Authorizations in Financials

Topic overview

In addition to authorizations based on the authorization concept of Comarch ERP Enterprise, additional authorizations can be assigned in Comarch Financials Enterprise for certain (selective) data (called authorization objects). These data authorizations allow the users of an authorization role to be granted or withdrawn evaluation, posting and modification rights at the individual data level.

Through assignment of authorizations in Financials, for example, access to sensitive data (e.g., salaries of business executives) can be prevented for certain users.

This document describes the Authorizations in Financials application.

Application description

The application Authorizations in Financials is used to enter and process authorizations for individual authorization objects in financial accounting and controlling, currently for authorization objects

  • Object account
  • Dimension 01 to 20
  • Definition of columns
  • Definition of rows

Here, users of an authorization role can generally decide whether evaluations can be created, e.g. for an object account, postings can be made, e.g. for a cost center, or whether modifications, e.g. of a line scheme, can be carried out. Which authorizations are granted is determined by the selection of the corresponding ability and definition.

With the ability you choose for which function (Post, Evaluate and Modify) you want to assign authorizations. By selecting the definition, you control whether you allow or prohibit the execution of the selected skill.

You can assign authorizations for object accounts and optional dimensions either directly for an object account or an optional dimension (e.g. a cost center) or via the corresponding classification.

By using generic information, authorizations can be assigned for all objects or only certain objects and object areas of an authorization object. When assigning authorizations, e.g. for object accounts, the entry “1 *” includes all object accounts that begin with 1. If “*” is specified, the authorization applies to all object accounts. For example, it is possible to grant the users of an authorization role evaluation authorization for all objects, but to exclude individual objects or object areas from it.

If a user has the authorization to evaluate an object, he can also edit it in the corresponding master application. This does not apply to column and row schemes. Here the user must have the Modify authorization in order to edit a column or row scheme.

The Authorizations in Financials application consists of a query pane and a work pane.

Query pane

The query pane has fields for entering search criteria, used for limiting the displayed data. The system finds all existing entries that match the entered search criteria and displays them.

The following input fields are available:

  • Authorization role – in this field, enter the authorization role as the search criterion for the data to be displayed, if required. Via the Search for roles   value assistant, you can have the valid authorization roles displayed and select them.
  • Capability – here, select the authorizations to be displayed according to their specified capabilities. The following settings can be selected:
    • (All)
    • Post
    • Analyze
    • Modify
  • Organization – in this field, enter the organization as the search criterion for the data to be displayed, if required. Via the Search for organizations   value assistant, you can have the valid organizations displayed and select them.
  • Stipulation – Here, select the authorizations to be displayed according to their stipulation. The following settings can be selected:
    • (All)
    • Allowed
    • Prohibited
  • Authorization object – if necessary, select one or more authorization objects as search criteria for the data to be displayed in this field. The following authorization objects can be selected:
    • (All)
    • Object account
    • Dimension 01
    • ·        …
    • Dimension 20
    • Definition of columns
    • Definition of rows

Work pane

The work pane of the Authorizations in Financials application consists of a line item table for the display and a line item editor for creating and editing the authorizations.

Line item table

In this table, you can gain an overview of all authorizations that have already been set. All authorizations that match the search criteria of the query pane will be displayed. In addition, you can remove assigned authorizations with the Delete action.

Detailed description of the columns of the line item table:

  • Authorization role – this column contains the authorization role for which the authorizations are specified.
  • Authorization object – this column contains the authorization objects for which the authorizations are defined. This can be, for example, the authorization object Object account.
  • Capability – the ability defines which functions the users of the authorization role can perform with the objects specified or selected via the classification. The following ability is possible:
    • Post
    • Analyze
    • Modify
  • Organization – this column contains the organization for whose objects (e.g. object accounts) the authorizations apply.
  • Use classification – with the setting Without classification, authorizations for objects can be specified directly. If this column contains, for example, the selection With classification 1, the authorization is defined for all objects of classification 1, e.g. for the authorization object Object account for all object accounts of classification 1.
  • Object – if you select Without classification, this column contains the objects for which the authorization applies.
  • Classification – this column contains the classification for whose objects (e.g. object accounts) the authorization applies
  • Asset reference number – this column contains a number assigned by the system for internal identification of the assigned authorizations.
  • Stipulation – in this column, you can find out whether the specified capability (Post or Analyze) is allowed or prohibited.
Line item editor

In the line item editor, you can assign new authorizations or edit the existing ones. In order to edit an authorization, select it first from the line item table with double-click. Depending on the authorization object, only individual fields can be changed or added to during processing. If you want to add a new authorization, activate the [New] button in the Actions toolbar of the line item editor.

Detailed description of fields:

Authorization role – in this field, enter the authorization role for which you want to assign the authorization. Via the Search for roles value assistant, you can have the valid authorization roles displayed and select them.

Authorization object – in this field, enter the authorization object for which the authorization should apply. Authorizations can be assigned for the following authorization objects:

  • Object account
  • Dimension 01 – 20
  • Definition of columns
  • Definition of rows

The selection of dimensions displayed here depends on which dimension types you use in the organization.

  • Use classification – this specification controls whether the authorization is specified for the objects directly or for the objects of the corresponding classification. The following settings can be selected:
  • Without classification.
  • With classification 1
  • With classification 2
  • With classification 3
  • With classification 4
  • With classification 5

No selection is possible in this field for the authorization objects Column scheme and Row scheme.

  • Organization – enter the organization for whose objects you want to define the authorization. You can use the Search organizations value help to display and select the valid organizations.
  • Object – depending on the selected authorization object, you can specify one or more objects for which the authorization should apply, e.g. one or more object account numbers for the authorization object “Object account“. Objects can be specified, for example, by a from / to range (e.g. 1000 1999) or by listing (e.g. 1000, 1010, 1012). You also have the option of specifying objects generically. For example, if “1*” is specified, all objects that begin with 1 are included. When specifying *, all objects are included.
Note
Objects such as object accounts can only be entered if the selection value Without classification has been selected for the Use classification field. 
  • Classification – this field is only available for input if you have selected a classification setting for the Use classification field. Depending on the authorization object, you can specify a classification node for whose objects (e.g. G / L accounts or cost centers) the authorization should apply. You can use the input help Classification selection to display and select the existing classification nodes.
  • Capability – with the ability, you determine which functions the users of the authorization role can carry out with the object specified or selected via the classification. The following ability can be chosen:
    • Post
    • Analyze
    • Modify
Note
The selection Modify is only permitted for the authorization objects Column scheme and Row scheme. The selection Post is not permitted for these authorization objects.
  • Stipulation – here you specify whether you grant or withdraw the specified ability (Post, Evaluate or Modify) for the objects specified or selected via the classification. The following settings can be selected:
    • Allowed
    • Prohibited

Customizing

In the Customizing application, settings are to be made for the Authorizations in Financials application for the Authorizations function in the Comarch Financials Enterprise framework. With the Settings tab, you can control for each organization which authorization objects you want to assign which authorizations in financials accounting.

Business entities

The following business entity is relevant for the Authorizations in Financials application that you use, for example, in order to:

  • Assign authorizations,
  • Set up activity definitions or
  • Import or export

Authorizations in Financials

com.sem.ext.app.fin.general.obj.AuthorizationRule

Authorizations

Authorizations can be assigned by means of authorization roles as well as through a content-based authorization (by assignment to organizations). The authorization concept is described in the Authorizations article.

Special capabilities

The Authorizations in Financials application has no special capabilities.

Organizational assignments

If the Content-based authorizations function is activated in the Customizing application, a person can only use the Authorizations in Financials application if an organization that is linked to at least one of the following organizational structures has been assigned to him or her in the partner master data:

  • Financials

Special features

The Authorizations in Financials application has no special features.

Authorizations for business partners

The Authorizations in Financials application is not released for business partners.

Czy ten artykuł był pomocny?

Wyślij opnie