Prospero Security Permissions

Security Permissions control the specific actions, behaviors and features that users have access to in Prospero. The Permissions workspace is where permissions are shown or assigned and is selected by clicking on a Prospero User or Role from the User Definition workspace in Security.

To access the Security User Definition feature, you must log in to the entity using an ID with permission to Administer Security and Maintain Users and Roles. This is an Administrator-level permission.

All Prospero User accounts and Role groups have a corresponding User Definition workspace. However, permissions can only be assigned and managed at the Role level. The information that appears when viewing an individual User is read-only and can’t be managed from the User’s workspace.

In the Role’s Permission section, each permission is granted by selecting (checking) the corresponding checkbox. As you select or de-select a specific permission, the required Prospero Licensing type will update based on the current selection.

The Permissions available in Prospero include:

Administrative Roles

•      Administer Security – This permission grants access to all features and functions on the Security Navigation Pane such as User Definition and System Locks and Messages.

Note: The Administer Security permission is required to be able to delete Prospero Users and Roles.

•      Maintain Entities – This permission allows management of elements on the Configuration Navigation Pane, such as adding, managing, or deleting Entities, Book Codes, Number Formats, and Calendars.

•      Maintain Users and Roles – This permission allows for the addition or modification of Prospero Roles and Users, assignment of permissions, and the changing of passwords.

Note: The Administer Security permission is required to be able to delete Prospero Users and Roles.

•      Maintain Segment Definition – This permission allows the addition, modification, and deletion of Segments.

•      Manage Currency Module – This permission allows for currency definitions to be added, modified, or deleted and is only available when Prospero is licensed for Currency functionality. For more information, see the section on Currency.

Setup Roles

•      Maintain Report – This permission allows the creation, modification, and deletion of Report Definitions. Also, this permission or the Maintain Building Blocks permission is required to use the Remove Lock feature.

•      Maintain Building Blocks – This permission allows the creation, modification and deletion of Column and Line Definitions. Also, this permission or the Maintain Reports permission is required to use the Remove Lock feature.

•      Maintain Trees – This permission allows the creation, modification, and deletion of Tree Definitions.

•      Maintain Segment Values – This permission allows the creation, modification and deletion of Segment information contained in a Segment’s worksheet.

•      Maintain Input Definitions – This permission allows the creation, modification, and deletion of budgeting Input Definitions. In addition, this permission allows users to clear input History. This option will only be valid when budgeting and reporting or budgeting-only are licensed in Prospero.

•      Maintain Report Collections – This permission allows the creation, modification, and deletion of Report Collections.

Note: The Maintain Input Definitions permission applies only when Prospero budgeting is licensed. For more information refer to the section on Prospero Licensing

Report Use Roles

•      Run Reports – This permission allows the execution of any report a user has defined or to which they have been granted rights to via the Visibility option.

•      Allow drill down on reports – When checked, this permission allows drill-down on reports.  

•      Allow full detail view – When checked, this permission grants users the ability to open the full detail view for a report.

•      Drill down to transaction details – This permission allows drill-down to view the underlying transactional detail on reports.

•      Publish Reports – This permission allows the user to publish reports they have defined or to which they have been granted rights to via the Visibility option. For more information see Creating Published Reports.

•      Visibility to view all reports - When checked, this permission indicates that the role will be added to all reports' Visibility screens in Prospero. In addition:

o  The role cannot be removed at the report's Visibility screen level. Any Save to the Visibility screen will retain the role. (New reports will have the role added to the Visibility screen automatically.)

o  If the permission is subsequently revoked, the role will be removed from all report’s Visibility screen.

By default, this permission is not enabled on any role’s Security screen.

•      View all data – This permission allows access to all data for a segment. Therefore, when the “All” option is selected when running a report, the user will have access to every item in that segment. If a user without this permission attempts to use the “All” option, the report would return the sum of only the items in the segment for which they have access to and/or data.

In addition, when this permission is granted, users will not need to have their specific Assignments granted and the option will not be available on the Security Tools Security context ribbon when the user is selected.

•      View Published Reports – This permission allows the user to run published reports to view them.  If you have the “Publish Reports” permission, you are granted this permission by default.

•      Annotate reports – This permission allows adding, editing, or deleting annotations on published reports. Administrators can add, delete or modify their own or other user’s annotations. All other users add, delete or modify their own annotations.

•      Run Report Collections – This permission allows the execution of report collections. The reports contained in the collections must be those which a user has defined or to which they have been granted rights to via the Visibility option.

Input User Roles

•      Input Data – This permission allows the user to input budgeting data using Input definitions. This permission allows:

o  Adding, editing, or deleting data on the input data workspace.

o  Adding, editing, or deleting annotations on the input data workspace.

o  Ability to perform Line Item Import (when Import Data is also granted).  

Note: Administrators can add, delete or modify their own or other user’s annotations. All other users add, delete or modify their own annotations.

If you have the “Maintain Input Definitions” permission, you are granted this permission by default.

•      Input Human Resources Data – This permission allows:

o  Adding, editing, or deleting HR data on the input data HR workspace.

o  Ability to perform HR Import (when Import Data is also granted). 

If you have the “Maintain Input Definitions” permission, you are granted this permission by default.

•      Input Capital Data – This permission allows the user to input budgeting capital data on Input definitions. If you have the “Maintain Input Definitions” permission, you are granted this permission by default.

•      Use Human Resources Management – This permission allows the user access to the HR Management screen option. When checked, users can access the HR Management screen. Otherwise, the screen is disabled. Administrators are granted this permission by default.

•      Read Only Human Resources screens – When selected, this permission indicates that the Human Resources tab in input screen can be opened but will not be editable. This option is not granted to any users by default and must be set based on the required circumstance. In addition, the “Input Human Resources Data” permission must also be selected.

•      Read Only Capital screens – When selected, this permission indicates that the Capital tab in input screen can be opened but will not be editable. This option is not granted to any users by default and must be set based on the required circumstance. In addition, the “Input Capital Data” permission must also be selected.

Note: Input User Role permissions apply only when Prospero budgeting is licensed. For more information refer to the section on Prospero Licensing

Import/Export Roles

•      Extract Data – This permission allows export of GL data from the Prospero system. For more information see the Data Extract Tool.

•      Import Data – This permission allows import of data to the Prospero system. This includes the Excel Import, HR Import and Line Item Import. For the HR Import and Line Item Import, the role must also have the Input Human Resources Data or Input Data permissions assigned, respectively.

For more information see the section on the Excel Import process.

•      Perform Integration – This permission allows integration functions between the Prospero system and any external GL system.

When licensing Prospero budgeting-only, this permission will not be available as data integration processes are not part of this module. For more information see the Data Integration process.

For more information on setting up your Prospero Security Permissions, contact MS Support.