Overview

Access Security is being removed. A new role, Account Data Viewer, has been created to control access to Balance Lookups and Documents. 

Permission changes

• In order to allow all users to continue to open documents without Accounting Lines, we made the following changes: 

  • Assigned Open Document KFST to Account Data Viewer Role, Fiscal Officer, Account Supervisor and Account Manager

  • Assigned the following permissions to all roles that are currently assigned permission 133, Open Document KFS:

    • Open Document KFSM

    • Open Document FSSM

    • Open Document IDMT

  • Unassigned and inactivated permission Open Document KFS.

Role 84, Potentially Sensitive Document User changes

• To preserve Potentially Sensitive Document User functionality, the following changes were made to role 84: 

  • Roles 32 and 54 were removed from Role 84 (potentially sensitive document user)

  • Role Account Data Viewer was added as a member with qualifier false

New Roles 

• KFS-SYS, Account Data Viewer -can be used to control organizational and account access. The role is qualified by Chart and Organization or Account, and descends the hierarchy.  To preserve current base behavior Role 1 has been assigned to this role qualified with the top level chart and organization. The Account Data Viewer role type membership always matches for documents with no accounting lines

• Account Manager, a new derived role, similar to Account Supervisor and Fiscal Officer, has been added to allow Account Managers to access balance lookups for accounts they are associated with.

Setting up the Account Data Viewer Role to control Access

• Add the following roles to the Account Data Viewer Role qualified with top level chart and org

  • 22, Accounts Payable Processor - in order to create Payment Requests and Credit Memos for all accounts

  • 41, Fiscal Officer, in order to access documents and lookups associated with their accounts. 

  • 9, Account Supervisor, in order to access documents and lookups associated with their accounts. 

  • 26, Purchasing Processor - in order to be able to process Purchasing Documents

  • FINP-12741-ROLE1, Account Manager

• Add users, groups or roles assigned with proper qualification to restrict access. Adding the Fiscal Officer, Account Supervisor and Account Manager roles at the top level chart will allow those roles to access data for the accounts they are associated with. 

• Requisition Initiators will have access to view the POs, PREQs and CMs associated with Requisitions they initiated. 

Balance Lookups

To control access to General Ledger and Labor Ledger Balances, the following permissions were created and assigned to the Account Data Viewer role.

• Unmask Record Open Encumbrances
• Unmask Record General Ledger Balance
• Unmask Record Employee Funding
• Unmask Record General Ledger Entry
• Unmask Record Labor Ledger Pending Entry
• Unmask Record Current Account Balance
• Unmask Record Labor Ledger Entry
• Unmask Record Cash Balance
• Unmask Record General Ledger Pending Entry
• Unmask Record Balances by Consolidation
• Unmask Record Available Balance
• Unmask Record Labor Ledger View
• Unmask Record Balances By Level
• Unmask Record Balances By Object
• Unmask Record Labor Ledger Lookup for Salary Expense Transfer
• Unmask Record Labor Ledger Lookup for Benefit Expense Transfer
• Unmask Record Labor Ledger View for Effort Certification
• Unmask Record General Ledger Transfer Entry - needs to be created manually
• Unmask Record Asset Processing General Ledger Entry - needs to be created manually
   

Documents

Restricting access to documents will be controlled by using the Open Document permission. The Open Document permission has been changed to allow qualification by Chart and Organization or Account. Open Document KFST can be copied to create finer grained permissions. Requisition initiators will be able to open related Purchase Order, Payment Requests and Credit Memos.