G/L Security is a feature of General Ledger that lets you limit the accounts that individual users can view or work with to minimize the risk of unauthorized activity.
With G/L Security, you can:
You select the option to use G/L Security and set a default level of access to accounts using the Account tab of the G/L Options screen.
You can set the default account access as follows:
Note: You do not require permission for all accounts to perform periodic maintenance functions, such as deleting inactive accounts. However, occasionally, you may find that you cannot edit or delete a structure code, segment, or source code because it is used by an account that you cannot see. In this case, a user with access to all accounts must modify the accounts that use the code or segment you are trying to delete.
No Accounts. Prevents all Sage 300 users except the Admin user from seeing accounts and account data in General Ledger and subledger applications unless you grant individual access rights to accounts in the G/L Account Permissions screen.
If you select No Accounts, other Sage 300 users cannot enter Accounts Receivable invoices or post transactions unless you assign them permissions.
When you turn on G/L Security, the next time you sign in to Sage 300, an Account Permissions option appears on the navigation menu under G/L Accounts. You use the G/L Account Permissions screen to assign access rights to accounts.
You assign access depending on your security needs. For example, you can set up identical access rights for all Sage 300 users within a department, division, or business unit that restrict access to accounts outside that group. For maximum security, you can block your entire chart of accounts to all Sage 300 users except the Admin user.
You can test the effects of the G/L security options you select by signing in to Sage 300 as a user other than Admin and checking which accounts are visible in the G/L Accounts screen. If you selected No Accounts, you will not see any account numbers listed.
If you are using G/L Security and want to create rollup accounts, you must have access rights to view all member accounts of the rollup account in order to view the rolled up balances in the higher level account.
If a rollup account is accessible under the user’s security rights, all of its member accounts are also assumed to be accessible.
Account access restrictions affect Sage 300 user activities in the following ways:
If users enter restricted account numbers into fields, they will see an error message stating that the specified account does not exist in the General Ledger.
Even if the user has Journal Posting rights, they cannot post batches if G/L Security has been set to No Accounts.
If you use a mix of account structures in your chart of accounts, you need to consider how Sage 300 handles accounts that do not contain all the segments you use in your system.
If an account number does not include a particular segment (for example, division), Sage 300 considers this segment blank. Unless you specifically restrict blank values for the division segment, the segment will be allowed.
For the sample company, SAMLTD, account 1000 contains only the account segment. If you do not restrict blank division and region segments and the account segment 1000 is allowed, account 1000 will be visible.
To allow accounts that include division 100 but restrict those that do not contain the division segment, you would set account permissions as follows:
If the default access set on the G/L Options screen is All Accounts:
| Allow | Segment | From | To |
|---|---|---|---|
| No | Division | ZZZ | |
| Yes | Division | 100 | 100 |
All division segments with a blank value are restricted.
If the default access is No Accounts:
| Allow | Segment | From | To |
|---|---|---|---|
| Yes | Account | ZZZZ | |
| Yes | Region | ZZ | |
| Yes | Division | 100 | 100 |
| No | Division |
Note: The order of permissions for the division segment is important.