The assignment of the Sensitive settings provides a way to restrict viewing access to Object/Main Account and/or Budget Account Numbers. The assignment of these Sensitive settings is completed on the Assign User Permissions screen on the OrgUnit Permissions tab.
The "Sensitive Level" functionality can be used to "hide" an Object/Main Account for a specific users across the CompanyDB. In other words, if a user has been given permission to see all Budget Account Numbers in an OrgUnit, but has not been given the appropriate "Sensitive Level" to a specific Object/Main Account that is part of the OrgUnit, they will not be able to view that Budget Account Number. However, please note that a user assigned with a Sensitive Level can see all Object/Main Account codes with that level and below in their assigned OrgUnit.
For example, Sensitive Level 5 is assigned to Object/Main Account 4100-00 and the user has been given permission to view the Budget Account Numbers in OrgUnit 000. In order for the user to view the Budget Account Number 000-4100-00 (combination of the OrgUnit + Object/Main Account), they will need to assigned the Sensitive Level 5. They will also be able to see all Object/Main Accounts in the OrgUnit that have been assigned Sensitive Level 0-5.
The following is an example of how this functionality can be used:
In the marketing and public relations OrgUnit, there are both marketing and public relations Object/Main Account codes. The Public Relations Manager should only be able to see the public relations codes and the Marketing Director should be able to see all codes. The marketing codes could be set to Sensitive Level 3 and the public relations codes to Sensitive Level 2 on the Manage Objects. On the Assign User Permission by assigning the Public Relations Manager Sensitive Level 2 and the Marketing Director Sensitive Level 3, the Public Relations Manager will only be able to view the public relations codes and the Marketing Director will be able to view all codes. Within the OrgUnit, the Marketing Director can see Object/Main Accounts for Sensitive Levels 0, 1, 2, and 3, and the Public Relations Manger would be able to see Object/Main Account with Sensitive Level 0, 1 and 2.
The designation as "Sensitive" on the Manage Budget Accounts enables System Manager to "hide" that Budget Account Number from a user unless they are assigned appropriate permission on Assign User Permissions. This is similar to using "Sensitive Levels" above, though:
- Accounts cannot be assigned "Levels" of sensitivity;
- The viewing control is more granular; at the Budget Account Number level as opposed to the "Sensitive Level" tool which is at the Object/Main Account level; and
- It can control whether a user can see only the summarized Budget Account Number data or the summarized and detailed Budget Account Number data.
This tool can be helpful in managing access to payroll information.
For example, a Manager should be able to see the full cost of their budget but not see individual salaries from the Payroll module which are displayed on the Account Details tab. By assigning them, on the Assign User Permissions screen, "Sensitive Summary" but not "Sensitive Detail" this can be achieved.
If they were not given "Sensitive Summary" permission when they ran reports, all accounts that had been designated as "Sensitive" would not display. This could be misleading as they would not know the full cost of their budget.
In some circumstances it might be helpful to combine the functionality of Sensitive Level and Sensitive. Sensitive Level can be used to assign a level to an Object/Main Account and Sensitive can be used to restrict access to the Account Details tab.
Please see related article:
How Does Payroll Security Work?
How Does the Sensitive Security Hierarchy Work (Why Don't I See Data)?