Set up and manage users and groups

Users in Management Reporter are assigned to one of four roles: administrator, designer, generator, or viewer. By default, all new users are assigned to the role of viewer. Before you set up new users, some planning is required. List the tasks that each user performs. Review the descriptions of the User roles and assigned tasks and Permissions. When you create the user account, assign the role that is appropriate for each user. By default, the role assignments include the tasks defined in the table in User roles and assigned tasks.

Note

You must have the Management Reporter role of administrator to set up and manage users.

This topic contains the following sections:

  • User roles and assigned tasks

  • Permissions

  • Manage users

  • User groups

  • Manage user groups

User roles and assigned tasks

By default, roles and tasks are defined as shown in the following table.

Role

Report Designer tasks

Desktop Viewer tasks

Administrator

The administrator is allowed full access to all tasks in Report Designer.

The administrator is allowed full access to all tasks in the Desktop Viewer.

Designer

The designer can design, generate, edit, view reports and report building blocks, and schedule when reports are generated.

The designer can delete, edit, create folders, rename reports and folders, export reports, and view reports that the designer has been granted access to.

Generator

The generator can generate reports and modify parameters for reports.

The generator can create and rename folders, view, delete, edit, rename, and export reports that the generator has been granted access to.

Viewer

The viewer is not granted access to Report Designer.

The viewer can view and export reports that the viewer has been granted access to.

Management Reporter uses several levels of security to help ensure that only authorized users can perform tasks in Management Reporter, modify the building blocks that are used for reports, and view the reports that are generated to the report library. For an overview of the levels of security in Management Reporter, see Set up security. For information about how to secure individual reports or folders, see the “Report library security” section in Set up security.

Some security permissions are limited to certain roles, but you can modify security permissions for individual users, or assign users to a group and then modify security for the user group. For more information, see Manage users.

Note

Depending on your Microsoft Dynamics ERP system, user roles might be assigned automatically based on user permissions in the ERP database. For more information, see the integration guide for your Microsoft Dynamics ERP system.

Note

To manage security for users, user groups, and companies, open Report Designer, and on the Go menu, click Security.

Permissions

Management Reporter defines the following permissions. Each of these permissions is associated with one or more roles.

Permissions

Description

Roles allowed

Generate

Allows you to generate reports from Report Designer to include all output.

Administrator, Designer, Generator

Exporting reports

Allows you to export and print from Desktop Viewer.

Administrator, Designer, Generator, Viewer

Create reports

Allows you to create rows, columns, trees, and report definitions in Report Designer.

Administrator, Designer

Report library administration in Management Reporter Desktop Viewer

Allows modifications to the security settings (view, edit, create, and delete access) on folders, items, and report versions in the report library.

Administrator

Dimension set access

Allows modifications (create, edit, and delete) to dimension sets, and to view dimension sets from the Edit menu when you are viewing a row definition. Users without this permission can see the list of dimension sets and use them in reports, but cannot change them.

Administrator, Designer

All companies access

Allows you to generate reports and to access the data for all companies in Management Reporter. Users without this permission can be granted access to specific companies on the Company Access tab. Users without access to any company cannot log on to Management Reporter.

Administrator

Company administration

Allows modifications (create, edit, and delete) to companies, and to view companies from the Company menu. Users without this permission can see the list of companies, but cannot change them.

Administrator

Building block administration

Allows modifications (create, edit, and delete) to building block groups and to view building block groups from the Company menu. Users without this permission can see the list of building blocks, but cannot change them.

Administrator, Designer

Security administration

Allows modifications (view, edit, create, and delete for users, groups, and companies) to security settings in Report Designer.

Administrator

Undo building block checkout

Allows you to undo a building block checkout and to view the list of building block checkouts from the Tools menu. Users without this permission can see the list of building block checkouts, but cannot change them.

Administrator

Unprotect protected building blocks

Allows you to unprotect building blocks and to unprotect the building blocks from the Tools menu when you are viewing a building block. Users without this permission can protect a building block that they have modification access to, but they cannot unprotect any building blocks.

Administrator

Report queue administration

Allows you to clear and view all reports in the Report Queue Status dialog box.

Administrator

Submit XBRL

Allows you to submit an XBRL instance document to be filed with the appropriate authorities. Submission is made on the Web Viewer using the Submit button.

Administrator, Designer, Generator, Viewer

Manage users

You must have the role of administrator to create user accounts and assign the appropriate permissions for a user’s work functions, add a user to a group, and provide access to specific companies. The administrator can also inactivate or delete a user account.

Management Reporter uses Windows authentication to verify a user’s existing Windows credentials and allow access to Management Reporter. Rather than entering a user name and password, a user can click OK in the connection dialog box.

Security noteSecurity Note

To log on to a company and access the data that is required to create reports, a user may also have to be set up as a valid user in the Microsoft Dynamics ERP system. For more information about user roles and data integrations, see the data integration guide for your Microsoft Dynamics ERP system.

A user cannot use Management Reporter until they are set up as a valid user. As part of Management Reporter security, an administrator must assign a role for a user before the user can generate or view reports in Management Reporter. For more information about roles, see User roles and assigned tasks.

An administrator can inactivate a user account without deleting the user information in Management Reporter. This can be helpful if you have a limited number of Management Reporter licenses and you want to temporarily allow access to another user.

Create a user account

  1. Open Report Designer. On the File menu, click New, and then click User to open the New User dialog box. You can also select Security in the navigation pane, right-click in the results pane, and then select New User.

  2. On the General tab, in the User name field, type the domain and user name of the user to add, or click Search to browse for users. The Advanced button in the Select Users dialog box provides additional search options.

  3. In the Management Reporter assigned role field, select a role for the user in Management Reporter. For more information about roles, see Permissions.

  4. If you select the Designer role, under the Optional Permissions section, you can grant permission for the user to modify building blocks that are part of a report schedule by selecting the Edit scheduled building blocks check box. The Permissions granted field shows a list of permissions with a check box next to the new user’s permissions.

  5. To add this user to a group, click the Groups tab. In the Member of list, select the Access check box next to the group name or names to associate with this user. To remove access, clear any of the Access check boxes.

  6. To grant access to companies, click the Company Access tab. In the Access column, select the check box next to each company to which the user will have access. The Inherited from group check box indicates if any companies that the user inherits have access based on the user group settings.

  7. Click OK to save the new user settings.

Modify a user account

  1. Open Report Designer. In the navigation pane, click Security, and then click Users.

  2. Right-click a user name and select Modify to open the Modify User dialog box.

  3. Change the appropriate settings.

  4. Click OK.

Inactivate a user account

  1. Open Report Designer. In the navigation pane, click Security, and then click Users.

  2. Right-click a user name and select Modify to open the Modify User dialog box.

  3. On the General tab, select the Account is disabled check box.

  4. Click OK.

Delete a user account

  1. Open Report Designer. In the navigation pane, click Security, and then click Users.

  2. Right-click a user name, and then select Delete.

  3. Click Yes to permanently delete the user account.

User groups

You can create user groups and grant access to a company based on groups. This allows you to grant users access to many companies without having to change each user's permissions. You can create a report and select one group, instead of selecting dozens or hundreds of individual users. For example, instead of selecting each manager in a company, you can create a Managers group and then add managers to the group.

You can grant group access to reporting units in reporting tree definitions. You can also grant group access to a report library location.

For more information, see Manage user groups.

Manage user groups

Assigning users to a group allows a Management Reporter administrator to create access settings that are customized to specific work functions. Members of a user group inherit the permissions assigned to the group. This approach helps minimize the maintenance activities for user accounts.

Security noteSecurity Note

The administrator can use groups to prevent or permit user access to certain companies or specific folders or sets of data in the report library.

Create a group

  1. Open Report Designer. On the File menu, click New, and then click Group.

  2. Enter a unique name and description for the user group.

  3. To add a user to the group, click Add, and then select the users to add to the group. To select more than one name, hold down the Ctrl key while you select user names.

  4. To select group access to companies, click the Company Access tab, and then select the Access check box for each company that members of the group should have access to. All users in a group inherit access to the selected companies.

  5. Click OK to save the group settings.

Modify a group

  1. Open Report Designer. In the navigation pane, click Security, and then click Groups.

  2. Double-click a group name to open it.

  3. Modify any settings.

  4. Click OK to save the group settings.

Delete a group

  1. Open Report Designer. In the navigation pane, click Security, and then click Groups.

  2. Right-click a group name, and then click Delete.

  3. Click Yes to permanently delete the group.

See Also

Set up security

Administrators