When new Account Numbers are setup in Great Plains Accounts ("ERP") software it is necessary to maintain a mirror image of those Account Numbers in Dynamic Budgets.  This process is managed through the Synchronize Chart of Accounts and its related "Yellow Brick Road" Wizard.


Step 4 of the "Yellow Brick Road" requires the manual/customized setting of Assign User Permissions to users.  Users need to be assigned access to OrgUnits including related Read, Write and Approve functionalities and, if applicable, Sensitive Levels (which is setup at the Object level and assigned at the OrgUnit level), Sensitive Summary/Detail (which is setup at the Account Number level and assigned at the OrgUnit level), and Accounts permissions (which is setup and assigned at the Account Number level).  Please see How Do I Setup a User Profile, Company and OrgUnit Permissions for a New User Or Edit An Existing User?


A) AutoSynch is an administrative tool which automatically gives users permission to:


i) New Budget Account Number/s for both CompanyDB/s and OrgUnit/s for which a User already has permission/s.  Please see Assign User Permissions for an explanation of the security hierarchy.

Existing OrgUnit security is not changed by the AutoSynch and if Account level security is activated (How Do I Activate and Use Account Level Security?)  the new Account will automatically be selected and therefore visible to the User.  For example, a user has access to OrgUnit 100 and a new account was added to the OrgUnit, 100-4500-01, the user will receive permissions to the new account. However if the user did not have access to OrgUnit 100, they would not receive permissions.


ii) All New Budget Account Numbers for newly added OrgUnit/s (see Add OrgUnits) for CompanyDB/s for which the User has permission/s;  the AutoSynch automatically gives the User permission to the newly added OrgUnit/s.  These permissions are standardized by the User's Role as follows:


System Manager


The standard permissions for the System Manager role is Read, Write, Approve, Sensitive Summary, Sensitive Details, Sensitive Level 5 and all Accounts are selected.


Administrator - Unrestricted


The standard permissions for the Administrator - Unrestricted role is Read, Write, Approve, Sensitive Summary, Sensitive Details, Sensitive Level 5 and all Accounts are selected.


Administrator - Restricted


The standard permissions for the Administrator - Restricted role is Read, Write, Approve, Sensitive Summary, Sensitive Level 1 and all Accounts are selected.



Application User


The standard permissions for the Application User role is Read, Write, Sensitive Summary, Sensitive Level 1 and all Accounts are selected.



A User is assigned the AutoSynch either on Map Users to Companies or Assign User Permissions/Company Permissions tab by checking the AutoSynch box for the required CompanyDB and then clicking

.




B) Synch OrgUnit Permissions is an administrative tool to give users standardized permissions to OrgUnit/s for CompanyDB/s for which they have access.

For OrgUnit/s that the User already has access to this tool does not override existing Read, Write, Approve, Sensitive Summary, Sensitive Details, Sensitive Level  permissions but will select all Accounts for viewing.  These permissions are also standardized according to the Role assigned to each user.  The standardize permissions are the same as outlined above  in A) ii).

In order for the Synch OrgUnit Permissions tool to work, both the "ACCESS" and "AUTOSYNC" boxes need to be checked for the required CompanyDB.


1) Select the UserID for which you wish to Synch OrgUnit Permissions;

2) Click the "Sync OrgUnit Permissions" button.  Once the process is complete, a success message will appear.



Below is an example of permissions for user1 before Synch OrgUnit Permissions:




And below are user1 permissions after Synch OrgUnit Permissions.  The permissions highlighted in yellow have not changed from before.  As discussed all the Accounts are now selected for viewing (please see OrgUnit 300 below as an example).  Finally OrgUnits 400, 500, 600 and 999 were added and the permissions given are the standardized permissions for the Administrator-Restricted role.  Please see A) ii) above.


All accounts are selected and therefore can be viewed.