How to limit GL Data Access

Description of Issue

Need user to only be able to access certain accounts within particular programs

Context

Cause

User currently has too much access and restrictions need to be applied to limit account visibility

Resolution

Browse to System Administration>Security>User Attributes
Click Search
Enter the User's ID
Click Accept
Highlight the Role that you would like to update this GL Data Access for, and click Edit Role
Click into the General Ledger section of this Role
Click on the Data Access yellow detail folder at the bottom of this screen
Select Limit
Click Accept
Enter the Range of segments that the user can access
Click Select Programs
Click the check box next to the program that you would like to add
Click OK
Click Accept

Additional Information

Please note: Making changes to a ROLE will affect all users assigned to that ROLE.
Data Access for Munis Modules = What can a user see. Works hand in hand with Permissions.
When thinking about LIMITED GL data access a individual code/segment type range is an "OR" but if a different code/segment type is listed its an "AND" which means both must be true.
- If you use ORGs on a record there is no reason to also use a segment as ORG = all segments that make up ORG.
- If you listed an ORG with a segment it does not use for example the logic will never be true, it will always be false.
- Each LIMITED record is an "OR" as in this record or this record applies. Then this defined limitation only impacts listed applicable programs for that specific LIMITED record.
- If a program is not listed user automatically has FULL access to that program.
- Keep in mind a role can have multiple LIMITED records and a user can have multiple roles.
  - Make sure to review all LIMITED records.
- Search wide open searched in applicable programs to see what a user can see in total for records.
These permission will only LIMIT for applicable programs if not applicable use automatically has FULL.