Introduction: Authorizations in Financials

Introduction

The purpose of assigning authorizations in Comarch ERP Enterprise and Comarch Financials Enterprise is, among other things, to define which functions can be called up in the system and which objects can be processed with these functions. This authorization concept is described in the Authorizations technical documentation.

In addition, you can assign authorizations in Comarch Financials Enterprise for certain (selective) data (called authorization objects). These data authorizations allow evaluation, posting and modification rights to be permitted and restricted at the individual data level. In general, there are no evaluation, posting and modification restrictions on data level for users in Comarch Financials Enterprise.

This means that if a user is authorized, for example, to open the posting dialog, the user can also create postings. In order to assign authorizations in Financials, the Authorizations function must be activated on the one hand, and on the other hand, the posting, evaluation or modification rights are activated for the corresponding authorization object.

By activating the authorization for Financials, you can assign authorizations for the following authorization objects:

  • Object account
  • Dimension 01 to 20
  • Definition of columns
  • Definition of rows

When assigning authorizations for an authorization object, a decision can generally be made to which objects a user can use to create reports and for which objects he can make bookings. For the authorization object Object account, for example, you can grant a user authorization to evaluate all object accounts, but exclude individual object accounts.

These authorizations are assigned to an authorization role and apply to all users and user groups assigned to the authorization role.

Note
The authorizations in Financials override the administrator rights. This means that even if a user is an administrator, he can only evaluate an object account if this right is assigned to him via the authorization role of the organization.

Posting right

The posting right includes direct posting or value acquisition for objects that can be posted. This does not affect indirect posting of objects. For indirect postings, e.g., through automatic cash discount, tax or collective account postings, authorizations are not controlled in general.

Special features for posting rights

In the Financials, special features are taken into account for the posting right. For example, in the Posting financial accounting application, you can not only create postings, but also analyze existing posting processes through displays.

Therefore, separation based on posting and analysis authorizations cannot be applied here. If a user was granted the posting right for an object account, the user is also automatically authorized in the posting dialog to analyze this object account. On the other hand, if a user does not have a posting authorization for an object account, the user cannot analyze it in the posting dialog, although the user has the right of analysis for the object account.

This special feature also applies to the Cash sheet pre entry, Posting controlling and Planning online applications.

Right of analysis

The right of analysis includes all activities of authorization objects to be analyzed, meaning reports and cockpit views. For the direct call-up of an object (object account) in cockpits, lack of an analysis authorization results in rejecting the display request with an error message.

In the case of an indirect selection of protected objects, the object description is rendered unrecognizable with the Not authorized text if the analysis authorization is missing. Furthermore, these objects are output without values and not taken into account in total representations. Examples of this are reports and cockpit displays which, due to their selection (e.g. multiple selection or generic selection information), include objects for which a user is authorized as well as objects for which this user is not authorized. This also applies to transaction displays that are called up for objects for which a user is authorized, and which in turn contain objects protected for analysis within their listed individual transactions. For example, an object account may be evaluated based on the authorizations of a user, but the postings on this account also include offsetting postings for an account for which the user is not authorized.

Special features for analysis rights

For the rights of analysis, special features are taken into account in cockpits and, in particular, in reports. This applies, for example, to analyses with the use of the Output defined reports report application. Here you can already check when the report is called up whether the selected report contains objects for which the calling user has no evaluation authorization. This is done using the Check for complete authorizations indicator. If the indicator is activated, the user receives a corresponding error message if he does not have the evaluation authorization for all objects in the report. If the indicator is not activated, the objects for which the calling user has no evaluation authorization are output in the report with the value 0.00 and the object description Not authorized. These objects are not taken into account in the presentation of the results, i.e. the values of the unauthorized objects are not included in the total. If the calling user is not authorized to evaluate all column and row schemes used in the report, the output of the report is prevented with a corresponding note.

In addition, the authorization control is also performed in some cockpit views and reports of the Financials for object accounts that are specified as contra accounts. If the analysis authorization is missing, the account number is rendered unrecognizable with ***** and the description with Not authorized, both for accounts and for contra accounts. This applies, for example, to the Output posting journal and Output periodic postings reports.

Right of modification

The right to modify can only be assigned for the authorization objects Column scheme and Row scheme. This right includes the creation (also by duplicating), the modification and the deletion of the actual master data entries of an object. Holders of this authorization are allowed to edit the master data of the object in full.

Procedure: Authorizations in Financials

In order to assign data authorizations in financial accounting, settings must first be made in the Customizing application. You can then manage the authorizations for various authorization objects in the Authorizations in Financials application.

Settings

The following settings must be applied for assignment of authorizations in the Financials.

Customizing

First of all, the Authorizations function for the Comarch Financials Enterprise framework must be activated in the Customizing application.

With the Settings tab, you can control, depending on the organization, whether and which authorizations you want to assign. By activating the respective field, the following authorizations can be assigned:

  • Posting authorization for object account
  • Analysis authorization for object account
  • Modification authorization for row schema
  • Analysis authorization for row schema
  • Modification authorization for column schema
  • Analysis authorization for column schema

Dimension types

In the Dimension types application, you activate the authorization assignment for optional dimensions. You can use the Posting authorization and Analysis authorization fields to control whether and which authorizations you want to assign for each dimension type.

Authorizations in Financials

The application Authorizations in Financials is used to record and edit authorizations for individual authorization objects in financial accounting and controlling, e.g. the authorization object Object account. Here you can grant or withdraw posting, evaluation and modification authorizations for objects of an authorization object of an organization to the users of an authorization role.

For a detailed description of this application, refer to the Authorizations in Financials document.

Authorization control

By assigning authorizations in the Authorizations in Financials application, controls are triggered in various applications in financial accounting and controlling. The applications in which authorizations are controlled depends on which authorizations are granted. As already described in the chapters Posting right and Evaluation right, evaluation authorizations usually concern the cockpit and reporting applications, while posting authorizations mainly concern the entry of postings.

Czy ten artykuł był pomocny?