Ensuring that your data remains secure and accessible only to the right people is a critical aspect of managing financial information. This help center article will guide you through the process of restricting access in your hierarchies so that users can only view data related to specific accounts, companies, or departments. To achieve this, we'll walk you through the steps to enable security on the account hierarchy and set permissions at the account level.
In most financial systems, you have different users who require varying levels of access to your financial data. To control this access, you'll need to create user groups, assign users to these groups, enable security on the hierarchy, and set specific hierarchy permissions for each group. The process involves an "Opt-in" approach, meaning that users are granted access based on the groups they are a part of.
Here's a detailed guide on how to restrict access to financial data for specific accounts, companies, departments, or any hierarchy that you've designated as secure.
1. Create a test user
Before implementing access restrictions, it's essential to create a test user. This user will help you ensure that the permissions and security settings work as intended without affecting your entire user base.
- Learn how to create a new user here. It doesn't matter what the email address or name is for a test user. Just keep track of the password you create for this user so you can login as them and test the environment.
2. Set up user groups
Create user groups that reflect the access levels needed in your organization. You should have an "All" group for users who should have access to all data related to the specific hierarchy (customer, company, department, account, etc.) and specific groups for each combination of accounts that users need to access. For instance, you might have groups like "Company A," "Department X," and so on.
- Learn how to create user groups here. It might help to workshop your user groups and combinations on paper or in Excel prior to building them in Catalyst. Think of all the different combinations.
- Don't worry about applying or designating permissions in the group(s) yet. You'll do that later.
3. Assign user(s) to groups
Start by assigning your test user to the relevant group(s). This allows you to test and validate the permissions for this user before applying them to the entire user base.
4. Enable security on the hierarchy
To enable access restrictions, you need to enable security on the hierarchy you want to restrict access to. Most commonly this will be the Company, Department, or Location hierarchy. This step is crucial to define who can access which accounts.
- Learn more about what hierarchies are here. For a deep dive on hierarchy management, click here.
- To make a hierarchy secure, go to Admin > Hierarchies > Edit, and select Enable Security.
Note: Once you do this, no one (other than Client Admins) will be able to access any data associated with this hierarchy until you permit users or groups access to this hierarchy.
5. Add hierarchy permissions to groups
Once security is enabled, it's time to specify the hierarchy permissions for each group. For instance, if you have a "Company A" group, you should set the permissions so that members of this group can only access data related to Company A. In the example below, we're adding permissions to the Company hierarchy and a company called "Brand".
6. Wait for or force a cube a rebuild
After you've configured the group hierarchy permissions, you'll need to wait for the next cube rebuild. Cube rebuilds are typically scheduled events that update the system with the latest configuration changes. Your security settings will take effect after the rebuild. Alternatively, you can click the Refresh Cube button in the dropdown at the top right.
7. Test with the test user
Log in as your test user on the website and attempt to access data from the various sections in the website, your reports, or in an Excel cube to ensure that the restrictions are working as expected. Verify that the test user can access the designated data and cannot access unauthorized financial information.
8. Apply permissions to real users
Once you are satisfied with the setup, add your actual users to the relevant groups with the appropriate permissions. This will restrict their access to the specified hierarchies based on your configuration.
By following these steps, you can restrict access in your financial cube to ensure that users can only see data for specific accounts, companies, customers, or departments. Remember that this process is best done during quieter times to minimize user disruption. If you encounter any issues or have questions about specific configuration settings, consult your system administrator or support team for assistance.