Security of Organization Branches
If your organization has multiple branches defined in MYOB Acumatica, you may need to control which employees get access to which branches. Because branches share some data, you may also need to control access to the shared data. MYOB Acumatica provides user access roles, which you can use to control users' access to branches, and restriction groups to limit the visibility of shared data. In this topic, you will read about ways to manage the security of a branch.
Usage Scenarios
The most common scenarios of managing the security of company branches are the following:
- Managing user access to branches: If your organization has multiple branches (and you have created multiple branches in MYOB Acumatica), you can configure access to branches for employees who work in these branches. For details, see User Access to Branches.
- Managing the visibility of data shared between branches: If you need to make data shared between branches (such as general ledger accounts and subaccounts) visible only within a particular branch, you can use restriction groups to resolve this task. For more information, see Visibility of Data Within a Branch.
User Access to Branches
After multiple branches have been defined in the system, you provide access to the branches for users who will work in the system as follows:
- On the User Roles (SM201005) form, you create branch-specific user roles (one role per branch) and assign these roles to user accounts. For details on user roles, see User Roles: General Information.
- On the Branches (CS102000)
form, you assign the roles to branches as follows: For each branch, in the
Access Role box, you select the user role created
for this branch. To allow a user to access multiple branches, assign to him
or her the roles for the branches to which the user should have access.Note:Once a role is assigned to one of the branches, other branches also must have roles assigned. A branch with no role assigned will be inaccessible to any user.
If a user, based on his or her role, has access to a data entry form where this user enters a document and specifies the branch of origin, only the branches to which the user has access are available on the drop-down list. The users who have access to multiple branches can select the specific branch from the Branches menu on the form's title toolbar and create documents on behalf of the selected branch.
No matter which branch users have access to, users who have access to the following forms, based on their roles, will see and work with all branches (because users configure system objects by using these forms):
- Inter-Branch Account Mapping (GL101010)
- Branches (CS102000)
- Buildings (CS205010)
- Assignment and Approval Maps (EP205000)
- Import Company Tree (EP204060)
- Restriction Groups by Branch (GL103020)
- GL Accounts by Branch Access (GL103040)
- Subaccounts by Branch Access (GL103060)
Visibility of Data Within a Branch
Branches have some data shared between branches and some data kept as branch-specific (for details, see Multiple Branch Support). You may need to restrict the visibility of data that is shared but may contain sensitive information, such as general ledger accounts and subaccounts. MYOB Acumatica provides restriction groups so you can control which accounts and subaccounts are used with which branch. For details on configuring restriction groups for accounts and subaccounts, see Account and Subaccount Security.
Forms for Branch Security
In the following table, you can find the list of the forms that you can use to manage restriction groups with branches and the tasks that you can resolve by using each form.
Task | Form |
---|---|
To initially configure the visibility of accounts by branches | GL Accounts by Branch Access (GL103040) |
To initially configure the visibility of subaccounts (or subaccount segments) by branches | Subaccounts by Branch Access (GL103060) |
To change the visibility of system objects by a branch in multiple groups | Restriction Groups by Branch (GL103020) |
For information about how to add or remove objects from a restriction group, see Operations with Restriction Groups.