# Account Link Authorization

### **Module Guide: Account Link Authorization**

#### **Module Location**

#### Settings &gt; Accounting Settings &gt; Account Link Authorization

#### **Module Purpose**

#### The **Account Link Authorization** module is a crucial security and access control feature. Its function is to grant or restrict the authority of specific users (employees) to access or use functionalities related to specific **Account Link** categories. This allows for the implementation of the principle of **separation of duties** and ensures that only authorized personnel can perform transactions in sensitive accounting areas.​

### **1. Main View (Authorization Page)**

#### The main page is an interface for managing user access rights to specific Account Link categories within a chosen company.

#### **View Explanation**

- #### **Filter**:
    
    
    - #### **Account Link**: A dropdown to select the functional accounting category for which access rights will be set (e.g., `Inventory`, `Sales`, `Asset Management`).
    - #### **Company**: A dropdown to select the company where this authorization rule will apply.
- #### **Access Management Boxes**:
    
    
    - #### **Unauthorized Employees**: The box on the left, displaying a list of all users who currently do **not** have access to the selected Account Link category.
    - #### **Authorized Employees**: The box on the right, displaying a list of users who currently **have been granted** access.
- #### **Movement Buttons**:
    
    
    - #### **&gt;&gt;**: Moves a selected user from the "unauthorized" list to the "authorized" list, thereby granting them access rights.
    - #### **&lt;&lt;**: Moves a selected user from the "authorized" list to the "unauthorized" list, thereby revoking their access rights.
- #### **Action Button**:
    
    
    - #### **Change**: Saves all authorization configuration changes that have been made.

### **2. Steps to Set Authorization**

- #### **Select Functional Area**: Choose an **Account Link** category from the dropdown (e.g., `Inventory`).
- #### **Select Company**: Specify the **Company** where this rule will apply.
- #### **Grant Access**: In the left box ("Unauthorized Employees"), select one or more employee names you want to grant access to. Click the **&gt;&gt;** button. Their names will move to the right box.
- #### **Revoke Access**: If you want to revoke access rights, select an employee's name from the right box ("Authorized Employees") and click the **&lt;&lt;** button.
- #### **Save Changes**: Once finished, click the **Change** button at the bottom to save the configuration.

### **3. Integrated Workflow &amp; Business Process**

- #### **Access Control Implementation**: The settings in this module directly limit what users can see and do in other modules.​
- #### **Example**: If you set up authorization for **Account Link: Inventory** and only grant authority to "Khusni Amalia," then only Khusni Amalia can perform transactions that touch inventory-related accounts (such as creating a Stock Adjustment Journal, viewing the Inventory Value Report, etc.). Other users will not be able to access these functions or will receive an error message.
- #### **Separation of Duties**: This is an effective tool for implementing the separation of duties. For example, you can set it so that only Warehouse staff can access the `Inventory` Account Link, while only Accounting staff can access the `Revaluation` Account Link.

### **4. Tips &amp; Important Notes**

- #### **Principle of Least Privilege**: Apply the "principle of least privilege." Grant users authority only for the areas they absolutely need to perform their jobs.
- #### **Periodic Review**: Review these authorizations periodically (e.g., quarterly or whenever there is a change in employee roles) to ensure access rights remain relevant and secure.
- #### **Critical Security**: This module is one of the pillars of financial data security within the system. Access to change the settings in the **Account Link Authorization** module itself must be highly restricted, ideally only to the System Administrator.