How to limit GL Data Access



Description of Issue

Need user to only be able to access certain accounts within particular programs



Context
  • Security

  • Roles & Permissions

  • Data Access

  • Restrictions



Cause

User currently has too much access and restrictions need to be applied to limit account visibility



Resolution
  1. Browse to System Administration>Security>User Attributes

  2. Click Search

  3. Enter the User's ID

  4. Click Accept

  5. Highlight the Role that you would like to update this GL Data Access for, and click Edit Role

  6. Click into the General Ledger section of this Role

  7. Click on the Data Access yellow detail folder at the bottom of this screen

  8. Select Limit

  9. Click Accept

  10. Enter the Range of segments that the user can access

  11. Click Select Programs

  12. Click the check box next to the program that you would like to add

  13. Click OK

  14. Click Accept



Additional Information
  • Please note: Making changes to a ROLE will affect all users assigned to that ROLE. 

  • Data Access for Munis Modules = What can a user see. Works hand in hand with Permissions.  

  • When thinking about LIMITED GL data access a individual code/segment type range is an "OR" but if a different code/segment type is listed its an "AND" which means both must be true.  

    • If you use ORGs on a record there is no reason to also use a segment as ORG = all segments that make up ORG.  

    • If you listed an ORG with a segment it does not use for example the logic will never be true, it will always be false. 

    • Each LIMITED record is an "OR" as in this record or this record applies.  Then this defined limitation only impacts listed applicable programs for that specific LIMITED record.  

    • If a program is not listed user automatically has FULL access to that program.  

    • Keep in mind a role can have multiple LIMITED records and a user can have multiple roles.  

      • Make sure to review all LIMITED records.

    •  Search wide open searched in applicable programs to see what a user can see in total for records.  

  • These permission will only LIMIT for applicable programs if not applicable use automatically has FULL.