Securing Your Expenses System

This chapter provides an overview of security for Expenses and discusses how to:

Set up authorized users.
Delegate entry authority.
Implement self-service applications.

Understanding Security for Expenses

Expenses was designed with a variety of users in mind. Set up access to Expenses that is appropriate for different employees, depending on their roles in the expense approval process.

Your company may have staff, such as a travel and expense department, who submit expense reports for employees. Assign these staff members authorized user IDs to access the pages and menus for your expense system. They must also be authorized to enter expense information for specific employee IDs.

An approver in Expenses is typically a department manager responsible for charges against one or more departmental budgets. You must authorize approvers in Expenses security or they will not be able to access the transactions in the system.

Setting Up Authorized Users

To set up authorized users, use the Authorize Users (TE_EE_AUTHORITY2) component.

This section discusses setting up user IDs to enable employees to enter expense transactions for themselves and on behalf of others.

Page Used to Set Up Authorized Users

Page Name	Object Name	Navigation	Usage
Authorize Users	TE_EE_AUTHORITY	Travel and Expenses, Manage Expenses Security, Authorize Expense Users Employee Self-Service, Travel and Expenses, User Preferences, Delegate Entry Authority	Authorize access to employees to process expense transactions for themselves and on behalf of other employees.

Setting Up an Authorized User

If you manually enter and validate an employee in Expenses, the system will automatically insert that employee's User ID, if applicable, as an authorized user. Access the Authorize Users page.

Authorized User ID

If employees enter their own transactions, they must each be entered as an authorized user for themselves. Select a user ID to grant the ability to enter expense transactions on behalf of the employee. You can authorize more than one ID for an employee. You must also select the user ID for the authorized users if they process expense transactions for themselves.

Delegating Entry Authority

Some companies do not have staff members who submit expense reports for everyone in the organization, so employees perform this task themselves. Employees can grant authority to enter expense data on their behalf to authorized user IDs. Employees sign on to the system using their assigned user IDs. When using the delegate entry authority function, the Authorize Users page opens automatically with the employee ID used to access the system. If you need to delegate authority for others, use the Define Expenses Security menu option to access all employee IDs.

Implementing Self-Service Applications

Expenses provides employees with secure and convenient access to your expense system through self-service web pages. Self-service page navigation is defined by roles in the organization, so setup requires you to identify the appropriate role for each individual who needs access.

This section provides an overview of security and roles and discusses how to set up roles.

Understanding Security and Roles

A user’s profile determines what self-service pages the user can access. To set up security and roles:

Create user profiles in the Maintain Security page on the User Profile component.
Assign each user profile a role.
Link the roles to permission lists.

Each permission list identifies the pages that users assigned to a role can access. Expenses delivers a permission list (EPEX9000) that enables users to access all pages in the application.

Note. If you modify a permission list, you change access for all users assigned to roles that are linked to it.

Expenses uses roles to govern access to pages. Using the standard self-service menus, you can access Expenses pages using the employee, approver, and project manager roles. Expenses delivers these role definitions:

Role Name	Description
EX_EMPLOYEE	Employee
EX_APPROVAL	Expenses approver.
EX_AUDITOR	Expenses auditor.
EX_PROJMGR	Expenses project manager.

Setting Up Roles

To enable users to access self-service pages:

Link user IDs to the employee, manager, or project manager roles.
Associate the roles with permission lists that provide access to the appropriate self-service applications.

Employee Role

User IDs set up with the employee role can select:

Delegate Entry Authority.
Create/Update User Template.
Create Travel Authorization.
Modify Travel Authorization.
View Travel Authorization.
Cancel an Approved Travel Authorization.
Delete Travel Authorization.
Print Travel Authorization.
Create Cash Advance.
Modify Cash Advance.
View Cash Advance.
Delete Cash Advance.
Print Cash Advance.
Create Expense Report.
Modify Expense Report.
View Expense Report.
Delete Expense Report.
Print Expense Report.
Create Time Report.
Modify Time Report.
View Time Report.
Delete Time Report.
Print Time Report.
View My Wallet.
Review My Wallet Receipts.
Review Expense History.
Review/Edit Profile.

Manager Role

User IDs set up with the manager role can select:

Approve Transactions
Modify Approved Transactions

Note. User IDs set up with the manager role can also access employee user defaults from a link on the expense transactions pages.

Project Manager Role

User IDs set up with the project manager role can select Approve Transactions.