Organizational Security Implementation
System Settings
You activate organizational security on the Configure System Settings screen. This is a system-wide setting and therefore applies to all users. However, you can establish an organizational profile and an organization security group that effectively overrides organizational security for users assigned to that organization security group. If you implement organization security after Costpoint system is already "live," you may want to postpone checking the Apply Organization Security check box on the Configure System Settings screen until after you set up organization profiles and organization security groups and assigned users to security groups. If you check that check box before you have provided users with the appropriate access, you would interrupt processing.
Organization Security Profiles
Organization security profiles are groups of organizations to which you grant or deny access. This feature is useful if you have multiple companies in sharing one Costpoint database. For example, if organizations beginning with 01 represent the Washington division and organizations beginning with 02 represent the California division, you could set up an 01 profile that grants access to any organizations beginning with 01. That security profile would also deny reporting or inquiry access to data for organizations beginning with 02.
You set up organization security profiles on the Manage Organization Security Profiles screen.
You can set up profiles as Inclusive, Exclusive, or Both. Use the Inclusive method to make each organization listed accessible for this profile. You can only assign "full" rights to the organizations when you use this method. Use the Exclusive method to designate a list of organizations to which there is no access. Use the Both method to set up profiles for which you can assign either full rights or no rights.
Each time you define access to an organization in a profile, you select one of the following relations: "equal to" or "begins with." The "begins with" relation indicates that the access applies to all organization levels beneaththe one you enter on the screen. For example, if you select "begins with" for organization 1, you are granting or denying access to any organization that began with "1." If select "equal to" for organization 1.1, you are granting or denying access only to organization 1.1.
You can also set up a profile for which you do not select the Apply Org Security check box or define access to any organizations. Organization security groups that contain this profile have no organization security in effect.
Organization Security Groups
Use the Manage Organization Security Groups screen to assign organization security profiles to modules. Then assign individual users to organization security groups on the Manage Users screen.
You can have different organization security profiles in effect in different modules for different security groups. For example, a general ledger accountant may need full access to all areas of Costpoint General Ledger but only need rights to his home organization for Labor. To accomplish that, you create an organization security group in which you assign an organization security profile with access to all organizations to Costpoint General Ledger and assign a profile that provides only access to that employee's home organization to Costpoint Labor. You then assign the accountant to this organization security group on the Manage Users screen.
Module Organization Security
For system-wide organization security to work properly, you must enable or disable it by module. The Activate/Inactivate Organization Security by Module screen lists the modules you have purchased. The Apply Org Security check box is cleared by default for all modules. If you select that check box to apply organizational security for a module, you can then turn on or off organization security for individual screens in that module that display organization information.
Update Organization Security Profiles
The Update Organization Security Profiles process creates an organization security lookup table. Run this process only after you have finished setting up organizational security as summarized above. Organizational security does not function properly if you do not run this process to create the lookup table. The table speeds up processing when Costpoint needs to determine a user's access to organization data. Run the process again when you add organizations or add or change organization security profiles.