- 11 Minutes to read
- Print
- DarkLight
- PDF
User Management Summary
- 11 Minutes to read
- Print
- DarkLight
- PDF
Loading Users to Planful
Your first task will be to load users to Planful. Here are a few options:
Data Load Rules - User friendly and most frequently used
Web Services - APIs, which require a more technically savvy Admin
User Page - Not realistic when loading many users as you have to load one at a time
Steps to Manually Add Users via the User Application Page
- Access the User page by navigating to Maintenance > Admin > User Management.
- Click Add.
- Enter a valid email address in the User Name field, which will serve as the user's login ID.
Select a User Authentication Mode:
Native—Login to Planful using the Login page.
SSO Provider—Login to Planful via Single Sign On. (Planful supports all providers who support the SAML 2.0 standard.)
- Enter the user’s first and last name.
- Select the user’s status, Active or Inactive. Users must be Active to access Planful.
- Assign a navigation role to the user. .
- Select Regular User or Reporting Administrator for the Reporting Role.
- Select User or Administrator for Support Role. The number of available Administrator roles is based on your Service Level Agreement (SLA). Select whether the user you are adding needs an Administrator support role or a User support role.
- Support ID is read-only field updated based on your system setup.
- Select Background Administrator to disable the user from logging into all Planful applications other than through Web Services. This is useful for a typical user account which is created to perform back-end tasks, such as DLR loads, Cloud Scheduler jobs, etc.
- Select Disable Password Expiry Check so that normal password expiry policy is not applicable for this user. This is useful for a user account created to perform back-end tasks, such as Data Load Rule loads, Cloud Scheduler jobs, etc.
- Select Enable Two Step Verification to prompt users to select a method for receiving a verification code (SMS, email, or phone app) which they will then use as part of their login process.
- Select Enable Webservice Access to enable web services access for the user.
- Click Save.
Security Cheat Sheet
User Access/Security Cheat Sheet
The table below provides high-level information on all the types of user security / access available, what the purpose of each is, and additional information.
User Groups
User Groups Overview
The User Group page is used to add and edit groups of categorized users. If you need to provide a group of users with the same access privileges, it is easier to create a user group and assign group privileges rather than assign privileges to each user one-by-one.
How to Add a User Group
To create a User Group:
- Navigate to Maintenance > Admin > User Management > User Group.
- Click Add.
- Enter a code and descriptive name for the user group.
- Select the users you want to associate with the user group.
- Click the users in the Unmapped Users pane that you want to add to the group, and use the right arrow to add them to the Mapped Users pane.
- Click Save.
Navigation Role and Access
Navigate Role and Access Overview
Navigation roles allow users to access specific navigation paths, which provides them with access to certain application pages and associated functionality.
How to Create a Navigation Role
- Navigate to Maintenance > Admin > User Management, then select Navigation Role.
- Click Add.
- Enter a code and name for the navigation role.
- Click Save.
Two Step Verification
What is Two Step Verification, How Does It Work, and How Do I Enable It
In order to enhance login security for your applications, enable optional two step verification for users.
When enabled, users will be prompted to select a method for receiving a verification code (SMS, email, or phone app) which they will then use as part of their login process.
You can always change your verification mode, if desired. For example, if you configure verification through Google Authenticator App and then lose your phone, you can change to Contact Number (SMS) or Email; or, if you configure verification through Email, you can change to Google Authenticator App; and so forth.
To enable two step verification for a user:
- Navigate to Maintenance > Admin > User Management
- Select a user from the list then click Edit, or click Add to create a new user. The Edit User screen appears.
- Select Enable Two Step Verification.
- Click Save. The user will now be required to perform the two step verification process the next time they log in.
To select a two step verification method:
- Navigate to My Settings > User Information > Two Step Verification.
Select Enable Two Step Verification then select a verification method:
Contact Number (i.e., SMS) — Click Add Number to add a (mobile) phone device. The system sends a verification code to your phone. Enter your Verification Code then click Verify & Add.
Email — Select and click the save icon. A verification code will be emailed to you, and the next time you login you must enter the code.
Authenticator App (i.e., phone app) — Select and then click Configure. Follow the instructions on the Configure Authenticator App screen that appears, for your Android, iOS, or Windows phone device, and then enter your Verification Code when complete.
- Click the save icon.
SSO Users
How to Reset an SSO User's Password
This information is applicable to Single Sign On (SSO) users for Offline Planning and Web Services configuration.
SSO users will have a Reset option available on the My Settings, User Information tab, accessed by navigating to Maintenance > My Settings > User Information. Click Change Password and follow the instructions to reset your password.
The first time an SSO user sets their password, Planful will not check for a current password. Subsequently, SSO users will be asked for a current password. You can change your password only if you enter the correct current password. You will be notified if the password entered does not match your current password.
Use password reset when you do not remember your current password. Click the link (Click Here to reset your password). An email will be sent and you will be guided through a process to reset your password.
Locking Users Out of Planful
How to Lock a User to Prevent Sign On
- Navigate to Maintenance > Admin > User Management > User.
- Select a user.
- Select the three vertical dots, Lock or Unlock.
- Click OK.
Copying Users
How to Copy An Existing User to a New or Active User
You can copy an existing (i.e., source) user, along with all associated permissions and roles, to a target user. This is an easy way to give a new user the same permissions as an existing user.
Permissions and roles that can be copied:
Dimension security
Navigation Role
Scenario Access
Data Integration Security
Analytics Security
Approval Role
Report Access
Excel Add-In security
All Consolidation related security permissions
User Groups, whereby all user groups the source user belongs to will be copied to the target user
How to Copy User Permissions From a Source to Target User
- Navigate to Maintenance > Admin >User Management >User.
- Select the user whose permissions you want to use as the source user.
- Select the three verticle dots > Copy User Permissions. Note that the user you selected is listed in the Source user field.
- Select a target user from the User list left pane, then click the right arrow to add them to the Target users right pane.
- Click Save. The source users permissions and roles are copied to the target user.
Scenario Access
How to Provide Scenario Access to a User
Users must have access to scenarios to perform budget input on a selected scenario entity.
- Navigate to Maintenance > Admin > User,
- Select a user from the list, then click the three verticle dots > Scenario Access.
- Select the scenarios you wish to give the user access to.
- Provide users with access to all scenarios by checking or unchecking the scenario checkboxes.
- Click Save. To setup or edit more users, select them from the User pull-down menu and repeat the appropriate above steps.
Data Integration Security
Data Integration Security Overview
Data integration security is comprised primarily of Data Load Rules. A Data Load Rule tells the system how to handle data values in the data source during a data load.
You can assign users and user groups with data integration security options, which allows users and user groups to access specific Data Load Rule (DLR) processes. You can create data load rules to load files, copy and paste data, and use web services to load segment hierarchies, attributes, attribute hierarchies, entity hierarchies, users, HR data, currency exchanges rate, and other data.
How to Setup Data Integration Security for Users and User Groups
- Access the User page by navigating to Maintenance> Admin > User Management.
- Select a user or user group.
- Select the three verticle dots then click Data Integration Security.
- Select one of the following options to assign to the user or user group, otherwise, all data integration information will be disabled for that user or user group.
- Access to Data Load Process Setup and all Data Load Process—For Super Users and Admins who have access to all functionality within the Data Integration module. Allows the user or user group to create new data load processes or update existing ones. Select one of the following options:
Allow the user to edit Data Load Rules—The selected user or user group will have edit privileges for all data load rules.
Do not allow the user to edit Data Load Rules—Selecting this option affects the Data Load Rules page and the functionality presented there. An alert is displayed when a user without edit permission tries to edit a data load rule. (See "Important Notes," below.)
- Access to selected Data Load Processes—This option is for regular users. Allows users or user groups to access restricted data load processes and corresponding translations. Unmapped and mapped data integration process information is displayed when selected (see Step 5, below).
Allow the user to edit Data Load Rules—User or user group may edit the mapped or selected data load rules.
Do not allow the user to edit Data Load Rules - Select specific data load rules you do not want the selected user or user group to edit.
- Access to Data Load Process Setup and all Data Load Process—For Super Users and Admins who have access to all functionality within the Data Integration module. Allows the user or user group to create new data load processes or update existing ones. Select one of the following options:
- If you selected Access to selected Data Load Processes in the above step, select the Unmapped ETL Processes and click the forward arrow to move the process to the Mapped ETL Processes pane, which provides the selected user or user group with access. (See Note, below.)
- Click Save. To setup or edit more users or user groups, select them from the User or User Group pull-down menu and repeat the appropriate above steps.
Important Notes
User without edit permission may still upload files, modify the grid on the Select Sample Input File page, and modify all Load Data page selections.
All functionality on the Select Sample Input File page will be disabled for users without edit privileges. The Next button on the Select Sample Input File page takes the user to the Load Data page, bypassing all other pages and selections.
For Web Services, users without edit privileges will have access to the Load Data page only.
For Actual Data Templates, there is change in behavior, regardless of the option chosen.
Users without edit privileges may not change the scenario on the Load Data page.
Access to the Define Data Mapping page will be disabled. This impacts the option of performing a partial data load using the across columns option. A user without edit access will not be able to map additional columns.