Group Accountant Custom

A group accountant custom role covers individual customer requirements. You can restrict the role's permissions to specific groups, subgroups, their corresponding entities, and to specific segments. Permissions are set individually, and to set them, you must have detailed knowledge of the entire ownership structure.

Restricted permissions to certain groups, subgroups, and their correspondent entities

This diagram shows an example of an ownership structure with one top group and three subgroups:

Ownership structure with dummy entities diagram

The parent entities own or control dummy entities that represent subgroups. The diagram shows these relationships between entities:

  • RU0001 owns 80% of RU0002, 100% of GR0002 subgroup dummy entity, 100% of GR0004 subgroup dummy entity, and 100% of RU9999.
  • RU0003 owns 75% of RU0004 and 55% of GR0003 subgroup dummy entity.
  • RU0007 owns 100% of RU0008.
  • RU0005 owns 100% of RU0006.

If a group accountant is responsible only for group GR0004, then they can see only group GR0004 and the entities that belong to that group, RU0007 and RU0008. Because the results of group GR0004 are transferred to group GR0001 and are represented by the GR0004 Subgroup Dummy entity, the user must have Read and Write permissions for that dummy entity.

To enable the user to access the GR0004 Subgroup Dummy entity, the administrator must perform these tasks:

  1. Select EPM Administration > Dashboards > User and Permission Management > Users and User Groups.
  2. Create a new user.
  3. Assign the user to the Group Accountant Custom application role for Infor EPM business applications.

    The Group Accountant Custom role is then inherited by the OLAP Data Roles, which grant the navigation permissions.

  4. Select Dashboards > OLAP > Data Roles and create an individual group accountant custom role for Infor EPM business applications to access to the GR0004 Subgroup Dummy entity. For example, GrAcc_GR0004_SG.
  5. Select Dashboards > User and Permission Management > Users and User Groups.
  6. Select the relevant user in the Users and Groups panel. Then, assign the individual group accountant custom role to the user for Infor EPM business applications in the OLAP Data Roles panel.

    The Group Accountant Custom role is already assigned.

For the individual group accountant custom role, you must manually set up permissions to specific groups and entities. For each user with restricted access to a group or subgroup, an individual custom role must be created.

Note: The navigation permissions are granted by the default Group Accountant Custom role.

Permissions to specific groups and entities

To set permissions to specific groups and entities, follow these steps:

  1. Select EPM Administration > Dashboards > OLAP > Manage Permissions.
  2. In the Data Source field, select DEPMAPPS - EPM.
  3. In the Access Cube field, select these permissions:
    • Entity Permissions
    • Group Permissions
    • Mirrored Entity Permissions
  4. For each permission that you selected in step 3, enable the required settings for the individual group accountant custom role.

Entity Permissions

For the individual group accountant custom role, set these entity permissions:

  • Read permissions for the Group Entities node. Used in a Group Audit Trail Report to analyze all group entities.
  • Write permissions for those entities under Group Entities that the user must have access to. In the example from the diagram, these are RU0007, RU0008 and GR0004 Subgroup Dummy entity. All other entities under Group Entities must have the Default permission.
  • No Access permissions for the Fiction Entities node and all entities under that node except for the group for which the user is responsible. In the example from the diagram, it is group GR0004. That group must receive Write permissions.
  • Default permissions for the All Entities node and all entities under that node.
  • Write permissions for the Global element. Used to write required information on the Group Parameter page and to the TPART cube.

Group Permissions

For the individual group accountant custom role, set these group permissions:

  • Write permissions for the Global element to enable calculating ownership and maintaining standard rates and cash flow parameters. If multiple group accountants exist who are responsible for multiple groups or subgroups, then only the top group accountant can perform those tasks. Otherwise, conflicts can occur.
  • Write permissions for the groups for which the user is responsible. In the example from the diagram, it is group GR0004. Other groups must have the No Access permissions assigned.

Mirrored Entity Permissions

For the individual group accountant custom role, set the No Access permissions for the Sum node and all entities under it except for those entities which the user is responsible for. In the example from the diagram, these are RU0007, RU0008 and GR0004 Subgroup Dummy entity. Those entities must receive Read permissions to enable intercompany reconciliation to work correctly.

Restricted permissions on segments

Sometimes, group accountants must have restricted permissions on segments. By default, the segment dimensions are not restricted for access rights.

  1. Select EPM Administration > Dashboards > OLAP > Edit Database and select DEPMAPPS.

    Segment 1 usually drives the business and permissions can be set up accordingly.

    If you set up three segments in Business Modeling, then you can define that either Segment 1 is controlled by permissions, or Segment 1 and 2, or Segment 1, 2, and 3.

  2. Find the DPSEGM (primary segment) dimension and click Properties.
  3. In the Security section, switch on Enable Dimension Access Control.
  4. Click Create New Cube and create a cube. For example, #DPSEGM.
  5. Select Dashboards > OLAP > Manage Permissions and select DEPMAPPS - EPM as the data source and Cube Permissions as the access cube.
  6. Assign Write permissions to the created cube to the group accountant custom role.