RE: Can a role that is permitted to make advanced intercompany JE be restricted to view specific subsidiary data?
Client wants to know if a role that can make Advanced Intercompany transactions can be restricted to not be able to see the other subsidiary’s data. After testing, it seems that a role has to have more than 1 subsidiary access in order to make advanced intercompany JE. However, giving that user access to those 2 subsidiaries also allows the role to view reports of those two subsidiaries like Income Statements. Is it possible to restrict that role’s access to just being able to make advanced intercompany JE that will post to both subsidiaries, and at the same time, that role can only view data for one subsidiary(the one he belongs to)?
I would create a secondary role that has access to both subsidiaries and what they need to record journal entries only. When they need to book interco journal entries they swap to that role. Post what they need to and then get back on their standard role. There is not a very effective way to handle this requirement, other than that approach, without a ton of work removing permissions and then granting special exceptions to specific reports and removing their ability to customize them.