The view GEN_LED_VOUCHER_ROW_UNION_QRY, used in a Custom Lobby Data source has a special condition who use a specific Business role.
What is the global impact to give this Business role to a specific (NOT FINANCIAL) user?
Best answer by Ieva Rituma
This business role is a reference to the window “Users per Authority Class”. This authority class grants view access to the General Ledger transactions. The users won’t get write access, but they will be able to view the GL.
This is not unusual for certain non-finance users to have some access to the GL (e.g. business holders or cost centre managers are often given access to their cost centres), top management is typically given maximum view access, but not all users of the business typically would be given this access.
+16This business role is a reference to the window “Users per Authority Class”. This authority class grants view access to the General Ledger transactions. The users won’t get write access, but they will be able to view the GL.
This is not unusual for certain non-finance users to have some access to the GL (e.g. business holders or cost centre managers are often given access to their cost centres), top management is typically given maximum view access, but not all users of the business typically would be given this access.
It’s a shame it was not called “GL VIEW ACCESS” or something.
Seeing IT staff having access to MAX General Ledger Authority Class requires some explaining to Auditors who are not well bread in IFS-Speak
I’m aware we could create a new class called Read Only but the latter part would still be true!
+16This is something that certainly can be changed and it doesn’t have to be called MAX. This is the default value but can be amended to be called whatever is needed.
Now that you’re using the system live, the steps would be to add the new group, map all the relevant users to it (same as MAX), then remove the users per group MAX and then remove the MAX group.
Hi Ieva - Yes I was aware how to do it, though will be useful for others.
I was more referring to the title of the Navigator screen and fields. To an unknowing auditor it can imply that users with access in this screen can transact. We know different - but proving it can be problematic.
The corporate world many of us work in can lead to these difficult conversations - justifying what is legitimate, Read Only, access taking up a unfair amount of time. It was certainly the case at my last employer
I suppose the problem is - no two auditors / company audit requirements are the same. They sometimes even vary within the company (Environmental, BSI, Internal-Financial, Head-Office) - so it is not possible to please all the people all the time.
This is a wider, more philosophical discussion, about the use and value of auditing, documentation and permissions that is probably suitable for the Community!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
