HFM Security Issue - User can submit a journal by by-passing the approval step even though they are not an admin.

Hi All,
I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
"User does not have the access right to perform this journal task"
The options I have thought for a workaround are as follows:
1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
they are:
1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
2.   2. A data reviewer (who approves journals)
The process is as follows:
1.       1. Logon as Data inputter to submit the journals
2.       2. Logon as Data reviewer to approve the journals
3.       3. Logon as Data inputter to post the Journals
We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
but once it comes back to step 3, we get an error as follows:
"User does not have the access right to perform this journal task"
(This error comes about when the access control on custom 4 is set to None, Read, Promote)
Custom 4 Access Rights looks as follows:
C4_ADJ01
C4_ADJ02
C4_ADJ03
C4_ADJ04
HFMDefault
Read
Read
Read
Read
HFMLoad
All
Promote
None
Read
HFMReview
Read
All
All
All
When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
Roles for the groups that users assigned look like the following:
Test User Name
Test User Name
Access Rights
1
Base Data input/Journal Data input
test_HFMLoad
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Enable write back in Web Grid
Load Excel Data
Generate Recurring
Post Journals
Create Unbalanced Journals
Manage Templates
Data Form Write Back from Excel
Consolidate
2
Data Reviewer
test_HFMReview
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Approve Journals
Consolidate
Reviewer 2
Generate Recurring
Manage Templates
Create Unbalanced Journals
Any help or advice would be much appreciated.
Thanks in advance,
M.

Hi All,
I was wondering if anyone could help me with a HFM security issue on HFM 11.1.2.3 we are facing please?
The problem is that a user can by-pass the journal approval stage and post directly after submitting if Custom4 access control=All is selected.
If any of the other access controls (None, Read, Promote) for custom 4 are selected, the first two steps of the process are possible -
input and approval of the journal are possible but final posting of the journal is not and returns an error that says:
"User does not have the access right to perform this journal task"
The options I have thought for a workaround are as follows:
1.       1. Set up a 3rd user called data poster and remove submit journal role from user 1 (data inputter)
2.       2. Put in place process control and use the various review levels (could be quite time consuming given there is no time left for development)
Have anyone experienced this before and come up with a quick way of resolving this please? It would be very much appreciated.
We have two types of users who are associated with groups in HFM and have the appropriate roles assigned to them to complete their tasks,
they are:
1. A data Inputter (who inputs base data and journals, who has access to create and submit journals)
2.   2. A data reviewer (who approves journals)
The process is as follows:
1.       1. Logon as Data inputter to submit the journals
2.       2. Logon as Data reviewer to approve the journals
3.       3. Logon as Data inputter to post the Journals
We are using the custom 4 member to identify different adjustment types. At the moment we are able to set it up in such a way whereby Steps 1 and 2 can be completed
but once it comes back to step 3, we get an error as follows:
"User does not have the access right to perform this journal task"
(This error comes about when the access control on custom 4 is set to None, Read, Promote)
Custom 4 Access Rights looks as follows:
C4_ADJ01
C4_ADJ02
C4_ADJ03
C4_ADJ04
HFMDefault
Read
Read
Read
Read
HFMLoad
All
Promote
None
Read
HFMReview
Read
All
All
All
When Custom 4=C4_ADJ01 all 3 steps can be completed but it by-passes step 2 (journal approval).
For all other Custom 4 we complete steps 1 and 2 successfully but not step 3 due to access issues.
Roles for the groups that users assigned look like the following:
Test User Name
Test User Name
Access Rights
1
Base Data input/Journal Data input
test_HFMLoad
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Enable write back in Web Grid
Load Excel Data
Generate Recurring
Post Journals
Create Unbalanced Journals
Manage Templates
Data Form Write Back from Excel
Consolidate
2
Data Reviewer
test_HFMReview
Reviewer 1
Review Supervisor
Create Journals
Read Journals
Database Management
Approve Journals
Consolidate
Reviewer 2
Generate Recurring
Manage Templates
Create Unbalanced Journals
Any help or advice would be much appreciated.
Thanks in advance,
M.

Similar Messages

  • HT204150 I have just set up icloud and all my contacts are duplicated from Address Book! My new iPhone is also showing duplicate contacts even though they are not duplicated in my address book on my computer. Please can you help

    I have just set up icloud and all my contacts are duplicated from Address Book! My new iPhone is also showing duplicate contacts even though they are not duplicated in my address book on my computer. Please can you help?

    Also, what are the source of your contacts? are they created on the phone, or you synced from yahoo/hotmail etc.
    If thats the case, the circular arrow wont be visible but instead show "groups"
    Contacts from different accounts are not synced to iCloud.

  • Updated to 10.4.1 and can't see the menu titles or the song names, even though they are there and can be played. the other categories (tv, apps, etc) seem to be OK.

    i just upgraded my pc to windows 7 and itunes to 10.4.1, but i can't see the menu items at the top left of itunes.  they are there, because if i move my mouse over the area where they should be, i see and can select from the drop down menus.  this problem also affects my music library; i cannot see the individual song names/artists/etc, but if i double click on the blank line it does play the song.  the app library and video library seem OK, only the music library is a problem.  also, when i connect my iphone, it recognizes it, but the main screen for my device has no words on it, just a picture of the phone.

    Hi, Sanjiv - My son fixed this problem for me by showing me that in addition to the visible volume slider at the top left of the iTunes window you also need to pull down the blue airplay menu right alongside that volume slider (the little blue box with the triangle). When you pull down that menu you will see volume settings for "computer" which controls the built-in speakers, plus a list of the other external speakers you may have set up using Airport. When I did that I saw that the volume on "computer" was right down at zero levl even though the main iTunes slider was at full level. When I selected the "computer" under "single" or "multiple" options and adjusted the volume it came back up. It worked for me, I hope it solves your issue too. Best, John.

  • What will make it so you can't move objects by click and drag even though they are not locked?

    I have been using the cc 2014 version for awhile now and this morning  when I select an object with the selection tool, I can't freely move it by click and drag. The object will move with the arrow keys and can be aligned with the alignment tools.

    Does it have a fill of None? Maybe you're trying to select the object on its "fill" but if there's no fill, it does not get selected.

  • TS4532 My iPhone V will not connect to a Microsoft Exchange server. It says that the User Name or Password are incorrect even though they're not and I can log on directly to Exchange using the web browser. The connection worked until IOS 6.1.2 was Install

    My iPhone V will not connect to a Microsoft Exchange server. It says that the User Name or Password are incorrect even though they're not and I can log on directly to Exchange with the same parameters using the web browser.
    I bought the phone when it came out last October. The connection did not work at first, then started without warning in December. It worked perfectly for 2 months then stopped again when IOS 6.1.2 was Installed.
    Help please!

    I have forwarded these questions about the version of Exchange server that is being used and whether Microsoft host the mai themselves to the IT Dept but I will not get a reply from them until tomorrow.
    In the meantime I have also tried:
    Deleting and re-creating the account AGAIN!
    And re-setting the phone (recommended as a solution to a similar problem with an iPad in another forum.
    But please remember that:
    The phone would not connect for 2 months after I bought it
    Then started working unexpectedly in December
    Then stopped working again when IOS 6.1.2. was installed
    Also why am I the only person affected by this when colleagues with iPhone 3s and 4s who use the same mail system are not (I am still trying to find one with an iPhone V to see if their's works).
    Like I said I think that there must be a fault, either with my own phone or with iPhone Vs in general.

  • My iPhone 5 has someone in Contacts that is not on my iPad or Mac even though they are all connected to my iCloud account how can I re-sycronise them?

    my iPhone 5 has someone in Contacts that is not on my iPad or Mac even though they are all connected to my iCloud account how can I re-sycronise them?

    Hello Mr Potatohead,
    Thank you for the details of the issue you are experiencing with your iCloud Contacts.  I recommend reviewing the sections titled "General troubleshooting," "Troubleshooting with iOS devices," and "Troubleshooting iCloud Contacts in Contacts on OS X Mountain Lion or later (or Address Book on OS X Lion)" in the following article for the issue you described:
    iCloud: Troubleshooting iCloud Contacts
    http://support.apple.com/kb/ts3998
    Thank you for using Apple Support Communities.
    Best,
    Sheila M.

  • HT2953 i-tunes could not be used because the original file could not be found.could not locate.this error occurs on most of my songs in my library and will not play even though they are in my i-pod and play with no trouble.can  anyone please help?

    i-tunes could not be used because the original file could not be found.could not locate.this error occurs on most of my songs in my library and will not play even though they are in my i-pod and play with no trouble.can  anyone please help?

    I was not complete clear.
    Since you never changed the settings in the advanced section of iTunes preferecnes, you have to chech that your music is really in the location setted in the folders reported in the advanced section.  If not you have 2 ways: reset the position of this folders or in the actual disk organisation or in the pointing on the preferences.
    If you press the reset button you just give to itunes its default setting as for the position of the music files: probably this will be a good choice if you have never changed any default preference.
    But before I would check the folders and see if the songs are really there
    In my iTune I have this, and I believe it is the default.
    Users/YOURHOMEFOLDERNAME/Music/iTunes/iTunes Music

  • My Macbook is not playing sound unless i have headphones in. The light in the headphone plug stays on even when they are not plugged in. How can i fix this?

    My Macbook is not playing sound unless i have headphones in. The light in the headphone port stays on even when they are not plugged in. How can i fix this?

    You might need to clean the headphone port (I was in the same situation and this worked for me).  Dirt, dust, and debris accumulate in the port and eventually the computer registers the debris as headphones being plugged in.  After cleaning the issue was resolved.

  • Why users are not able to see certain printers even though they are in the Airgroup server table

    Q: Why users are not able to see only certain printers even though they are in the Airgroup server table ?
    A: In certain scenarios  we may notice  printers come up under the server /cache entries on the controller.
    However when an airgroup user does search for printer, they may not see all the printers, certain printers may be not visible .
    This is because the service IDs sent by the user in the MDNS query are not broadcast by these printers 
    In the below capture the Ipad sends query for service id "_universal_sub_ipp_tcplocal" and "_universal_sub_ipps_tcplocal" and hence the controller will 
    respond with the printers that broadcasts these service ids.
    Non–Visible printer : 
    _printer._tcp.local                                                              PTR                         IN     7200  10.125.30.223  5820.05  Wed Mar 18 13:24:26 2015
    _pdl-datastream._tcp.local                                               PTR                         IN     7200  10.125.30.223  6112.25  Wed Mar 18 13:24:26 2015
    _ipp._tcp.local                                                                     PTR                         IN     7200  10.125.30.223  5888.15  Wed Mar 18 13:24:26 2015
    _http._tcp.local                                                                    PTR                         IN     7200  10.125.30.223  6293.88  Wed Mar 18 13:24:26 2015
    NPIED487E.local                                                                  A                             IN     240   10.125.30.223  194.43   Wed Mar 18 13:24:26 2015
    hp LaserJet 4250 [ED487E]._printer._tcp.local                     SRV/NBSTAT                  IN     240   10.125.30.223  209.87   Wed Mar 18 13:24:26 2015
    hp LaserJet 4250 [ED487E]._printer._tcp.local                     TXT                         IN     240   10.125.30.223  205.14   Wed Mar 18 13:24:26 2015
    hp LaserJet 4250 [ED487E]._printer._tcp.local                     TXT                         IN     240   10.125.30.223  197.18   Wed Mar 18 13:24:26 2015
    hp LaserJet 4250 [ED487E]._printer._tcp.local                     TXT                         IN     240   10.125.30.223  196.42   Wed Mar 18 13:24:26 2015
    hp LaserJet 4250 [ED487E]._printer._tcp.local                     TXT                         IN     240   10.125.30.223  208.15   Wed Mar 18 13:24:26 2015
    hp LaserJet 4250 [ED487E]._pdl-datastream._tcp.local              SRV/NBSTAT                  IN     240   10.125.30.223  207.35   Wed Mar 18 13:24:26 2015
    hp LaserJet 4250 [ED487E]._pdl-datastream._tcp.local              TXT                         IN     240   10.125.30.223  200.64   Wed Mar 18 13:24:26 2015
    hp LaserJet 4250 [ED487E]._ipp._tcp.local                         SRV/NBSTAT                  IN     240   10.125.30.223  209.44   Wed Mar 18 13:24:26 2015
    Visible-printer :
    _printer._tcp.local                                                                         PTR         IN     4500  10.125.26.29   3745.82  Wed Mar 18 13:24:51 2015
    _universal._sub._ipp._tcp.local                                                PTR         IN     4500  10.125.26.29   3694.14  Wed Mar 18 13:24:51 2015
    _ipp._tcp.local                                                                                PTR         IN     4500  10.125.26.29   3628.81  Wed Mar 18 13:24:51 2015
    _pdl-datastream._tcp.local                                                          PTR         IN     4500  10.125.26.29   3616.14  Wed Mar 18 13:24:51 2015
    _http._tcp.local                                                                              PTR         IN     4500  10.125.26.29   3793.56  Wed Mar 18 13:24:51 2015
    XRX9C934E25C52D.local                                                                A           IN     120   10.125.26.29   355.03   Wed Mar 18 13:24:51 2015
    Xerox WorkCentre 3615 (25:C5:2D)._printer._tcp.local         SRV/NBSTAT  IN     120   10.125.26.29   130.45   Wed Mar 18 13:24:51 2015
    Xerox WorkCentre 3615 (25:C5:2D)._printer._tcp.local         TXT         IN     4500  10.125.26.29   3670.33  Wed Mar 18 13:24:51 2015
    Xerox WorkCentre 3615 (25:C5:2D)._ipp._tcp.local             SRV/NBSTAT  IN     120   10.125.26.29   389.55   Wed Mar 18 13:24:51 2015
    Xerox WorkCentre 3615 (25:C5:2D)._ipp._tcp.local             TXT         IN     4500  10.125.26.29   3640.60  Wed Mar 18 13:24:51 2015
    Xerox WorkCentre 3615 (25:C5:2D)._pdl-datastream._tcp.local  SRV/NBSTAT  IN     120   10.125.26.29   210.97   Wed Mar 18 13:24:51 2015
    In order to learn other printers we may need to use specific app provided by printer vendor on the client or configure the printers to send these service IDs.

    The net 451 issues made it not work after a while but it affected the entire RWW site not just remote access:
    http://blogs.technet.com/b/sbs/archive/2014/01/13/troubleshooting-an-unexpected-error-occurred-message-when-using-remote-web-access-to-connect-to-computers.aspx
    Careful if you try and uninstall it, you'll need to put back net 4.0 and reconfigure some stuff.
    Did it ever work?  
    Make sure the users have installed the certificate they need and turn on compatibility mode in IE (also make sure IE isn't locked down and disabling activeX).:
    https://technet.microsoft.com/en-us/library/dd701173%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
    -- Al

  • Problem with iOS7 : I have a message on my screen "This phone is not registred as a developper phone..." or something like that, can you help me because I download the iOS7 Beta even if I was not a developper. Thank you very much if you help me.

    Problem with iOS7 : I have a message on my screen "This phone is not registred as a developper phone..." or something like that, can you help me because I download the iOS7 Beta even if I was not a developper. Thank you very much if you help me.

    JaillotJb wrote:
    I download the iOS7 Beta even if I was not a developper.
    if you downloaded it and are not a developer, then we are not allowed to help you here.  sorry.

  • I currently have my credit card on my iTunes account and when I have no money in my bank account it won't let me download the free apps even though they don't cost anything. How do I stop this so I can download or remove my credit card?

    I currently have my credit card on my iTunes account and when I have no money in my bank account it won't let me download the free apps even though they don't cost anything. How do I stop this so I can download or remove my credit card?

    All downloads from iTunes are tied to the account that downloaded it, you can't re-download content via a different account. You checked the spam folder on yourr old account as well as the Inbox, and depending upon how long ago you did it, have you retried getting it reset : http://appleid.apple.com, then 'reset your password' ?

  • I made a movie in iMovie then deleted the clips in it. I have reimported the clips in an event with the same name as previously and some clips in the movie are still saying source slip missing even though they are there. What can I do?

    I made a movie in iMovie then deleted the clips in it. I have reimported the clips in an event with the same name as previously and some clips in the movie are still saying source slip missing even though they are there. Some clips are fine in the movie, but most are just black and when I hover over them, it says source clip missing. How to I fix this? Thank You

    I did that too, then I did a migration assistant to a new Mac and ALL of my movies have Source Clip Missing now, even though the original clips are still in the iPhoto Videos.  I can stand to re edit one or two projects, but not ALL.

  • Can I manage my parents MB from my computer using ARD. Even though they are on different networks

    Can I manage my parents MB from my computer using ARD. Even though they are on different networks?>

    When you say a diffrent network, do you mean accessing the computer over the internet?
    VNC is built into the computer, so you don't need ARD to remote into a computer. To access your parents computer over the internet will most likely require configuring their router/firewall. And unless they're paying for a static ip, you'll also need some way to track their computer.
    OR
    you can use logmein, or teamviewer. Both programs are desgined to access a computer over the internet. Most of the time they don't require re-configuring the firewall.

  • Can apple replace my 32g 3gs which is broken (under warranty) even though they are no longer sold??

    since they are not being sold any more can i still get a replacment??

    I also have a 32G 3GS (also under warranty), and it was having issues with the side volume on/off key and with 3G reception. I took it to the Apple Store, and I got a new version of the same model. It might have been refurbished -- don't know. But it's new to me. Though the side volume on/off key works just fine now, I'm still having some 3G access issues. But I just read some possible solutions for that in these forums and will try those next.

  • HT201359 I purchased gems for the game bingo and they are not there however I received my receipt to my email stating its paid for and it says it is gems purchased for the game pet story but they are not there either..how can this be corrected?

    I purchased gems for the game bingo but they are not there however I received the bill to my email stating its paid and it shows it was gems purchased for the game pet story but the gems are not there either. How can I correct this problem?

    Thanks very much I have contacted them via this. Just hope they respond quickly- rather annoing! Greatly appreciated though

Maybe you are looking for