/
How to limit GL Data Access

How to limit GL Data Access

Owned by Knowledge Assistant
Last updated: Feb 12, 2025
2 min read



Description of Issue

Need user to only be able to access certain accounts within particular programs



Context

  • Security

  • Roles & Permissions

  • Data Access

  • Restrictions



Cause

  • User currently has too much access and restrictions need to be applied to limit account visibility

  • New fund accounts have been added to the General Ledger and need to be taken into account for user access



Resolution

  1. Browse to System Administration>Security>User Attributes

  2. Click Search

  3. Enter the User's ID

  4. Click Accept

  5. Highlight the Role that you would like to update this GL Data Access for, and click Edit Role

  6. Click into the General Ledger section of this Role

  7. Click on the Data Access yellow detail folder at the bottom of this screen

  8. Select Limit

  9. Click Accept

  10. Enter the Range of segments that the user can access

  11. Click Select Programs

  12. Click the check box next to the program that you would like to add

    • Applicable programs are the programs where access limitation applies.

    • If applicable program is not listed on any limited record user would automatically have full data access.

    • Not all programs are listed. Many programs inherit their permissions from others. 

      • Example: Next Year Budget Entry limitations are inherited by Central Budget Entry

  13. Click OK

  14. Click Accept



Additional Information

  • Please note: Making changes to a ROLE will affect all users assigned to that ROLE. 

  • Data Access for Munis Modules = What can a user see. Works hand in hand with Permissions.  

  • When thinking about LIMITED GL data access a individual code/segment type range is an "OR" but if a different code/segment type is listed its an "AND" which means both must be true.  

    • If you use ORGs on a record there is no reason to also use a segment as ORG = all segments that make up ORG.  

    • If you listed an ORG with a segment it does not use for example the logic will never be true, it will always be false. 

    • Each LIMITED record is an "OR" as in this record or this record applies.  Then this defined limitation only impacts listed applicable programs for that specific LIMITED record.  

    • If a program is not listed user automatically has FULL access to that program.  

    • Keep in mind a role can have multiple LIMITED records and a user can have multiple roles.  

      • Make sure to review all LIMITED records.

    •  Search wide open searched in applicable programs to see what a user can see in total for records.  

  • These permission will only LIMIT for applicable programs if not applicable use automatically has FULL.











Related content

General Ledger Data Access - Restrict user from using specific segment or code
General Ledger Data Access - Restrict user from using specific segment or code
Knowledge Assistant
More like this
How to determine which role grants access to specific accounts
How to determine which role grants access to specific accounts
Knowledge Assistant
More like this
GL Account Segment Group data access - include account with no project code and certain accounts with project codes
GL Account Segment Group data access - include account with no project code and certain accounts with project codes
Knowledge Assistant
More like this
Limit GL access based on Long Account in Payroll
Limit GL access based on Long Account in Payroll
Knowledge Assistant
More like this
Limit Accounts seen by users for Budget Entry in Central Budget Entry or Next Year Budget Entry
Limit Accounts seen by users for Budget Entry in Central Budget Entry or Next Year Budget Entry
Knowledge Assistant
More like this
Assign a user access to new Org codes
Assign a user access to new Org codes
Knowledge Assistant
More like this