G/L Security

Sage ERP Accpac General Ledger 6.0

G/L Security

G/L Security is a feature of the General Ledger program that lets you limit the accounts that individual users can view or work with to minimize the risk of unauthorized activity.

If you use G/L Security, an Account Permissions icon appears in the G/L Accounts folder that lets you assign access rights to accounts.

You assign access depending on your security needs. For example, you can set up identical access rights for all Sage ERP Accpac users within a department, division, or business unit that restrict access to accounts outside that group. For maximum security, you can block your entire chart of accounts to all Sage ERP Accpac users except user ADMIN.

  • With G/L Security, you can assign account access rights to individual users to control which accounts they can view and work with to minimize the risk of unauthorized activities.

  • You can block off entire account segments or only the most sensitive accounts (for example, Payroll, Sales, Retained Earnings, Common Stock and Preferred Stock).

Once you turn on G/L Security, you can set the default account access:

  • All Accounts. Allows all Sage ERP Accpac users unrestricted access to General Ledger accounts unless you set up restrictions in the G/L Account Permissions window.

  • Note that you do not require permission to all accounts to perform periodic maintenance functions, such as deleting inactive accounts.

  • Occasionally, you may find that you cannot edit or delete a structure code, segment, or source code because it is in use by an account that you cannot see. In this case, a user with access to all accounts will have to modify the accounts that use the unseen code or segment.

  • No Accounts. Prevents all Sage ERP Accpac users except user ADMIN from seeing accounts and account data in General Ledger and subledger applications unless you grant individual access rights to accounts in the G/L Account Permissions window.

  • If you choose No Accounts, other Sage ERP Accpac users won't be able to enter Accounts Receivable invoices or post transactions unless you assign them permissions.

Notes re Rollup Accounts

If you are using G/L Security and want to create rollup accounts, you must have access rights to view all member accounts of the rollup account in order to view the rolled up balances in the higher level account.

If a roll up account is accessible under the user’s security rights, all of its member accounts are also assumed to be accessible.

How Access Restrictions Affect Sage ERP Accpac Users

Account access restrictions affect Sage ERP Accpac user activities in the following ways:

Account lookup and inquiry. Users can't look up restricted account numbers in Finders or perform account inquiries in General Ledger.

If users enter restricted account numbers into fields, they will see an error message stating that the specified account does not exist in the General Ledger.

Adding new accounts. Users cannot add new accounts that fall within a restricted segment range.

Posting and other batch-related activities. Posting is limited to batches that do not contain restricted accounts. Users cannot view a batch that contains transactions with restricted account numbers. The batch will not appear in batch list windows.

Even if the user has Journal Posting rights, they cannot post batches if G/L Security has been set to No Accounts.

Invoice entry. Users cannot enter invoices for restricted accounts in Purchase Orders or Accounts Receivable.

Importing and exporting account data. Users cannot import and export data for restricted accounts.

Report generation. Restricted account ranges do not appear in financial reports created using Financial Reporter.

Security for Accounts that Use Blank Segments

If you use a mix of account structures in your chart of accounts, you need to consider how the program handles accounts that do not contain all the segments you use in your system.

If an account number does not include a particular segment, say division, the program considers this segment blank. Unless you specifically restrict blank values for the division segment, the segment will be allowed.

For instance, for the sample company, SAMLTD, account 1000 contains only the account segment. If you do not restrict blank division and region segments and the account segment 1000 is allowed, account 1000 will be visible.

To allow accounts that include division 100 - but restrict those that do not contain the division segment - you would set account permissions as follows:

  • If the default access in G/L Options is All Accounts:

Allow

Segment

From

To

No

Division

ZZZ

Yes

Division

100

100

All division segments with a blank value are restricted.

  • If the default access in G/L Options is No Accounts:

Allow

Segment

From

To

Yes

Account

ZZZZ

Yes

Region

ZZ

Yes

Division

100

100

No

Division

Note that the order of permissions for the division segment is important.