Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Security can be defined for the Company and Business Segment dimensions.

Things to Consider when Setting Business Segment Security

The Default Permission Level

If the business segment security has been set to Yes, the default security is NONE. If no security is applied to the business segment, the effective security for the element is WRITE.

Security for the Planning Business Segment

The planning business segment has the same security as the associated business segment. Depending on the level of detail the business plans you may need to set the consolidated element to WRITE so that the business can plan for that consolidate element.

Security and the General Ledger Cube

The General Ledger cube is a read only cube. Setting the business segment security to WRITE for an element will not allow the report reader to change the data in the General Ledger.

Permission Level on Different Rollups

It is possible to grant different permission level to the same element in the same hierarchy. This happens when the element is a member of more than one consolidation and different permission level are granted to those consolidations which are recursively applied to the members of the consolidation. In this case, the highest permission for the element will be granted to the element when the security is applied.

Permission level from highest to lowest:

WRITE

READ

NONE

Permission Level for Different Groups

It is likely that a client will be a member of more than one Group. Each group may have different permission levels for the element in the business segment. In this case, the group with highest permission for the element will be granted to the client.

Permission level from highest to lowest:

WRITE

READ

NONE

Unused Permission Levels

The permission level of LOCK, RESERVE and ADMIN should not be used in business segment security. Do so is the same as using WRITE.

Setting the Business Segment Security

Whether a business segment has security is determined in the business segment’s Settings. To change a business segment security, click on the Settings popup on the toolbar.

Security is applied globally. Set the Secured parameter to Yes to apply security to the dimension. Set the Secured parameter to No to remove the security from the dimension. Click on the Setup Security button to apply the security setting.

Business Segment Security

Click on the Security tab in the Business Segment Maintenance page to set the security for the Business Segment. For each element and security group you can define the level security.

Security Groups

In the Groups filter are the list of security groups for the Business Segment.

  • FPM Module Admin - The security group that manages the Business Segments in Apliqo FPM. This group has ADMIN access to all elements in the dimension.

  • APQ User - All clients are members of this group. This group must have Read permissions to the NA FIN BSEG x element.

  • FIN BSEG x: Are custom security groups associated the Business Segment.

Creating a Security Group

To add new security group, click on Create Groups.

image-20240905-235456.png

Enter the name of the Group to be added. By convention, Business Segments security groups are prefixed with the business segment principal name and should be included in the group name. Multiple groups can be added by separating the groups with the Separator character.

Defining the Element Permission Level

Select the security group to define element security.

  • Current Permission Level - (Read Only). Is the permission the selected security group has for the element.

  • Permission Level - (Optional). The level of permission the select security group is to have to the element. If left blank is the same as giving the permission of ‘None’.

    • Write - The ability to change the data against the element.

    • Read - The ability to read the data against the element.

    • None - No access to the data against the element.

  • Permission Type - (Optional). How the permission is to be applied to the members of the consolidated element.

    • Recursive - The Permission Level is to be applied to the consolidated element and the members of the consolidated element to the level set in InheritToDivLevel.

    • Point - The Permission Level is to be applied to the element only.

  • InheritToDimLevel - Is applicable when the Permission Type is Recursive. Pick the lowest level of the rollup the security is to be applied.

Applying the Permissions

To apply the security changes, click on Update Groups.

image-20240906-000400.png

Confirm the correct dimensions are being updated and click on Update Security. The Current Permission Level will reflect the changes in the Permission Level.

Business Segment and the Automation

The element security needs to be updated each time the dimension is built. To automate the update of the business segment security set the Update Element Security parameter. Click on the Automation tab. Select the Framework Update in the Settings Filter.

image-20240906-001446.png

Set the Update Element Security parameter to Y. Set the Full Element Security Refresh to 'Y'.

If the planning business segment dimension is in use, apply the same settings the planning business segment dimension.

Assigning Clients to Business Segment Groups

For a Client to see the data against a group they need to be assigned to the business segment group. See Assigning a client to a group for more information.

  • No labels