You use this program to selectively define access rights for operators to query and post to structured General Ledger codes.
- Toolbar and menu
- Copy GL Structure Access
- Security for Queries
- Security for Posting
- Security Access
- Notes and warnings
| Field | Description |
|---|---|
| Delete | Select this to delete the access rights (for the operator, group or role) to the section currently highlighted in the Security For Queries or Security For Postings treeview. |
| Save | Saves the access rights defined. |
| Access Level | Indicate the level at which you want to define access
rights. Security access can be define by individual operator, by operator group or operator role. Depending on your selection, you indicate the required operator, group or role. |
| Operator | Indicate the operator for which you want to define access rights. |
| Group | Indicate the group for which you want to define access rights. |
| Role | Indicate the role for which you want to define access rights. |
| Allow Access To Root Level For Queries |
This option applies only to the GL Structure Query program, which displays a treeview of the complete hierarchy of all sections. If you select this option, then the operator is prevented from viewing values for all sections below the root level of the treeview. If you do not select this option, then you can selectively indicate the access levels for each section below the root level. |
| Copy Configuration | Select this to copy the access rights from an operator, group or role to another operator, group or role. |
This is displayed when you select the Copy Configuration option.
| Field | Description |
|---|---|
| Copy | Select this to copy the access rights according to your selections. |
| Close | Select this to ignore any selections made and to return to the previous screen. |
| Copy from | |
| Configuration type | Indicate whether you want to copy the access rights from an operator, group or role. |
| GL structure | Indicate the operator, group or role from which you want to copy access rights. |
| Copy to | |
| Configuration type | Indicate whether you want to copy the access rights to an operator, group or role. |
| GL structure | Indicate the operator, group or role to which you want to copy the access rights. |
This enables you to define access to querying ledger codes.
This pane is either enabled or disabled by toggling the Separate Security for Queries option.
When this pane is disabled, the access rights defined in the Security For Posting pane is also applied to queries.
When this pane is enabled, you can define different access rights for queries and for postings.
The sections you defined in the GL Structure Definition program are displayed in a treeview structure. The top level of the treeview indicates the first section you defined (i.e. Section 1). Each subsequent section defined becomes the child of the previous section and the parent of the next section.
Within each section and its sub-sections you can selectively indicate the security accesses required for queries by highlighting the section (or sub-section) by right clicking on the section (see Security Access).
By default, all operators are denied access to all sections.
A tick against a section in the treeview indicates that the operator, group or role has access to that section.
| Field | Description |
|---|---|
| Copy to Posting | Select this to copy the access rights defined against
queries, to postings. The access rights defined in the Security For Queries pane are applied to the Security For Postings pane. |
The sections you defined in the GL Structure Definition program are displayed in a treeview structure. The top level of the treeview indicates the first section you defined (i.e. Section 1). Each subsequent section defined becomes the child of the previous section and the parent of the next section.
Within each section and its sub-sections you can selectively indicate the security accesses required for posting by highlighting the section (or sub-section) by right clicking on the section (see Security Access).
By default, all operators are denied access to all sections.
A tick against a section in the treeview indicates that the operator, group or role has access to that section.
| Field | Description |
|---|---|
| Copy to Queries | Select this to copy the access rights defined against
postings, to queries. The access rights defined in the Security For Postings pane are applied to the Security For Queries pane. |
| Separate Security for Queries | This enables you to define separate access rights for
postings and for queries. This option acts as a toggle and can be used to either enable or disable the Security for Queries pane. |
This is displayed when you right click on a section in the Security For Queries or Security For Postings treeview.
![[Note]](images/note.png)
|
|
|
Regardless of any access security defined for the sections against the operator, group or role, all ledger codes are available for selection in the Financial Report Writer. |
|
Once defined, access is applied by checking each section for a given operator to determine if the operator has access. First, the operator's access right are checked. If these are disallowed, then the group to which the operator belongs is checked. If the group access is denied, then the role to which the operator belongs is checked. If the role access is denied, then the operator cannot access the section. Role access is validated against the current role the operator logged in with.
When access is defined at multiple levels, validation is determined in the following sequence: firstly at Operator level, secondly at Group level and thirdly at Role level. This means that if access is defined at operator level to have no access, but at role level to have access, then validation will fail.
When GL Structure access is determined by role, then access is validated against the role the user is currently logged in with.
This means that even if the individual operator does not have access to a section, if the group or the role to which the operator belongs has access, then the operator will have access to the section.
| Field | Description |
|---|---|
| Permissions for |
This indicates the section for which you are maintaining access rights. |
| Allowed |
A tick in this column indicates that the operator has access to the ledger code. |
| Children allowed |
A tick in this column indicates that the operator has access to the ledger code if the group or role has access to the parent section. Note that when you select this option against the top most level, only the next immediate level access is displayed as checked, but not the lower sections. The display does not display the ticks through each section, as this would take too many resources to update and would take to long. Therefore, although visually it seems that the lower levels do not have access, they do. See Children Allowed for an example. |
| All |
Select this to allow the operator, group or role access to the section as well as to all the sub-sections (children) of the current section. Note that a tick is placed against the section to which you have granted access to all. A tick is not placed against each child entry under that section to denote that it is allowed as well, because to do so would require reading through each and every section and applying the tick, which would slow the program down considerably. When you select this option, access to items subsequently added to the section are automatically granted to the operator, group or role. |
| None |
Select this to deny the operator, group or role access to the section and to all the sub-sections (children) of the current section. When you select this option, access to items subsequently added to the section are automatically denied to the operator, group or role. |
| List |
Select this to individually define permissions for the sub-sections (children) of the current section. When you select this option, access to items subsequently added to the section are automatically denied to the operator, group or role. |
| Apply |
Select this to save the security access permissions you defined for the current section. This function is only enabled once you make changes on this screen. |
| Close | Select this to return to the previous screen. |
This is an example of how the Children allowed option is applied:
-
You defined:
-
an operator - Op1
-
a group - Grp1 to which the operator belongs
-
-
You set up your structured GL code to consist of:
-
a Branch of 2 digits
-
a Ledger code of 4 digits
-
The following accesses are defined:
| Branch | Ledger code | Op1 | Grp1 | Children Allowed |
|---|---|---|---|---|
| HO | Allowed | Allowed | ||
| 1010 | Allowed | |||
| 1020 | Allowed | |||
| 1030 | Yes (ticked) | |||
| 1040 | No (not ticked) |
In this case, the operator has access to:
-
HO-1010 (direct operator access).
-
HO-1020 (access via the group to which the operator belongs).
Now, because the operator has access to Branch HO, the system checks the Children Allowed option.
The operator therefore has:
-
access to HO-1030 because Children Allowed is selected.
-
no access to HO-1040 because Children Allowed is deselected.