General Ledger > Setup > GL Structure Access Maintenance

GL Structure Access Maintenance

You use this program to selectively define access rights for operators to query and post to structured General Ledger codes.

Toolbar and menu

Field Description
Delete Select this to delete the access rights (for the operator, group or role) to the section currently highlighted in the Security For Queries or Security For Postings treeview.
Save Saves the access rights defined.
Access Level Indicate the level at which you want to define access rights.

Security access can be define by individual operator, by operator group or operator role.

Depending on your selection, you indicate the required operator, group or role.

Operator Indicate the operator for which you want to define access rights.
Group Indicate the group for which you want to define access rights.
Role Indicate the role for which you want to define access rights.
Allow Access To Root Level For Queries

This option applies only to the GL Structure Query program, which displays a treeview of the complete hierarchy of all sections.

If you select this option, then the operator is prevented from viewing values for all sections below the root level of the treeview.

If you do not select this option, then you can selectively indicate the access levels for each section below the root level.

Copy Configuration Select this to copy the access rights from an operator, group or role to another operator, group or role.

Copy GL Structure Access

This is displayed when you select the Copy Configuration option.

Field Description
Copy Select this to copy the access rights according to your selections.
Close Select this to ignore any selections made and to return to the previous screen.
Copy from  
Configuration type Indicate whether you want to copy the access rights from an operator, group or role.
GL structure Indicate the operator, group or role from which you want to copy access rights.
Copy to  
Configuration type Indicate whether you want to copy the access rights to an operator, group or role.
GL structure Indicate the operator, group or role to which you want to copy the access rights.

Security for Queries

This enables you to define access to querying ledger codes.

This pane is either enabled or disabled by toggling the Separate Security for Queries option.

When this pane is disabled, the access rights defined in the Security For Posting pane is also applied to queries.

When this pane is enabled, you can define different access rights for queries and for postings.

The sections you defined in the GL Structure Definition program are displayed in a treeview structure. The top level of the treeview indicates the first section you defined (i.e. Section 1). Each subsequent section defined becomes the child of the previous section and the parent of the next section.

Within each section and its sub-sections you can selectively indicate the security accesses required for queries by highlighting the section (or sub-section) by right clicking on the section (see Security Access).

By default, all operators are denied access to all sections.

A tick against a section in the treeview indicates that the operator, group or role has access to that section.

Field Description
Copy to Posting Select this to copy the access rights defined against queries, to postings.

The access rights defined in the Security For Queries pane are applied to the Security For Postings pane.

Security for Posting

The sections you defined in the GL Structure Definition program are displayed in a treeview structure. The top level of the treeview indicates the first section you defined (i.e. Section 1). Each subsequent section defined becomes the child of the previous section and the parent of the next section.

Within each section and its sub-sections you can selectively indicate the security accesses required for posting by highlighting the section (or sub-section) by right clicking on the section (see Security Access).

By default, all operators are denied access to all sections.

A tick against a section in the treeview indicates that the operator, group or role has access to that section.

Field Description
Copy to Queries Select this to copy the access rights defined against postings, to queries.

The access rights defined in the Security For Postings pane are applied to the Security For Queries pane.

Separate Security for Queries This enables you to define separate access rights for postings and for queries.

This option acts as a toggle and can be used to either enable or disable the Security for Queries pane.

Security Access

This is displayed when you right click on a section in the Security For Queries or Security For Postings treeview.

[Note]

Regardless of any access security defined for the sections against the operator, group or role, all ledger codes are available for selection in the Financial Report Writer.

Once defined, access is applied by checking each section for a given operator to determine if the operator has access. First, the operator's access right are checked. If these are disallowed, then the group to which the operator belongs is checked. If the group access is denied, then the role to which the operator belongs is checked. If the role access is denied, then the operator cannot access the section. Role access is validated against the current role the operator logged in with.

When access is defined at multiple levels, validation is determined in the following sequence: firstly at Operator level, secondly at Group level and thirdly at Role level. This means that if access is defined at operator level to have no access, but at role level to have access, then validation will fail.

When GL Structure access is determined by role, then access is validated against the role the user is currently logged in with.

This means that even if the individual operator does not have access to a section, if the group or the role to which the operator belongs has access, then the operator will have access to the section.

Field Description
Permissions for

This indicates the section for which you are maintaining access rights.

Allowed

A tick in this column indicates that the operator has access to the ledger code.

Children allowed

A tick in this column indicates that the operator has access to the ledger code if the group or role has access to the parent section.

Note that when you select this option against the top most level, only the next immediate level access is displayed as checked, but not the lower sections. The display does not display the ticks through each section, as this would take too many resources to update and would take to long. Therefore, although visually it seems that the lower levels do not have access, they do.

See Children Allowed for an example.

All

Select this to allow the operator, group or role access to the section as well as to all the sub-sections (children) of the current section.

When you select this option, access to items subsequently added to the section are automatically granted to the operator, group or role.

None

Select this to deny the operator, group or role access to the section and to all the sub-sections (children) of the current section.

When you select this option, access to items subsequently added to the section are automatically denied to the operator, group or role.

List

Select this to individually define permissions for the sub-sections (children) of the current section.

When you select this option, access to items subsequently added to the section are automatically denied to the operator, group or role.

Apply

Select this to save the security access permissions you defined for the current section.

This function is only enabled once you make changes on this screen.

Close Select this to return to the previous screen.

Children Allowed

This is an example of how the Children allowed option is applied:

  • You defined:

    • an operator - Op1

    • a group - Grp1 to which the operator belongs

  • You set up your structured GL code to consist of:

    • a Branch of 2 digits

    • a Ledger code of 4 digits

The following accesses are defined:

Branch Ledger code Op1 Grp1 Children Allowed
HO   Allowed Allowed  
  1010 Allowed    
  1020   Allowed  
  1030     Yes (ticked)
  1040     No (not ticked)

In this case, the operator has access to:

  • HO-1010 (direct operator access).

  • HO-1020 (access via the group to which the operator belongs).

Now, because the operator has access to Branch HO, the system checks the Children Allowed option.

The operator therefore has:

  • access to HO-1030 because Children Allowed is selected.

  • no access to HO-1040 because Children Allowed is deselected.

Notes and warnings

Prerequisites