General Ledger Accounting Roles and Permissions
The General Ledger (GL) Accounting hub is the foundational component of finance functionality. It contains features to perform the following functions:
Structure, create, and manage GL accounts
Track account activity
Review account balances
Enforce account security
Process batches and journal entries
Generate monthly and ad hoc reports
Complete month- and year-end close processes
Add project codes and manage projects
The people that typically work in the GL Accounting hub are controllers and staff accountants. In J1 Web, the default roles can be grouped in four distinct areas: GL account access, project security, batch access (called "transaction groups" in Desktop), and administrative functionality.
GL Account Access roles determine who can access the GL accounts in your system. Users must be in at least one of these roles (or a copy of them) to view and work with GL accounts throughout the system. In other words, every finance user must be in at least one of these roles.
The Project Access role lets you create project codes that can be tied to various finance transactions in budgets, requisitions, POs, and other finance entities. You can implement project security to restrict who has access to certain information based on the project code associated with it.
Batch access roles determine what users can do with groups of transactions. Each batch is associated with a source code, and roles can be associated with one or more source codes.
Administrative roles let you manage transactions, monthly adjustments, reports, GL settings, and GL users and roles.
Roles
Jenzabar provides two roles to secure how users access GL accounts.
The General Ledger Accounting GL Account Component Access role lets users access accounts based on the components defined on the General Ledger Settings page. For example, you may grant access to accounts based on the department and fund components. Users in roles with access to the specified department and fund will be able to view and work with those accounts.
The General Ledger Accounting GL Account Alternate Code Access role lets users access accounts based on predefined codes associated with the account. In Desktop, alternate code access was used primarily with the GL budgeting feature to manage who is assigned to view budget and actuals for GL accounts. In Jenzabar One Web, alternate code access simply provides another way for your school to determine who can access a GL account.
Note
At this time, alternate security codes are defined in the Desktop Define Alternate Account Security Groups window. For additional information about setting up these codes, see the online help: Budget Officer Definition window.
Alternate codes can be created with an alphanumeric hierarchy that allows for additional levels of account access.
Notice
Jeff has access to code A. GL account 1 is assigned code A, GL Account 2 is assigned code AA, and GL Account 3 is assigned code AAA. Since Jeff has access to code A, he will be able to view all three GL accounts because of the hierarchical relationship.
Each role's permissions, security, and associations determine how users in the role accomplish tasks in the system.
Permissions
Both roles have the the following permissions in the GL Account Management section.
Permission | Users in this role can. . . |
|---|---|
Can view GL accounts | See GL accounts they have access to throughout the General Ledger hub. With this permission, users can also see the account details, transactions, and certain budget and account access information. |
Can edit GL accounts | Make updates to existing GL accounts they have access to. |
Can create GL accounts | Add new GL accounts to the system. |
Can delete GL accounts | Remove GL accounts from the system. |
Can download to Excel | Export account activity for one or more accounts to an Excel spreadsheet. |
GL Account Activity
The "Can view and download GL account activity" permission in this section grants access to the GL Account Activity page, which replaces the Campus Portal GL Account Lookup feature and lets users enter search criteria to view balance information for a selected range of GL accounts.
The accounts users can view on the GL Account Activity page are limited to those enabled on the Associations tab.
Note
Users with permission in this section don't typically have permissions in the GL Account Management section because they don't need to manage GL accounts. Those who previously worked in the Campus Portal GL Account Lookup feature should be granted permissions from the GL Account activity section, not the GL Account Management section (i.e., all the checkboxes in the GL Account Management section should be empty).
GL Account Security
The GL account access roles let you restrict how users interact with account information throughout the system. You can provide unrestricted or restricted access based on your selection in the GL Account Security section on each role's Permissions tab.
When the Can view all GL accounts (unrestricted) checkbox is selected, users in the role can see all the GL accounts everywhere in the system unless otherwise restricted (e.g., some GL accounts may not be visible based on your school's configurations or other permissions). For example, when someone creates a requisition in the Procurement hub, they can select from the comprehensive list of GL account numbers in the system.
When the Can view all GL accounts enabled by associations (restricted) checkbox is selected, users in the role will only see the GL accounts that have been enabled on the Associations tab. For example, when someone creates a requisition in the Procurement hub and only the department cash accounts have been enabled on the Associations tab, they will see only those cash accounts in the GL accounts list.
Note
Only one checkbox can be selected at a time. The associations tab determines which accounts users can access when they aren't on the GL Accounts page. If both checkboxes are deselected, users in the role won't be able to view GL accounts outside of the GL Accounts page (i.e., they won't see account information on pages that display account details, such as batch or transaction pages).
Associations
The Associations tab identifies which accounts the role has access to. Role permissions are applied to all of the associations enabled on this tab. Depending on the GL Account Security, the enabled accounts may be the only ones visible to users when they work outside of the GL Accounts page.
GL Account Component Access Role
When account access is granted via account components, the Associations tab lists the available options and combinations for the components defined on the General Ledger Settings page (e.g., Component 2 and Component 3). (The General Ledger Settings page mirrors the Desktop General Configuration window, G/L tab.) The module manager can enable one or more of the components your school has defined. If your school has defined two security components, you can also define which combination of account components users can access.
You can use the Access to all component values filter options to enable access for all accounts or just for accounts associated with the specified component.
Notice
To grant access to all accounts associated with the Alderman Library (Object component 0101), enable access for the row with "Access to all component values" in the Department column.
The Association Filter can narrow down the list of component combinations. The Has accounts filter is particularly helpful for viewing component combinations that have GL accounts associated with them. Use the View accounts button to see which accounts are tied to a component combination.
Notice
Jenzabar University has set Component 3 (Department) as Account Security Component 1. Stacey is a module manager who grants access to the school's accounts. She wants to give Jeff access to accounts in the math, biology, and physics departments. When Account Security Component 1 is selected on the General Ledger Accounting GL Account Component Access role, Associations tab, a list of the school's departments displays (e.g., 2000 - Math, 3000 - Biology, 4000 - Physics, etc.). For Jeff's access, Stacey enables the 2000, 3000, and 4000 components. When Jeff works in the GL module, he'll be able to see account information for GL accounts where the value for Component 3 is either 2000, 3000, or 4000.
GL Account Alternate Code Access Role
When account access is granted via alternate security codes, the Associations tab lists the alternate codes that are defined on the Desktop Define Alternate Account Security Groups window. Module managers can enable the appropriate codes for each role.
GL accounts can also be associated with an alternate security code when they are created or edited. Each alternate security code on the role's Associations tab lets you view the associated accounts to help you determine who should have access.
Alternate codes honor an alphanumeric hierarchy. Codes that are based on an existing code are considered children of the existing code. For example, a parent code 'A' has children codes of "A1', 'A2', and 'A3'. When users are granted access to the parent code, they are also granted access to all the child codes.
Tip
You can use the Association Filter to narrow down the list of alternate security codes displayed. The Has accounts filter is particularly helpful for viewing alternate security codes that have GL accounts. Use the View accounts button to see which accounts are tied to an alternate security code.
Notice
The school has defined security codes A, A1, and A11. The account for the baseball team is associated with code A, the account for the basketball team is associated with code A1, and the account for the volleyball team is associated with code A11. Kyle has access turned on for code A1, so he can see accounts for the basketball and volleyball teams.
The General Ledger Accounting Project Access role provides an additional level of security to financial transactions. You can associate transactions with a project code and use the project detail page to view a comprehensive summary of costs for the project.
Permissions
The following permissions are available for the role. These permissions apply generally to the Projects page; access to specific project codes is granted via the Associations tab.
Permission | Users in this role can. . . |
|---|---|
Can view projects and generate Project Summary reports | View projects on the General Ledger Accounting hub and generate Project Summary reports. NoteIf any other projects permissions are granted, the "Can view" permission is automatically granted. |
Can edit projects and project security | Access project detail pages and update project information and which roles have access to the project code. NoteUsers may not see some transactions associated with the project if they don't also have permission to view the GL accounts. |
Can create projects | Add new project codes to the system and determine which roles can access the project code. |
Can delete projects | Remove project codes from the system. NoteUsers cannot delete projects if they don't also have permission to view the project's GL accounts. |
Can download to Excel | Download project transaction details to an Excel spreadsheet. |
Project Security
You can provide unrestricted or restricted access to project-related information based on your selection in the Project Security section.
When the Can view all projects (unrestricted) checkbox is selected, users in the role can see all project codes everywhere in the system. For example, when someone enters a transaction in a batch, they can select from the comprehensive list of project codes.
When the Can view only projects enabled by associations (restricted) checkbox is selected, users in the role will only see the project codes that have been enabled on the Associations tab. For example, when someone enters a transaction in a batch, they can only select from the project codes that have been enabled on the Associations tab.
Note
Only one checkbox can be selected at a time. The associations tab determines which project codes users can access when they aren't on the Projects page. If both checkboxes are deselected, users in the role won't be able to view projects codes outside of the Projects page (i.e., the Project Code drop-down is disabled when they enter transaction information throughout the system).
Associations
When new projects are created, the project codes are added to the project code list on the Associations tab. On the Create Project page, you can turn access on for one or more General Ledger Accounting Project Access roles in the Assign Project Security Access section. If access has been turned on, the project code will be enabled on the Associations tab of the associated role when the project is saved.
Note
Project codes created in Desktop are visible on the Associations tab.
The General Ledger Accounting batch access roles grant permissions to view and manage groups of transactions for specified source codes.
Permissions
All batch access grant access to the Batches pages and batch detail pages, and provide many or all the permissions listed below.
|
|
Note
Most roles let you create and import batches, but batches for certain source codes are created outside the General Ledger Accounting hub (e.g., receipt (RC), miscellaneous (MS), and invoice (IV, IM, MN) batches). The "Can create and import batches" permission is not available for those source codes.
Additionally, some source codes can't be posted (e.g., @C and @F) and others cannot be reversed (e.g., IV, IM, and MN), so "Can post batches and generate Post reports" and "Can reverse batches" permissions are not available.
Associations
Source code associations enable access to the batch source code combinations you want users to access. Each batch type is a separate role in Jenzabar One Web (e.g., the source codes associated with Accounts Payable batches are managed in the General Ledger Accounting Accounts Payable Batches role). Users that need access to source codes in different batch types need to be added to multiple roles.
Batch Type | Associated Source Codes |
|---|---|
Accounts Payable | IM - Immediate check invoices IV - Regular check invoices MN - Manual check invoices RF - Refunds from vendors VD - Void check invoices |
Adjustment | JL - Journal entries MA - Monthly adjustments |
Charge | CG - Student charges (automatically created) FC - Finance charges IT - Interest earned TP - Tuition paid in advance |
Conversion | CV - Conversion necessary |
Customized | Any custom source codes your school creates. |
Development | GF - Development gifts |
Disbursement | DB - Disbursements |
Financial Aid | FA - Financial Aid LD - In-House Disbursement LO - Financial Aid Loan |
Fixed Asset | FX - Fixed assets |
GST Credits | TX - GST tax credits |
Miscellaneous | MS - Miscellaneous transactions |
Payroll | FR - Fringe benefits - Payroll LB - Labor distribution - Payroll |
Preliminary | @C - Preliminary student charges @F - Preliminary financial aid |
Receipt | RC - A/R Receipts |
The roles below grant users different permissions to work with GL settings, definitions, transactions, monthly adjustments, reports, and users.
General Ledger Administration
This role grants permission to manage the General Ledger Accounting Settings page. The settings on that page mirror the Desktop General Configuration window, G/L tab. Additionally, this role grants permissions to manage custom content blocks on General Ledger Accounting and Administration hub Summary pages. (Custom content blocks can be used for announcements and to display important metrics based on data sets.) This role also provides access to the Account Component Definitions and Source Code Definitions.
General Ledger Accounting GL Transaction Access
This role grants access to view, edit, and download transactions from the Transactions list page. Additionally, it grants permission to view GL account balances. (This functionality is also available in the Desktop Look Up Account Transactions window.)
General Ledger Accounting Monthly Adjustment Access
This role grants permissions to view, edit, create, delete, download, and process monthly adjustments.
Note
Monthly adjustments are treated like batches in Jenzabar One Web, and users with permission to view and process monthly adjustments also need to be in a General Ledger Accounting Adjustment Batches role to see MA batch transaction details.
General Ledger Accounting Processes
This role grants permission to run GL Processes such as the month and year close processes and the recalculation of financial balances. These permissions let users edit batches and run reports directly from the the process wizard.
General Ledger Accounting Reporting
This role allows users to access the Reports hub and generate the following general ledger reports.
Fund Balance Audit
Month Close
Month Close Selection
Trial Balance
Year Close Exceptions
Year to Date History
General Ledger User and Role Management
This role is for module managers, and allows users outside of IT to manage who can access features and information in the General Ledger Accounting hub.
There are two permission groupings in this role. The General Ledger Roles section lets module managers view and manage General Ledger Accounting roles, as well as copy roles, update the permissions, and assign users to the role.
The General Ledger Users section lets module managers see which users in the system can access General Ledger Accounts features and add or remove them from role assignments.
Permissions
Several processes in the General Ledger Accounting hub allow users to send and review communications (e.g., emails and notifications), and users must have the appropriate module access to use this functionality. Module access can be turned on for the GENERALLEDGER code in one or more General Ledger Accounting roles.
Tip
For additional information about working with Communications, see the Communications online help and Module Access Codes.
Users can view and edit GL-related UDEFs from the GL Accounts and GL Transactions pages. Permission to access those fields is granted on the User-Defined Fields tab of the General Ledger Accounting GL Account Component Access, General Ledger Accounting GL Account Alternate Code Access, and General Ledger Accounting GL Transaction Access roles. Select from the following permission options to grant access to "General Ledger Account User-defined fields" and "General Ledger Transaction User-defined fields."
No permissions
Can view UDEF data
Can edit UDEF data
Can configure UDEF form
For additional information about UDEF permissions, see Edit Role - User-defined Fields Tab.