Security Exemption Groups

Security Exemption Groups allow users to bypass data level security that was set in the FSM application.
Note: Accounting Entity data level security is turned ON by default when Infor Birst Analytics is delivered.

For users that must see data that is related to all Accounting Entities, the AccountingEntitySecurityExemption_ST security role is necessary. This role is assigned in Infor Ming.le similarly to other standard security roles. It is required for all users in organizations where Accounting Entity Security Groups in FSM are not utilized.

The same concept applies to Finance Dimension level security. If set up in the FSM application, it can be bypassed by assigning one of the 10 FinanceDimensionXXSecurityExemption_ST security roles, where XX ranges from 01 to 10.

To bypass all data level security (Accounting Entity, Accounting Unit, Projects, every Finance Dimension...), the AllSecurityExemption_ST security role can be used.

Take the example of a user whose organization has Accounting Entity data level security turned on. The user wants to access a Global Ledger report in Infor Birst Analytics. There are three possible cases:

  • The user is not part of any Accounting Entity Security Groups as set up in the FSM application. In the Global Ledger landing page, the drop-down list of Accounting Entities for the selected FEG and Reporting Basis is empty, and the user has no way to access any data.

  • The user is part of an Accounting Entity Security Group in the FSM application which grants access to data from a limited number of Accounting Entities. In this case, the user only sees the Accounting Entities the user has access to, as defined in the Accounting Entity Security Group.

  • The user has been assigned the AccountingEntitySecurityExemption_ST or the AllSecurityExemption_ST security role. Regardless of whether the user is part of an Accounting Entity Security Group in the FSM application, the user sees all the available Accounting Entities for this FEG and Reporting Basis.

You can perform a workaround if the security exemption role is not syncing from Infor Ming.le, by manually adding the user to the relevant security exemption space group in Infor Birst in these spaces:
  • ConformedDimension-GL
  • Model-SCM
  • Model-GL-Measures
Note: The user must be a member of a space to be added to that space’s security exemption group.