User & Role Management
  • 21 Minutes to read
  • Dark
    Light
  • PDF

User & Role Management

  • Dark
    Light
  • PDF

Article summary

You can streamline user onboarding, control access, and security protocols to create an operational environment using the information on this page. In addition, you can improve your security measures using customizable navigation roles and access levels based on your organizational needs.

Navigate to Maintenance > Admin > User & Role Management.

Now, let's explore all the options available on User & Role Management.

User

The User tab displays all users and provides functionality to add, edit, delete, and copy user permissions, providing access to application pages and other user actions. It also ensures data security and maintains Planful users.

Admin users will have access to add and maintain Planful users and provide access to application pages and data security for those users.

 Add 

To add a new user, follow the steps below:

  1. Click Add.
    USer(2)
  2. Enter a valid Email address; this will serve as the user's login ID.
    USer(2)
  3. Select a User Authentication Mode:
    • Native — Log in to Planful using the Login page.
    • SSO Provider — Log in to Planful using Single Sign-On (Planful supports all providers who support the SAML 2.0 standard).
    • Hybrid — Log in to Planful using the Login page, Single Sign-On, or both.
  4. Enter the user’s first and last name.
  5. Select the user's Status: Active or Inactive. Users must be active to access Planful.
  6. Assign a Navigation Role to the user. To learn more about the Navigation Role, click here.
  7. Select Regular User or Reporting Administrator for the Reporting Role. A regular user does not have the same access and privileges as a reporting administrator.
    • Report Administrator - Has Full Control of all artifacts, sub-folders, and folders.
    • Regular User - Permissions available for Regular Users are dependent upon the security permissions assigned to the user at the artifact, folder, and sub-folder level.
  8. Select Regular User or Admin User for the Task Manager Role.
  9. Select Administrator, User, or Budget Manager for the Support Role
    1. Administrator: Selecting this role gives the user access to both the Full Experience and the Budget Manager Experience (BME). Also, when a support administrator clicks the Get Help icon, they can find all help and support-related resources under one header.

    2. User: Selecting this role causes the Budget Manager Experience checkbox to appear. Selecting this checkbox gives the user access to both the Full Experience and the BME. If the checkbox is not selected, the user can only access the Full Experience. Also, when a support user clicks the Get Help icon, they can find all help and support-related resources under one header.

    3. Budget Manager: Selecting this role allows users to access only the Budget Manager Experience (BME). Within BME, the user can access only the artifacts (templates, reports, or dashboards) that finance teams share with them. The user will not have access to any other functions available in the Full Experience. For more information on the capabilities of a Budget Manager, click here.
  10. If you select the Budget Manager role, the user can access only the artifacts (templates or reports) that finance teams share with them. The user will not have access to any other functions of the application. For more information on the capabilities of a Budget Manager, click here.
    Note:
    The number of available Administrator roles is based on your Service Level Agreement (SLA).  
  11. Select Yes if you are adding a Dynamic Planning user. The Dynamic Planning Role drop-down list will be displayed.
  12. Select Power User or Contributor User or Reviewer User for the Dynamic Planning Role.
    Note:
    The Contributor and Reviewer user needs to be assigned to a user group in the Dynamic Planning application.
  13. Support ID is read-only field updated based on your system setup.
  14. Select Background Administrator to disable the user from logging into all Planful applications other than through Web Services. This is useful for a typical user account which is created to perform back-end tasks, such as DLR loads, Cloud Scheduler jobs, etc.
  15. Select Disable Password Expiration Check so that the normal password expiry policy is not applicable for this user. This is useful for a user account created to perform back-end tasks, such as Data Load Rule loads, Cloud Scheduler jobs, etc.
  16. Select Enable Two Step Verificationto prompt users to select a method for receiving a verification code (SMS, email, or phone app) that they will use as part of their login process. This will enhance login security for the users. To learn about selecting a two-step verification method, click here.
    Note:
    Two-step verification is applicable only for login through the application web page, for both Native and SSO user accounts. It does not apply to login authentication via thick clients (Excel Add-in, Offline Planning ) or web service requests.
  17. Select Enable Web Service Access to enable web services access for the user to define security access for importing data from an external source into the Planful application through Web Services.
  18. Click Save.


Export Options

You can download the list of users using the Export to Excel and Print option.

The exported data will closely resemble the information displayed on the User page, with slight variations. Both options include the following details:

  • User Name & User Email    
  • Security
  • Status    
  • Navigation Role    
  • Reporting Role    
  • User Type
  • Authentication Mode    
  • Support Role    
  • Created Date    
  • Created By    
  • Modified Date    
  • Modified By    
  • Validation Status    
  • Mapped Date    
  • Expiry Date    
  • Last Login Date

Export to Excel

This option allows you to export the user data list in the Excel format.

  1. Click Export as Excel.
    USer(2)
  2. Click Ok.
    The data is exported to an Excel sheet.

Print

This option allows you to print the user data list.

  • When you click the Print option, you will see the entire user data in the sheet for printing.


Edit

To edit a user information, follow the steps below:

  1. Select the user for whom you want to update details, and then click Edit.
  2. Make the required changes on the Edit User page and then click Save.
Note:
You cannot modify the Email and User Authentication type


Copy Permissions

You can copy an existing (i.e., source) user, along with all associated permissions and roles, to a target user. This is an easy way to give a new user the same permissions as an existing user.

Permissions and roles that can be copied:

  • Approval Role
  • Consolidation security 
  • Data Integration Security
  • Dimension security
  • Report Access
  • Scenario Access
  • Navigation Role
  • User Groups, whereby all user groups the source user belongs to will be copied to the target user
  • Analytics Security
Note:
Copying user permissions and roles overwrites all existing permissions for the target user, so proceed with caution.

To copy user permission from a source user to a target user(s), follow the steps below:

  1. Select the user whose permissions you want to use as the source user and click Copy Permissions.
  2. On the Copy User Permissions page, select the target user from the User list and click Right Arrow to add them to the Target users list. You can add multiple users to the target list.
    Note:
    • Click Apply Filter to enable the search filter row.
    • To remove the user from the target list, select the user and click Left Arrow.
  3. Once the target user(s) is added to the list, click Save.
    The source user’s permissions and roles are copied to the target user(s).


Delete

This option is used to delete the user.

  1. Select the user you wish to delete and click the Delete icon.
    Delete(3)
  2. Click Delete


Security Configurations

User Setup Required by Module

The table below provides information on user security related tasks available from the User Management page and the module they are related to. These tasks are to be completed for regular and admin users based on module. Other user security setup is required within the module itself. For example, in Consolidation there is a Security page.

 

Planning

Consolidation

Reporting

Modeling

Admin Only

Scenario Access

X

X

X

X

 

Approval Roles

X

 

 

 

 

Data Integration

X

X

X

 

X

Report Access

 

 

X

 

 

Add-In Security

X

(only required if users need access to Offline Planning)

 

 

 

 

Workforce Reporting Security

X

(only required to secure Workforce Reports if you're using Workforce Planning)

 

X

 

 

To learn more about the security configuration, refer to Security Configuration

Lock User

To prevent a user from signing on to Planful follow the steps below:

  1. Select a user you wish to lock and click the Security Options.
  2. Select the Lock User checkbox and click OK.
    Note:
    • To unlock, select the user, uncheck the Lock User box, and click OK.


Reset Password

To reset the password for a user or group of users, follow the steps below:

  1. Select a user for whom you wish to reset the password and click Reset Password.
    Reset PW(1)
  2. The Password Reset page appears. You can also select multiple users by clicking the checkboxes.
  3. Click Send.
    Password Reset page
    The selected user(s) will receive the reset password link via mail at their registered email address.


User Group

The User Group tab is used to add and edit groups of categorized users. If you need to provide a group of users with the same access privileges, it is easier to create a user group and assign group privileges rather than assign privileges to each user one by one.


Add

This option allows you to add a new user group.

To add a new user group, do the following:

  1. Click Add.
  2. Enter a code and descriptive name for the user group.
    Note:
    The group code is unique and cannot be changed once you create the user group.
  3. Click the Add user name field to add users to this group. Start typing the user name or navigation role, and you can see the users appearing in the drop-down.
  4. Click Browse users to search further for all the users. The All Users pop-up will have the list of all users within the application.
  5. Select the users you want to add to the user group by clicking the checkbox associated with the user name. Use the search field to search by name or navigation role to find the required user.
  6. Click OK once you complete the selection. You will be back on the Add User Group page and you can see the selected users for the group.
  7. Click Add and you are done.

Now, you need to configure the security options for the user group. 

Note:
Once you've created a user group, the access configurations are not automatically applied. By default, the status indicator will be no color, indicating that you need to actively configure the security options for the user group. Head over to the Security Options tab in this article to learn more about security options and how you can configure them.


Export Options

You can download the list of user groups (using Print and Export options) and the corresponding mapped users (Export Option).

The export options include:

Export as Excel

Using this option you can export the list of user groups and the corresponding mapped users.
Click the Export option and select the required option to download the report.

The available options are:

  • Export User Groups: When you export the list of user groups, the following information is available in the Excel sheet.
    • User Group Code
    • User Group Name
    • Created Date
    • Created By
    • Modified Date
    • Modified By
  • Export Mapped Users: This option is used to export the list of users associated with all the user groups displayed in this tab in an Excel sheet. If a user is part of multiple user groups, then the user’s name will repeat in the respective user groups. You can also use the Export User Groups option to export the list of user groups displayed in the User Groups tab. When you export the list of mapped users, the following information is available in the Excel sheet related to each user:
    • User Group Code
    • User Group Name
    • User First Name
    • User Last Name
    • User Email ID
Print

This option allows you to print the entire user group List.

The data will be identical to what is displayed on the User Group tab. When you click the print option, the following information is available in the sheet:
  • User Group Code
  • User Group Name
  • Created Date
  • Created By
  • Modified Date
  • Modified By


Edit

This option is used to edit the user group.

Note:
System-defined user groups cannot be modified. This means that you cannot add new members or remove existing ones from this group, but you can still configure the security options.
  1. Select the user group you wish to edit and click the edit icon. The Edit User Group appears.
  2. Make the required changes and click Save. Edit the security options if required.
    Note:
    You cannot modify the group code.


Delete

This option is used to delete the user group.

Select the user group you wish to delete and click the delete icon.

Note:
Only after you unmap all the security configurations associated with that user group, you can proceed to delete.


Security Options

Security Options refer to settings or configurations that control access, permissions, and security-related aspects for users within those groups.

First, let's understand the Status Indicators of security icons to assess the level of configurations for each user group. 

When you hover over the security options icon, you can interpret the status as follows: 

  • No color: Indicates that no access has been configured.
  • Yellow: Indicates that the access has been configured for a few areas.
  • Green: Indicates that the access has been configured for all areas.
Note:
Once the user group is created, the configurations are not done, so the default color and status is "no color".

Additionally, when you click the security options icon, you can determine the configuration status of each area by the associated indicators. There are two statuses: Configured and Not configured. A green checkmark indicates that the configuration is complete, while the other indicator suggests that other areas are yet to be configured.

You can start configuring these settings by selecting the security options icon in two ways:

  1. Select the user group and click directly on the security options icon within the user group's Security column.
  2. Select the user group and click the security options icon in the header.

You can configure the following areas for user groups:

  • Add-In-Security - Setting up add-in security is important when using Planful Offline Planning, which is an Excel planning tool that allows you to download and perform budgeting tasks while not connected to the application. To learn more about Add-In-Security, click here.
  • Data Integration Security - Data integration security is comprised primarily of Data Load Rules. A Data Load Rule tells the system how to handle data values in the data source during a data load. To learn more about Data Integration Security, click here.
  • Report Access - To provide users and user groups with access to generated reports, each user or user group must be assigned access privileges. Any user with access to User & Role Management can update Report Access for a user, user group, or artifact. To learn more, click here.
  • Scenario Access - To provide users and user groups access to a scenario, each user or user group must be assigned access privileges. To learn more about Scenario Access, click here.
  • Workforce Reporting Security - Workforce Reporting enables structured, ad hoc analysis of workforce planning dimensions and measures. Workforce Reporting is integrated into the application as a Reporting Area, allowing you to report on employee-specific compensation and other financial dimensions. To learn more about Workforce Reporting Access, click here.


Navigation roles in the Planful application determine the specific navigation paths that grant users access to certain pages and their associated functionalities. By assigning navigation roles, the application ensures that users have appropriate access levels and enhances the overall user experience.

The admin user can create a Navigation Role and assign Navigation Access to a specific Navigation Role. Then the Navigation Role can be assigned to users. This ensures users can only access the designated paths based on their assigned roles.

Navigation: Maintenance > Admin > User & Role Management > Navigation Role.

Add

To create a new navigation role, follow the steps below:

  1. Click Add.
    Add- Naigation Role
  2. Enter a code and name for the navigation role. 
  3. Click Save.
    Save'

Refer to the Navigation Access section below to understand how to assign navigation access to a navigation role. Once assigned, you can link the navigation role to a user during the process of adding or editing the user.

To learn more about adding/editing a user, click here.


Edit

To edit the navigation role, follow the steps below:

  1. Select the navigation role from the list and click the Edit icon. 
  2. Make the required changes on the Edit Navigation Role page and then click Save.


Delete

To delete a Navigation Role, follow the steps below:

Note:
If the Navigation Role is assigned to a user(s), you must remove the assignments to delete the selected navigation role.
  1. Select the navigation role you wish to delete and click the Delete icon.
  2. Click Delete.


Navigation Access

The admin user can assign the Navigation Access to a specific Navigation Role. To assign the Navigation Access, follow the steps below:

  1. Select the specific Navigation Role to which you want to assign Navigation Access and click Navigation Access
  2. Use the hierarchy structure to expand and collapse navigation options. Click the checkbox next to the navigation option to allow access to the path. 
  3. Click Save.
    Note:
    You can select different Navigation Role from the drop-down list, and assign Navigation Access.


Apply Filter

This option is used to filter the navigation role from the list.

  1. Click Apply Filter.
    A search filter row appears. 
  2. Enter your search keyword in any of the search filter columns. The system will filter and display the data that matches your specified criteria. Note: Click Clear Filter to hide the search filter option.
    Note:
    Click Clear Filter to hide the search filter option.


Export Options

Export to Excel:

The Export option for the Navigation Role area helps the administrators to export the summary report and the detailed navigation report.

To export the summary report and the detailed navigation report, follow the steps below:

  1. Click the Export to Excel icon. 
  2. From the drop-down click Download Summary Report or Download Detailed Report
    • Download Summary Report: The summary report provides a condensed view of navigation roles. This report includes the list of navigation roles, including role code, name, creation and modification details, and whether they are predefined or custom-created. 
    • Download Detailed Report: The detailed report offers comprehensive navigation role information and access details for different users, highlighting specific permissions and access levels with Yes or No indicators.
  3. Click OK.

Print:

This option allows you to print the Navigation role list.

  • When you click the Print option, you will see the entire navigation role list in the sheet for printing.


Approval Role

The Approval Role tab is used to create and configure roles with specific actions for users. Approval roles specify the actions that users can perform during the budgeting process.

For example, you can assign a budget manager with an approval role to approve certain budgets. Approval roles can have varying levels of user responsibility for budget entities. For example, a user has access to two entities (A and B), but has HR responsibility for entity B only. You can then restrict the user to view only specific data based on HR access for the approval role assigned to the entity.

Example of a Typical Approval Role Configuration

The following shows a typical approval role setup for a Budget Administrator and a Regular Budget User.

Approval RoleAccess Permissions for BudgetsApproval Workflow Access Permissions
Budget Administrator
  • Budget Template (Input, View)
  • Payroll Budget (Input, View)
  • Forward Budget for Approval
  • Send Back Budget
  • Approve Budget
  • Final Approve Budget
Budget User
  • Budget Template (Input, View)
  • Budget Input
  • Forward Budget

Business Value:

You can create approval roles for users to ensure clarity, alignment, and accountability within an organization and improve the regular functioning of the business.

The grid displays the following information:

  • Approval Role Code - Displays the unique code to identify an approval role.
  • Approval Role Name - Shows the name by which you can identify an approval role.
  • Created Date - Indicates displays the date and time when an approval role was created.
  • Created By - Displays the user’s name who created the approval role.
  • Modified Date - Indicates the date and time when an existing approval role was last modified.
  • Modified By - Displays the user’s name who had made last changes to an existing approval role.

Add

This option allows to create a new approval role. 

To create a new approval role, follow the steps below:

  1. Click Add.
  2. Enter a Code and Name (optional) for the approval role.
  3. Select the required Approval Actions for the new approval role from the drop-down to access entity actions.

    The list of approval actions is explained below:
    • Forward: This option allows you to forward the budget entities that contain budgets for approval. You can forward budgets when the current status of the budget entity is In Progress. Forwarded budgets are locked to ensure that they are not editable.
    • Approve: This option allows you to approve forwarded budgets.
    • Final Approve: This option allows you to flag all budgets with a Final Approval status. Final-approved budgets are locked and cannot be edited by users or administrators.
    • Workflow History:This option allows you to view the complete workflow history of a budget which includes the action, action date, user name, and comment.
      Note:
      The above options appear on the planning control panel only when you select these for an approval role and assign that approval role to a user. These options appear on the right side of the planning control panel on selecting either roll-up or leaf-level entity.
  4. Select the required template actions from the Operating Budget Template Actionssection for all the required templates for the approval role.
    Note:
    The availability of the template actions depends on whether the Workflow Setupis enabled or disabled in your application.
    • If the Workflow setup is enabled, you can see All, Input, View, Forward, and Approve.
    • If the workflow setup is not enabled, you can see All, Input, View, and Mark Complete
    The list of budget template actions is explained below:
    • All—Allow the approval role to perform all template actions.
    • Input—Allow the approval role to open budget templates in Input mode and to enter data.
    • View—Allow the approval role to open budget templates in Read Only mode.
    • Forward To allow the approval role to access the Forward action in the Planning Control Panel and forward the budget entities comprising budgets for approval. You can forward budgets when the current status of the budget entity is In Progress. Forwarded budgets are locked to ensure that they are not editable. 
    • Approve To allow the approval role to access the Approve action in the Planning Control Panel and approve forwarded budgets. 
    • Mark Complete—Allow the approval role to mark templates Complete. Once a template is complete, it cannot be opened in Input mode until marked Not Complete.
      Note:
      The above actions can be performed only when you select the leaf-level entity under the roll-up on the Planning Control Plan page.
      Note
      When you add templates to a budget model, update security roles to provide the appropriate access privileges.
  5. Select the required Initiative Approval Actions to allow budget users to perform workflow actions on Initiative budgets.
    The list of initiative approval actions is explained below:
    • All—Allow the approval role to perform all initiative template actions.
    • Forward—Allow the approval role to forward selected initiatives.
    • Send Back—Allow the approval role to send back forwarded initiatives.
    • Approve—Allow the approval role to approve initiatives.
    • Reset—Allow the approval role to reset initiatives to a status of Work in Progress. All initiatives can be reset even if they are approved. 
  6. Click Save.


Edit

This option is used to edit the approval role.

  1. Select the required Approval Role and click Edit.
  2. Make the required changes on the Edit Approval Page and then click Save.


Delete

This option is used to delete the approval role.

Select the required approval role you wish to delete and click Delete.


Apply Filter

This option is used to filter the approval role.

  1. Click Apply Filter.
    A search filter row appears.
  2. Enter your search keyword in any of the search filter columns. The system will filter and display the data that matches your specified criteria.
Note:
Click Clear Filter to hide the search filter option.


Export options

You can download the list of approval roles data using the Export to Excel and Print option. The exported data will be identical to what is displayed on the Approval Role page and both options include the following details:

  • Approval Role Code
  • Approval Role
  • Created Date
  • Created By
  • Modified Date
  • Modified By

Export to Excel

This option allows you to export the list of approval roles created in the Excel format.

  1. Click Export to Excel.
  2. Click Ok. The data is exported to an Excel sheet.

Print

This option allows you to print the list of approval roles.

  • When you click the Print option, you will see the entire approval data in the sheet for printing.


Model Permissions

The Model Permissions tab displays the list of existing model permissions and allows the power user to map/unmap user groups to the model. Additionally, the power user can secure specific dimension members, ensuring that user groups cannot access those members.

Notes:
  • The Model Permissions tab is only visible to Power users.
  • To assign permissions, navigate to the Add/Edit User section and ensure that Dynamic Planning User is set to Yes and Dynamic Planning Role is set to Power User.

The Model Permissions page displays a list of models along with their details, such as dimensions and associated user groups. There are three types of models available:

  • Analytical Models
  • Direct Access to PCR (DAP) Models 
  • External Source Models (ESM) Models

Power users can grant access to user groups for different models, including their respective dimensions and members. 

You can review permissions for a model and its user group(s) by selecting the model in the Select Model drop-down within the Preview Permissions link.

To define the user permissions for any model, follow the steps below: 

  1. Click Edit on the required model.
  2. Click Map in the User Groups section. The Map User Groups page is displayed.
    Note:
    If the user group(s) are already mapped, skip to step 4.
  3. Select the required user group and click Save. If the list is extensive, utilize the search option to find the necessary user group.
    Once a user group is added to the model, all the related users within the user groups are associated with it. 
  4. When a user group is mapped with the model, you can do the following:
    • Copy Permissions: Use this option to copy the permissions set of the respective user group to other user groups. Suppose you copy the permissions to a new user group not mapped with the model. In that case, the new user group will be automatically mapped to the model, and the permissions will be applied simultaneously.
      • If you copy the permissions to any group that already has a set of defined permissions, then these copied permissions will override the old permissions.
    • Remove Permissions: Use this option to un-map the related user group.
      Note:
      You cannot define member-level security for ESM and DAP models. The user groups added to ESM will have full permissions on all dimensions of the ESM model. The user groups added to the DAP model will honor the dimension security from the financial model defined in Structured Planning.


  5. In the Configure Security section, you can select the dimension you need from the Secure a Dimension list. The related members are displayed below the list.
    • Select the scenario members from the list that require security restrictions. The user groups will have access only to those members not selected.
    • In the Selected Members section, you can view the secured dimension members list. You can also change the security permissions to Selected or Select + All Children from the drop-down.
  6. Click Save in the top right corner after you secure the dimensions. The Model Permissions are updated.



Related Articles