Updated on 3/5/2019
How-To
Financial Data Access Control
Direct link to topic in this publication:

An access to the Chart of Accounts and financial information may be restricted if you assign responsible persons: employees entitled to handle outlets’ financial information (hereinafter “Outlet Mngr.”) and employees responsible for accounts and their contents (hereinafter “Account Mngr.”) and provide permissions required to handle the financial module. Such distribution of responsibility among chain employees works the following way:

  1. Responsibility in outlets (Outlet Mngr.) limits an employee's access to the financial information of selected outlets only.
  2. To access financial information, one needs to have special permissions (See Handling Financial Module).
  3. If an account has no Account Mngr., you can access it if granted standard financial permissions and responsibility in outlets (Outlet Mngr.).
  4. If an account has an Account Mngr., this restriction is triggered in addition to paragraph 3: only persons specified in the Account Mngr. list (if standard permissions to handle finances are provided and Outlet Mngr. restrictions are in place) may change the account transactions in their respective outlets.
  5. The Outlet Mngr. setting also limits outlets available to you when you log in to iikoChain. Now, in the single outlet mode, an employee may not access outlets where he or she is not an Outlet Mngr.

Access Setup

Handling Financial Data

You can set up the Outlet Mngr. parameter in the Responsible field on the Additional information tab of the employee record. Outlets, where this employee is registered, are checked.

A corporation employee may be an Outlet Mangr. not only in his or her outlet but also other outlets. If an employee is registered in iikoChain under the All Subdivisions mode, then he or she becomes an Outlet Mngr. in all outlets of the corporation (the Responsible field of the employee record will have all the outlets checked). If you add a new outlet, this employee would become a responsible person in this one as well. If registered in a single outlet mode, the employee would be a responsible person only in the outlet he or she belongs.

To assign an employee to an Outlet Mngr. role (or remove this role), one needs to have a special permission and log in to iikoChain under the All Subdivisions mode. For this, open an employee’s record on the Additional information tab and check the outlets where he or she must be a responsible person.

To assign an Outlet Mngr., one needs to have the following permissions: “View employee list” (B_VE) and “Add, delete and edit employee cards” (B_EE).

You may check which outlets an employee is assigned a responsible person role in the Responsible column of the list of employees under the All Subdivisions mode in iikoChain. You may also get a list employees responsible in a particular subdivision if you specify its name in the filter bar (marked with ) in the Responsible field.


Handling Accounts

To appoint an Account Mngr., select Edit account in the shortcut menu, click Add (under Responsible field), select the required employee, and click Add. Once all Account Mngr. employees are added, save the account by clicking Save.

If necessary, you can cancel such assignment by selecting the employee in the Responsible field and clicking Delete.

Handling Financial Module

To be able to change an account tree structure, view and edit accounts, make account transactions, pay invoices, and receive Cash flow statements, an employee shall have special permissions. Responsible employees may be granted the following permissions.

PermissionNameDescription
Finances menu item
B_FINWork with financesAbility to handle financial module (Finances menu item).
B_VCOAView chart of accountsAbility to view the list of accounts (Finances > Chart of Accounts).
B_ECOAEdit chart of accountsAbility to edit (create and delete) accounts (Finances > Chart of accounts). User must have the B_VCOA permission.
B_MCBOpen accountAbility to open a particular account and view transactions (Finances > Chart of Accounts and Open account).
B_ECBCreate and edit manual account transactionsAbility to make account transactions in the Chart of Accounts (Finances > Chart of Accounts).
B_INVPPay invoicesAbility to handle invoice payment interface (Finances > Debt to Contractors).
B_ECFAEdit CF articlesAbility to edit CF articles (Finances > CF Articles).
B_VCFRView cash flow reportAbility to view Cash Flow Statement (Finances > Cash Flow Statement).

Recommendations on Separation of Permissions

Let’s consider an example of how responsibility may be allocated among such users as shareholders, bookkeepers, and a financial director.

View Financial Data in Your Outlets

Let’s take a closer look at how to set up an access to the financial module and account transactions which have no Account Mngr. assigned (shareholders).

Financial Module Reports

An employee may use the Chart of accounts, Profit and loss report, and Cash flow statement to view the payment details of individual outlets of the chain if under the All Subdivisions mode in iikoChain. For this, you have to assign this user the Outlet Mngr. role in such outlets (permissions that allow handling finances are also required).

Suppose an employee (user) is linked to a group of outlets (in the Subdivisions field on the Additional information tab of his or her personal record) and is assigned the Outlet Mngr. role only in one of them, for instance, East-1. Besides, he or she is granted permissions required to handle finances.

Such an employee will following options available:

  1. He or she may view outlets where he or she is an Outlet Mngr. and if in the All Subdivisions mode of iikoChain.
  2. The Chart of accounts shows the balance sheet of the outlet where the employee is an Outlet Mngr. (in our case, East-1).
  3. The Balance sheet, Profit and loss report, and Cash flow statement show only those amounts that pertain to outlets where the employee is an Outlet Mngr. In our example, it is only East-1 which is available in the Subdivision Filter field, and the financial data that the employee may view belongs to this subdivision.


  1. The Chart of accounts shows the balance sheet of the outlet where the employee is an Outlet Mngr. (East-1).


  1. The Balance sheet shows details of the outlet where the employee is an Outlet Mngr. (East-1).


  1. The Profit and loss report shows details of the outlet where the employee is an Outlet Mngr. (East-1).


  1. The Cash flow statement shows details of the outlet where the employee is an Outlet Mngr. (Restaurant).

Account Transactions

Let’s take a closer look at how to set up an access to the financial module and account transactions which have no Account Mngr. assigned (shareholders).

  1. Suppose an Employee 1 is a responsible employee in all outlets, whereas Employee 2 in East-1 only.
  2. Both have the following permissions: Work with finances (B_FIN) and Open account (B_MCB). Besides, they may open accounts only using the Open account item in the Finances section.
  3. If you provide such users with the “View chart of accounts” (B_VCOA) permission, they will be able to open an account from the Chart of accounts by clicking the Account transaction shortcut menu item.
UserOutlet Mngr.Permissions to handle FinancesAccount Mngr.
Employee 1at all outletsB_FIN, B_MCB, B_ECOAaccount managers are not set
Employee 2only at Vostok 1B_FIN, B_MCB, B_ECOAaccount managers are not set
  1. In this case, Employee 1 may view transactions made at all outlets (an outlet, to which a transaction belongs, is given in the Subdivision field).

l

  1. Employee 2 may view transactions effected at his or her outlet and see the opening and closing balances.


Handling the Chart of Accounts

Let’s take a closer look at how you can set up the Chart of Accounts to be able to change it, view and edit all accounts if no Account Mngr. (Financial Director) is assigned.

If an employee is an Outlet Mngr. at all the outlets but has no permissions to handle finances (B_FIN), he or she cannot see the Finances section. To allow an employee view accounts and change an account tree structure of all chain outlets, you have to make the following settings:

  1. Make him or her a responsible employee (manager) at all outlets. For this, open an employee record on the Additional information tab and check all outlets in the Responsible field.
  2. Grant him or her the following permissions: “Work with finances” (B_FIN), “View chart of accounts” (B_VCOA), “Open account” (B_MCB), and “Create and edit manual account transactions” (B_ECB).
  3. Once done, an employee will be able to view accounts and make transactions at all outlets but the Chart of accounts structure won’t be editable (available items: Finances > Open account and Account transactions shortcut menu item, locked items: Edit account shortcut menu item and New account button, hidden items: Create sub-account shortcut menu item).


  1. For an employee to be able to edit the accounts tree structure, in addition to the permissions listed above they will also need the “Edit chart of accounts” (B_ECOA) permission. After that, the following shortcut menu items will become available: Edit account and Create sub-account, as well as the New account button.
  2. An employee assigned the Outlet Mngr. role at all outlets and granted the following permissions may edit accounts, create account transactions, and change an account tree structure at all chain outlets:
UserOutlet Mngr.Permissions to handle FinancesAccount Mngr.
Employee 1at all outletsB_FIN, B_VCOA, B_MCB, B_ECB, B_ECOAaccount managers are not set

Handling Account Data in Your Section

Let's take a look at how to allow users to view and edit the contents of accounts in their section, for example, “Trade Cash Registers” (safe), section bookkeepers.

  1. Suppose an Employee 1 is appointed to the Outlet Mngr. role at all outlets, whereas Employee 2 and 3 at East-1 only. All three employees are granted the following permissions: B_FIN, B_VCOA, B_MCB, B_ECB. Such employees may edit accounts.
  2. Let’s make Employee 1 and 2 responsible (Account Mngr.) for the Trade Cash Registers (safe) account.
UserOutlet Mngr.Permissions to handle FinancesAccount Mngr.
Employee 1at all outletsB_FIN, B_VCOA, B_MCB, B_ECB“Trade Cash Registers”
Employee 2only in “Restaurant”B_FIN, B_VCOA, B_MCB, B_ECB“Trade Cash Registers”
Employee 3only in “Restaurant”B_FIN, B_VCOA, B_MCB, B_ECBnot “Account Mngr.” for “Trade Cash Registers”
  1. In this case, in the “Trade Cash Registers” account, employees are empowered to do the following (under the “All Subdivisions” mode in iikoChain):
  • Employee 1 may change (create, edit, and delete) transactions in this account for all outlets.  Each transaction shows an outlet where it belongs (in the Subdivision field).


  • Employee 2 may change transactions in this account only for their outlet ‒ Vostok 1.


  • Employee 3 has no access to the account details.


  1. In other accounts, where no Account Mngr. is set, all employees may change transactions at the outlets where they assigned an Outlet Mngr. role. However, Employee 3 may not create account transactions if a correspondent account of a transaction is Cash Registers and he or she is an Account Mngr.


Canceling Roles and Revoking Permissions

In this example, let’s consider how an access to accounts depends on the roles assigned and permissions provided, and how it changes if we first cancel an employee’s Account Mngr. role and then remove the Outlet Mngr. role and revoke permissions to handle finances.

  1. Suppose an employee is assigned to the Outlet Mngr. role at all outlets and the Account Mngr. role for the Trade Cash Registers account, besides, he or she has permissions to handle finances.


  1. Let’s first cancel the Trade Cash Registers Account Mngr. role of this employee; the account will still have two managers (responsible employees) assigned. For this, open the account, select this employee and click Delete in the Responsible field. Now the employee may view and edit this account but cannot change its details as there are other managers assigned for this job.


  1. Let’s cancel Trade Cash Registers Account Mngr. role of all employees. For this, open the account and remove all responsible employees. Now, this employee may edit the account, view and create transactions at all outlets.


  1. Let’s cancel the Outlet Mngr. role in all outlets. For this, while in the All Subdivisions mode of iikoChain, open an employee record on the Additional information tab and uncheck all the items in the Responsible field. Now, this employee may view and edit this account but cannot create transactions (account shows no details and he or she cannot choose an outlet where the transaction belongs).

  1. Let’s revoke all the permission granted to the employee. Now, this employee cannot view accounts (open accounts both from the Chart of Accounts and by means of the Open Account item).