process Timing Out: Running extensive processes, such as a Calculation, in the foreground for more than five minutes might lead to a timeout. It's considered a best practice to execute such processes in the cloud (background) to avoid timeouts.

Supported Browsers for SpotlightXL and Spotlight

See: Client Requirements

Unique URLs for Artifacts

The following functions in the Dynamic Planning module have unique URLs:

  • Reports
  • Plans
  • Analyze
  • Models

These links can be shared with other users and utilized within tasks in Task Manager. Additionally, the External Link feature allows you to add links from any module within Dynamic Planning to tasks in Task Manager.

To learn more about Creating tasks in the Task Manager using External Link, click here

Guard Rails

Application AreaLimitationDescription
Master ModelKey Combination Limit (1 Trillion)Represents the combination of members from all Key type dimensions in a Master model. Calculated as the number of members from Key Dimension #1 (such as 1000) multiplied by number of members from the remaining Key Dimensions (such as 50). The result would be a combination of 50,000 combinations which would be acceptable. Key dimensions are identified in Model > Setup.
Master ModelValue Block Limit (1 Million)Represents the combination of members from all Value type dimensions in a Master model. Calculated as the number of members from Value Dimension #1 (such as 20) multiplied by number of members from the remaining Value Dimensions (such as 10). Value dimensions are identified in Model > Setup.
Analytic ModelKey Combination Limit (1 Trillion)Represents the combination of members from all Key type dimensions in an Analytic model. Calculated as the number of members from Key Dimension #1 (such as 1000) multiplied by number of members from the remaining Key Dimensions (such as 50). The result would be a combination of 50,000 combinations which would be acceptable. Key dimensions are identified in Model > Setup.
Analytic ModelValue Block Limit (1 Million)Represents the combination of members from all Value type dimensions in an Analytic model. Calculated as the number of members from Value Dimension #1 (such as 20) multiplied by number of members from the remaining Value Dimensions (such as 10). Value dimensions are identified in Model > Setup.
Dynamic PlanningNumber of Models (20)Represents a combination of all types of models – Master and Analytic– per application.
SpotlightXL View or ReportTotal number of cells on an Analyze grid or Report in SpotlightXL (200K)Represents the number of cells that can be displayed on a single view or report in SpotlightXL, calculated as the number of row members multiplied by the number of column members.
Spotlight AnalysisNumber of cells displayed on an Analyze grid (20K)Represents the number of cells that can be displayed on a single view in Spotlight, calculated as the number of row members multiplied by the number of column members.
Dynamic PlanningDecimal places (4)Number of decimal places per cell.
Dynamic Planning50 characters per cellMaximum number of characters per cell.
Report4 charts per reportMaximum number of charts per report.

Online Help, Support, Community, and Solution Hub

The Support Portal and Customer Community (Planful Engage) are accessible through both SpotlightXL and Spotlight Web, and authentication is required. Click the drop-down at the bottom of the Help button to expand a list of links for navigating to Support or Customer Community.


Support Portal 

When a Dynamic Planning user is created, a login and password is automatically created to access the Support Portal if the user does not already have a Support Portal account.

Note:
Users with Support Portal accounts created in Dynamic Planning without an existing Support Portal account cannot access the Support Portal directly. These users must login to Dynamic Planning and access the Support Portal using the link.

Customer Community

When a Dynamic Planning user is created, a login and password are automatically created to access the Customer Community if the user does not already have a Customer Community account.

Notes:
  • Users with Customer Community accounts created in Dynamic Planning without an existing Customer Community account cannot access the Customer Community directly. These users must login to Dynamic Planning and access the Customer Community using the link.
  • For information on the browsers that are compatible with SpotlightXL and Spotlight, refer to the Client Requirement.

Solution Hub

The Solution Hub is a primary destination for exploring the extensive capabilities of Planful's Financial Performance Management platform. You can access it through the application and website. It is a centralized repository, featuring interactive demos and informative content tailored to prospective clients and existing users.

Key Features:

  • Comprehensive Searchable Library: Access an extensive array of Planful Solutions directly within the application.
  • In-App Accessibility: Easily explore tailored solutions, search, and add favorites.
    solution hub

Benefits:

  • Enhanced Platform Awareness: Discover the breadth of our platform's capabilities beyond basic FP&A functionalities.
  • Empowerment Through Knowledge: Align with evolving buyer preferences through self-education.
  • Advanced Search Options: Refine searches based on specific criteria such as finance, industry, and region.

If you are a new user, you can explore various solutions and take interactive tours to gain in-depth information. In addition, you can contact the Planful support team if you find a solution that meets your needs.

image (9)(3)

If you are an existing user, you can conveniently access the Solution Hub page within the application by clicking on the Solution Hub in the top menu bar. Once there, you can explore the list of solutions by clicking on a card and navigating to the Solution Hub page. You can also view the interactive tour available on the page.

The Solution Hub ensures that you have everything you need to make informed decisions about financial performance management with Planful.

Global Settings for View and Report Properties

Power users can set default values for key properties available in Views and Reports. This enhancement provides flexibility for Power users to define the default behavior from a centralized application page for key properties available in Views and Reports. Power users can either allow or restrict Contributor and Reviewer users from updating the key properties.

Select Manage > Application Administration > Application Settings.

Defining Default Behavior for View and Report Properties

Under the View and Reports sections, there is a column for Default Value where you can make selections.

For Views, a power user can set the default value for a number of properties, including Display, Indent Row Members, Show Hidden Members, and Enable Save properties. Default values for Dimension Number Format and Lock properties are not applicable.

For Reports, a power user can set the default value for properties, such as Display, Hide Gridlines, and Hide Headers properties. Default Value for Save on Model and Calculation on Save properties are not applicable.

In the example below, under View, 'Code' is selected for Display Label. This means that starting from the moment the setting was saved, all new views and other items will display 'Code' as the Display Label. Additionally, under Reports, the power user selected 'No' for gridlines and headers. Consequently, any reports created from the saved setting onward will not display gridlines and headers.

Note:
Selecting a default value is optional.

ModelingImagesManageglobalsettingsviewandreport11.png

Restricting Contributor and Reviewer Users From Updating View and Report Properties

The “Allow Contributors to Update Properties” and “Allow Reviewers to Update Properties” fields are located under the View and Reports sections located on the Manage > Application Settings page.

Make selections for properties that you want to allow or disallow Contributor and Reviewer users to update.


Was this article helpful?