Understanding the User Management Interface

User Management List Page

How to Access the User Management List Page

The User Management list page is accessed by navigating to Maintenance > Admin > User Management.

Purpose of the User Management List Page

The User Management list page displays all users, provides functionality to add, edit, delete and copy user permissions, as well as other user actions available under the More list-box.

The User Management - User list page is displayed below with the More list-box expanded.

User Setup Required by Module

The table below provides information on user security related tasks available from the User Management page and the module they are related to. These tasks are to be completed for regular and admin users based on module. Other user security setup is required within the module itself. For example, in Consolidation there is a Security page.

How to Lock a User Out of Planful to Prevent Sign On

To lock a user to prevent them from signing on:

1. Navigate to Maintenance > Admin > User Management > User.

2. Select a user.

3. Select More > Lock.

4. Click OK.

How to Unlock a Locked User

To unlock a presently locked user:

1. Navigate to Maintenance > Admin > User Management > User.

2. Select a user.

3. Select More > Unlock.

4. Click OK.

Scenario Access

What is Scenario Access

Users must have access to scenarios to perform budget input on a selected scenario entity.

How To Assign Scenario Access to a User

1. Navigate to Maintenance > Admin > User,

2. Select a user from the list, then click More > Scenario Access.

3. Select the scenarios you want to give the user access to.

4. Provide users with access to all scenarios by checking or unchecking the scenario checkboxes.

5. Click Save. To setup or edit more users, select them from the User pull-down menu and repeat the appropriate above steps.

Approval Role Setup

What are Approval Roles

Approval roles are used in the Planning module to specify the actions users can perform during the budgeting process. For example, you can assign a budget manager with an approval role. Given this role, the budget manager can approve budgets.

Approval roles may have varying levels of user responsibility for budget entities. For example, when a user has access to two entities (A and B), but has HR responsibility for entity B only, the user can be restricted to view only specific data based on HR access for the approval role assigned for the entity.

How to Assign an Approval Role to a User

Users may have varying levels of responsibility for budget entities. Assigning different approval roles for different entities provides a user with different levels of privileges.
For example, when a user has access to two entities A and B, but has HR responsibility for entity B only, the user can be restricted to view only specific data based on HR access for the approval role assigned for the entity. Or, an Admin role might provide HR template access, but an Admin with no HR role might not have HR Workforce Planning template access.

To assign or edit an approval role for a user:

1. Navigate to Maintenance > Admin > User Management > User.

2. Select a user from the list, then click More > Approval Role Setup.

3. (optional ) Select Edit Scenario to allow user to make copies of the Global Entity templatesfor budget entities, and to edit the global entity copy of the template for the budget entitiesduring budget input. (Note that users without this access will not be able to perform the Global Process on the Planning Control Panel page.)

4. Click the cell under Level 1, then select the budget entity you want to give the user an approval role for.

5. Click the cell under the Role column. A list of roles for the user for the budget entity appears (Budget Approver, etc.). Select a role, as defined on the Approval Role page, to associate with the user.

   • Click the cells under columns Level 2, Level 3, and so forth, to add drill-down capabilities to associate with role privileges. (For example, Level 1 might be associated with a worldwide organization, Level 2 with the American branch of the organization, Level 3 with the organization’s California offices, etc.)
   • Use the add [+] icon to add more rows to the grid if you want to assign more approval roles for the user. (To add multiple rows, add the number of rows in the text field to the left of the add [+] icon.)
   • To disassociate a role for the user, as well as all associated privileges, select the row then click the delete icon (garbage can).

6. Click Save. To setup or edit more users, select them from the User pull-down menu and repeat the appropriate above steps.

How to Add an Approval Role and Assign Template Approval Actions

To add an approval role and assign template approval actions:

1. Navigate to Maintenance > Admin > User Management, then click the Approval Role tab.

2. Click Add.

3. Enter a code and name for the Approval Role.

4. Select top-level Approval Actions

   • Forward —Allow the approval role to forward the Budget Entities budget for approval. Budgets may be forwarded when the current status of the budget entity is Preparation in Progress. Forwarded budgets are locked so that they can not be edited.

   • Send Back —Allow the approval role to send back forwarded budgets for updates or modifications. Budgets can be sent back at any time until the status is set to Final Approval.

   • Approve —Allow the approval role to approve forwarded budgets

   • Final Approve —Allow the approval role to flag all budgets with a Final Approval status.

   • Approval History —Allow the approval role to view budget history.

5. Select template actions for all the templates you wish to assign template actions to and then click Save.

   • All —Allow the approval role to perform all template actions.

   • Input —Allow the approval role to open budget templates in Input mode and to enter data.

   • View —Allow the approval role to open budget templates in Read Only mode.

   • Mark Complete —Allow the approval role to mark templates Complete. Once a template is complete, it cannot be opened in Input mode until marked Not Complete.

   • Mark Not Complete —Allow the approval role to remove the Complete status for a selected template and allow the template to be opened in Input mode.

How to Bulk Export Approval Roles and Budget Entity Permissions for a Single User/All

Users

1. Go to Maintenance > Admin > User Management > User tab.

2. Click More and then select Approval Role Setup.

3. Click the Export drop-down list. A list of options appears.
   

4. You can perform any one of the following actions:

   • Click Export All Users to export the approval roles and budget entity permissions of all the users in the application.

   • Click Export Current User to export the approval roles and budget entity permissions of the user currently selected in the User list box.
     

   • Click Export Selected Users to export the approval roles and budget entity permissions of the users selected in the Export Selected Users window.
     
     The ApprovalRoleExport excel file is downloaded with the required approval roles.
     

5. Make the required changes, and then click the Import icon to upload the file. For more information about the Import functionality, refer the How to Bulk Import Approval Roles section.
   

How to Bulk Import Approval Roles

1. Go to Maintenance > Admin > User Management > User tab.

2. Click More and then select Approval Role Setup.

3. Click the Import icon. The Approval Role Upload dialog box appears.
   

4. Click Download Sample Template. It is important that you use the sample Excel template, because it instructs you how to organize your data and load it back into the application successfully.
   

5. After the template has been downloaded to your computer, open the template.
   

6. The template displays the required fields. Also, this template provides information about how you can enter the correct data in all the fields.
   

7. Enter the relevant details in the User ID, Approval Role, Member Type, Level1, Level 2, and Level 3 columns according to the instructions provided in the sample template. Ensure that you delete all the instructions in the sample file before uploading it.

8. The following table describes the columns in the sample template.

   User ID	Approval Role	Member Type	Level 1	Level 2	Level 3
   Ensure that the User ID matches that of an existing Planful user.	Ensure that the code matches that of an existing Approval Role.	Enter Rollup if the Member Type is a rollup or parent. Enter Leaf if the member type is leaf.	Enter the 'Member Code - Member Name'(in this pattern) if the Member Type is rollup. Ensure that all the values are the same as those in the Hierarchy. Note: For Rollup, you can either enter Member Code or Member Name if only one of them exist."	Enter the 'Member Code' if the Member Type is leaf. Enter the 'Member Code - Member Name'(in this pattern) if the Member Type is rollup. Ensure that all the values are same as those in the Hierarchy. Note: For Rollup, you can either enter Member Code or Member Name if only one of them exist.	Enter the 'Member Code' if the Member Type is leaf. Enter the 'Member Code - Member Name'(in this pattern) if the Member Type is rollup. Ensure that all the values are same as those in the Hierarchy. Note: For Rollup, you can either enter Member Code or Member Name if only one of them exist.

   The following table contains sample data for the columns in the sample template.

   User ID	Approval Role	Member Type	Level 1	Level 2	Level 3
   psingh@planful.com.	Reviewer	Rollup	Budget Hierarchy	Denver - Denver HQ
   stevearmtestuser@gmail.com	Budget Approver	Leaf	Budget Hierarchy	Denver - Denver HQ	Australia
   svadlamudi@planful.com	Simple Budget Approver	Leaf	Budget Hierarchy	Denver - Denver HQ	Australia

9. Save the XLSX file to your computer.

10. In the Approval Role Upload dialog box, click Choose File.
    

11. Browse for and select the XLSX file that you saved to your computer.

12. Click any one of the following options from the Upload Actions field:

    • Overwrite : To overwrite all the existing levels and approval roles. Or, to overwrite a specific level or overwrite specific approval roles. To do so, you can download the file for a specific user and update the required levels/approval role, and then upload the file to replace the existing data for this user with the data in the uploaded file.

• Append : To update the existing approval roles and to add additional levels with approval roles.

13. Click Upload.
    

14. After the file has been uploaded, a confirmation message is displayed. Click through to the Detail View dialog box (as shown here) to view the status of the upload action. Additionally, a process called ApprovalRolesUpload is created on the Job Manager page (as shown here).
    
    

15. If the upload process failed or was completed with errors, select the Click Here link under the Status column of the Detail View dialog box. This action downloads an Excel file with detailed information about why the failure occurred.
    
    An example of a failed upload process is shown here. Fix the errors and upload the file again.
    
    After the approval roles have been uploaded successfully, a confirmation message is displayed. The uploaded approval roles are displayed on the Approval Role Setup page, as shown here.
    

Best Practices

• To make permission management easier, you can use the user export options. If you use this feature, you do not have to worry about the format; you can just make the necessary changes to the exported information and quickly reload the file.

• You can use the Overwrite functionality to replace data. If you want to completely remove the existing data and replace it with new data, use the Overwrite option; otherwise, you can just use the Append option.

• If you are a bit hesitant to use this functionality, you should try out this new feature in your sandbox environment. After you are familiar with the functionality, you can make any changes to the Approval Roles or Permissions on your production environment.

Data Integration Security

What is Data Integration Security

Data integration security is comprised primarily of Data Load Rules. A Data Load Rule tells the system how to handle data values in the data source during a data load.

You can assign users and user groups with data integration security options, which allows users and user groups to access specific Data Load Rule (DLR) processes. You can create data load rules to load files, copy and paste data, and use web services to load segment hierarchies, attributes, attribute hierarchies, entity hierarchies, users, HR data, currency exchanges rate, and other data.

How To Setup Data Integration Security for a User or User Group

1. Access the User page by navigating to Maintenance > Admin > User Management.

2. Select a user or user group.

3. Select More then click Data Integration Security.

4. Select one of the following options to assign to the user or user group, otherwise, all data integration information will be disabled for that user or user group.

   • Access to Data Load Process Setup and all Data Load Process—For Super Users and Admins who have access to all functionality within the Data Integration module. Allows the user or user group to create new data load processes or update existing ones. Select one of the following options:
     • Allow the user to edit Data Load Rules —The selected user or user group will have edit privileges for all data load rules.
     • Do not allow the user to edit Data Load Rules —Selecting this option affects the Data Load Rules page and the functionality presented there. An alert is displayed when a user without edit permission tries to edit a data load rule.
   • Access to selected Data Load Processes—This option is for regular users. Allows users or user groups to access restricted data load processes and corresponding translations. Unmapped and mapped data integration process information is displayed when selected (see Step 5, below).
     • Allow the user to edit Data Load Rules —User or user group may edit the mapped or selected data load rules.
     • Do not allow the user to edit Data Load Rules - Select specific data load rules you do not want the selected user or user group to edit.

5. If you selected Access to selected Data Load Processes in the above step, select the Unmapped ETL Processes and click the forward arrow to move the process to the Mapped ETL Processes pane, which provides the selected user or user group with access. (See Note, below.)

6. Click Save. To setup or edit more users or user groups, select them from the User or User Group pull-down menu and repeat the appropriate above steps.

Report Access

What is Report Access

Reports provide important information and are used to analyze many aspects of a business. To provide users and user groups with access to generated reports, each user or user group must be assigned access privileges.

There are two pre-defined reporting roles available for users, which are defined on the add or edit user page:

• Report Administrator —Full control of all report artifacts and folders, including sub-folders
• Regular User —Permissions dependent upon the security permissions assigned to the user at the artifact, folder, and sub-folder level.

Access roles include no access, read only, edit, and full control.

• Read —User or user group can perform all actions except save, save as, copy, edit, delete, rename, or set security. User can run the report, drill-down, drill-through, check the usage report and add the reports to favorites.
• Edit —The Edit option is enabled only for folders. There is no edit access for reporting artifacts.
• Full control —User or user group an do all of the same as read access, and can also save. save as, copy, edit, delete, rename, or set security.

Bulk Actions in Report Access

You can perform bulk actions using the Bulk Actions list box. Any user with access to User Management can update Report Access for a user or user group or artifact. You can perform the following actions:

• Add Permissions - Allows you to provide permissions to multiple artifacts available in the File Cabinet. By default, Full Control access is enabled to the artifacts that are assigned to a user or user group. Reporting Administrators have access to all artifacts.

• Edit Permissions - Allows you to select multiple artifacts assigned to a user or user group and update their permissions. Can Edit access is not applicable to a few artifacts. If you assign Can Edit access to these artifacts, then Can Read access is assigned to users by default.

• Remove Permissions - Allows you to select multiple artifacts assigned to a user or user group and remove their permissions. If access to a folder is removed, then access to any subfolders and artifacts under the folder are automatically removed.

How to Set up Report Access Roles for Users or User Groups

1. Navigate to Maintenance > Admin > User Management > User.

2. Select a user from the list, then click More> Report Access. A list of reports for which the user has access to in the File Cabinet appears in the right pane.

3. To add a report or report folder to the access list, select the report or folder and then use the right arrow to add it to the list in the right pane.

4. Select the level of access that the user will have for the report or report folder: No access, Read, Edit, or Full Control.

5. Click Save. To setup or edit more users or user groups, select them from the User or User Group pull-down menu and repeat the appropriate above steps.

You can export the Report Security details using the Export to Excel drop-down list. The report contains information about a user’s access details. You can select any of the following options and export the Report Security details:

Export All Users : Exports the Report Security details of all the users.

Export Selected User : Exports the Report Security details of a user selected from the Report Access page.

In Practice

You can generate the Report Security details by navigating to Maintenance > User Management > User > More > Report Access > Export to Excel.

If you select the Export Selected User option, then Report Security Export is downloaded directly to your system. When you select the Export All Users option, a notification is displayed that Report Security Export has been submitted for processing. After the process is complete, a link to download the report is displayed. You can either click the link to download or you can view the report sent to your registered e-mail address.

Add-In Security

What is Add-In Security

Add -In Security is specific to Planful Add-In functionality. Read all about it here.

You only need to complete this if you are using Planful Offline Planning. Office Planning is an Excel planning tool you may download to perform budgeting tasks while not connected to the application.

How to Setup Add-In Security for Users and User Groups

To setup add-in security for your users or user groups (user groups for Offline Planning only):

1. Navigate to Maintenance > Admin > User, then select More > Add-In Security.

2. Select the Add-In type - Offline Planning.

3. Select the users and users groups you want to give access to from the Unmapped Users/User Groups left pane, then click the right arrow to add them to the Mapped Users/User Groups right pane. (To unmap users or user groups, select them from the right mapped pane, then click the left arrow to add them to left unmapped pane.)

4. Click Save.

Copy User Permissions

Which User Permissions Can Be Copied

You can copy an existing (i.e., source) user, along with all associated permissions and roles, to a target user. This is an easy way to give a new user the same permissions as an existing user.

Permissions and roles that can be copied:

• Dimension security

• Navigation Role

• Scenario Access

• Data Integration Security

• Analytics Security

• Approval Role

• Report Access

• All Consolidation related security permissions

• User Groups, whereby all user groups the source user belongs to will be copied to the target user

How to Copy User Permission From a Source to Target User

1. Navigate to Maintenance > Admin > User Management > User.

2. Select the user whose permissions you want to use as the source user.

3. Select More > Copy User Permissions. Note that the user you selected is listed in the Source user field.

4. Select a target user from the User list left pane, then click the right arrow to add them to the Target users right pane.

5. Click Save. The source users permissions and roles are copied to the target user.

Workforce Reporting Security

What is Workforce Reporting

Workforce Reporting enables structured, ad hoc analysis of workforce planning dimensions and measures. Workforce Reporting is integrated into the application as a Reporting Area, allowing you to report on employee-specific compensation and other financial dimensions.

What is Workforce Reporting Security

This type of security allows you to specify users and user groups that can access Workforce reports.

How to Setup Workforce Reporting Security

To provide security to users and user groups for Workforce Reports:

1. Navigate to Maintenance > Admin > User Management > User.

2. Select a user from the list.

3. Click More > Report Access.

Security Example

The following table lists example security settings for a user John Doe—approval role, scenario access, and so forth—with a navigation path to the page where the settings are located:

In this example, with these settings, Workforce Reporting security is honored for Dynamic Reports, for the given scenarios and budget entities, in the following ways:

For Budget 2017 Scenario:

• 1000-HQ-Exec —John Doe cannot access any employee data as the Approval Role on this Budget Entity does not have HR Template mapped.
• 1000-HQ-MKTG —John Doe can access Salaries and Bonuses data for all employees for this Scenario and Budget entity combination. However, he cannot view Non-Cash Stock Compensations and Benefits for the employees.
• 1000-HQ-HR —John Doe cannot access any employee data as HR template mapping does not exist for this Scenario and Budget entity combination.

For Forecast 2017 Scenario:

• 1000-HQ-MKTG —John Doe cannot access any employee data, even though HR Template is mapped to the given Scenario and Budget Entity combination, because he does not have access to Forecast 2017 scenario.

Task Manager Roles

Overview

There are two roles you can assign for Task Manager; Regular User and Admin User. The Admin User role can perform specific actions (like create an announcement) that Regular User roles cannot.

How to Set Task Manager Roles for Users

To set the user role, complete the steps below:

1. Navigate to Maintenance > Admin > User Management.

2. If creating a new user, click Add on the User page. Otherwise, select a user and click Edit.

3. Select Regular User or Admin User from the Task Manager Role list-box.
   

4. Click Save.
   For more information, see the Task Manager guide.

Password Reset - Send Email

To send an email to a user when their password has been reset:

1. Navigate to Maintenance > Admin > User Management > User.

2. Select the user.

3. Click More > Password Reset.

Control Over External Users

Overview

Customers have full control over external user access. You can:

• Change / Edit External User Security
• Delete External Users

How to Change / Edit External User Security

All security options under the More menu located on the User Management page are now enabled for External Users.

Access the User page by navigating to Maintenance > Admin > User Management. Select a user with a User Type that is External.

You can change the security settings for an External User. For example, if you no longer want an external user to have access to Reports, Dimension Security or Add-In Security.

How to Delete External Users

A Business User can delete an External User by completing the following steps:

1. Access the User page by navigating to Maintenance > Admin > User Management.

2. Select the External User.

3. Click Delete.

Two Step Verification

Additionally, External users are subject to Two Step Verification as it is now mandatory for all external users. This additional security measure prevents unauthorized access to your Planful application. For example, if you call Planful Support and allow an agent to access your application, that agent will be required to not only use a password, but must authenticate via a code sent to their email address (see page below) or via text sent to their mobile phone.