Statewide SecurityHandbook
Cardinal
CommonwealthofVirginia
January 2016
TABLEOF CONTENTS
Cardinal SecurityHandbook...... 3
Cardinal Security Officers (CSO)...... 3
Cardinal SecurityForm...... 3
Cardinal UserRoles...... 3
Segregation of Duties Policy Exceptions...... 4
AccountsPayableUserRoles...... 5
AboutthisSection...... 5
AP UserRolesDescriptionsTable...... 5
AccountsPayableWorkflow...... 10
AboutthisSection...... 10
AccountsReceivableUserRoles...... 12
AboutthisSection...... 12
AR UserRolesDescriptionsTable...... 12
GeneralLedger User Roles...... 14
AboutthisSection...... 14
GLUserRolesDescriptionsTable...... 14
GeneralLedgerWorkflow...... 17
AboutthisSection...... 17
AdditionalUserRoles...... 18
AboutthisSection...... 18
Additional UserRolesDescriptionsTable...... 18
Appendix...... 19
StatewideCentral Roles...... 19
AboutthisSection...... 19
StatewideCentral RolesDescriptionsTable...... 19
CardinalSecurityHandbook
Eachagency isestablishedasaBusinessUnit inCardinal andeachuser inCardinal isassignedaRow Level Securitypermissionlist.ThispermissionlistdeterminestheBusinessUnitsthattheusercan access.Thepurposeof RowLevel Security is topreventusersfrombeingable tomodifyorviewdata for otheragencies. A usercanonlyview,enter, orprocess transactionsforBusiness Unitsincludedin theirRowLevel Securitypermissionlist.
Cardinal usersneedtobeassigned theappropriaterolesandsecuritysettings in theCardinal System to haveaccess todotheir jobs. This Cardinal Security Handbookisdesigned tohelpagenciesdetermine thecorrect rolesfor Cardinal users.
Cardinal SecurityOfficers(CSO)
TheCardinal SecurityOfficers listedontheDepartmentofAccount (DOA)AuthorizedSignatoriesForm (DA-04-121)havebeengrantedauthoritytoauthorize theCardinal SecurityTeam to add, updateand deleteusersinCardinal thatarebothpreparersandapproversof transactionsinCardinal. Byapproving atransactioninCardinal, theagency,departmentorinstitution, anditsemployeesandagents, agree to thecertificationscontainedin theCommonwealthAccountingPolicyandProcedureManual for the applicable transaction.
Cardinal SecurityForm
TheCardinal SecurityForm must becompletedbytheapplicableagency’sCardinal Security Officer (CSO).Theform shouldincluderequiredsignaturesprior tosubmitting totheCardinal SecurityTeam, in orderforaccesstobegrantedinCardinal.
TheCardinal Security Form canbefoundintheStatewideToolboxtabontheCardinal websiteusing the followingpath:
StatewideToolboxCardinal SecurityCardinal SecurityForm(SE-SW-001)
Use thisform to:
•AssignuserstoroleswithinCardinal
•UpdateexistingCardinal user information
•Lockout usersnolonger requiringaccesstoCardinal
The Cardinal Security Officer will submit thecompletedform totheCardinal SecurityMailboxat:
Cardinal User Roles
Use theCardinal Security Handbookasareferencewhencompleting theCardinalSecurityform. It definesCardinalrolesbyfunctional area.
Youwill findthefollowinginformationin thehandbook regardingCardinalroles:
•Roledescriptions
•Segregationofduties
•Other roleconsiderations
Segregation of Duties Policy Exceptions:
Several combinationsof Cardinal securityroleshavebeennotedaspotential segregationofduty(SOD) conflictsinthishandbook. Asageneralrule, SOD rolecombinationswill notbegrantedtoCardinal users. Exceptionscanbe requestedfor agencieswherelimitedstaffingisavailableorspecial circumstancesexist. Before completing or submittingasecurityform where an SOD role combination conflict is being requested for a user, theagencyshould first completethefollowingsteps in order to obtain approval for an agency SOD conflict exception.
Submitawrittenrequest toDOA’sDirectorof General Accounting(email:) that includes:
oException requested
oJustificationfor theexception
oDescriptionof theinternal controlimplementedbytheagencytomitigatethelackof segregationof duties
oApproval (signature) from yourAgency Head
DOA General Accounting will notify the agency in writing if the exception is granted.
Once the SOD Exception has been approved by DOA General Accounting, the agency should take the following additional steps when submitting a Cardinal Security Form (SE-SW-001) for any user requesting SOD conflicting role combinations:
Complete the Cardinal Security form (flagging the SOD Exception), attach a copy of the DOA General Accounting notification granting approval of the applicable agency exception
Scan and email the form and exception approval notice to DOA’s Director of General Accounting (email:)
If approved, DOA General Accounting will sign the form, scan and email the approved form to Cardinal Security at and to the Cardinal Security Officer for that agency
AccountsPayableUserRoles
AccountsPayable (AP) is themainsourceofall non-payrollpaymentinformationfor afinancial entity. AP includes thefollowingprocesses:
•EstablishandMaintainVendors
•EnterandProcessVouchers
•ExpenseProcessing
•ProcessPayments
•Process1099
AboutthisSection
Thissectionoutlinestheavailable rolesforAP inCardinal. UsetheAP UserRolesand Descriptions
Tablebelowtodetermine theappropriateAProlesneededbyagency usersinCardinal.
TheAP User RolesDescriptionsTableprovides thefollowinginformation:
•RoleDescriptions
•SegregationofDuties
•OtherRoleConsiderations
APUser RolesDescriptionsTable
DescriptiveRoleName / RoleDescription / SegregationofDuties / OtherRole
Considerations
VendorConversation
Processor
V_AP_COVA_VENDOR_CONVERSATION / Thisroleisfor users
routinely involvedin the VendorProcuretoPay processwhohavea need tointeract with vendors. Thisrolehas accessto:
•RecordVendor
Conversations / N/A / N/A
VoucherProcessor
V_AP_COVA_VOUCHER_PROCESSOR / Thisrolehasaccess
to:
•Enter andmaintain vouchers
•Review voucher accountingentries
•Deletevouchers / Shouldnotbe
given toauser with theVoucher Approveror
Final Voucher
Approverroles. / N/A
DescriptiveRoleName / RoleDescription / Segregationof
Duties / OtherRole
Considerations
SpecialVoucherProcessor
V_AP_COVA_SPEC_VCHR_PROCESSOR / Thisrolehasaccessto everythingtheVoucher
Processor has. In addition,thisrolehas accessto:
•Manuallyschedule payments
•Recordmanual payments
•Updatevoucherswith paymentoffsets(liens, garnishments)
•Unpost Vouchers
•Closevouchers
•Placeholdson vouchers / Shouldnotbe given toauser
with theVoucher
Approveror
Final Voucher
Approverroles. / Thisroleistheonly rolethatisable toupdate/correct ScheduledDueDate when the00PP paytermisused.
VoucherApprover
V_AP_COVA_VOUCHER_APPROVER / Thisrolehasaccess
to:
•Approvevouchers / Shouldnotbe
given toauser with theFinal Voucher Approver,Voucher Processor,Petty CashProcessor Special Voucher Processor or Workflow System Administrator roles. / N/A
Final VoucherApprover
V_AP_COVA_VCHR_FINAL_APPROVER / Thisrolehasaccess to:
•Approvevouchers
Note: Theremustbea userwith theVoucher Approverlevel rolefor theFinal Voucher Approverlevel role to beused.This isan optionfora2ndlevel of agencyvoucher approval. / Shouldnotbe given toauser
with theVoucher Approver, Voucher
Processor,Petty
CashProcessor SpecialVoucher
Processor or Workflow System Administrator roles. / N/A
DescriptiveRoleName / RoleDescription / Segregationof
Duties / OtherRole
Considerations
VoucherUploadErrorReporter
V_AP_COVA_VCHR_ERROR_REPORTER / Thisrolehas accessto:
•View and execute the voucher upload error report.
Note: Thisreport can containsensitivedata, so thisroleshouldonly be assigned to authorized users based on agency secure data policies. / N/A / Thisroleisonly
availablefor interfacingagencies.
PaymentReconciler
V_AP_COVA_PAYMENT_RECONCILER / Thisrolehasaccess to:
•Manuallyreconcile
pettycashpayments / N/A / N/A
1099Administrator
V_AP_COVA_1099_ADMINISTRATOR / Thisrolehasaccess
to:
•Create1099reporting filetoIRS
•Create vendorCopy-
B reports
•Run1099processes
•Makeadjustmentsfor
1099 reporting
•Run1099reportsand queriescontaining
sensitivedata / N/A / Thisrolewill have
accesstosensitive data, asitwill beable toviewVendorTINon the vendorrecord.
ExpensesEmployee
V_AP_COVA_EXPENSES_EMPLOYEE / Thisrolehasaccess
to:
•Enter travel authorizations
•Enter cashadvances
•Enter expense reports for selforasaproxyto others
•Viewtheirown employeeprofile
•Deletetravel authorizations
•Deletecashadvances
•Deleteexpense reports
•Cancel travel authorizations / Shouldnotbe given toauser with the Expense Approverrole. / Users with this role must be designated by the agency as anExpenseProxy.
DescriptiveRoleName / RoleDescription / Segregationof
Duties / OtherRole
Considerations
ExpensesProcessor
V_AP_COVA_EXPENSES_PROCESSOR / Thisrolehasaccess to:
•Reconcilecash advances
•Closeexpense
reports
•Viewexpense accountingentries
•Authorizean
employee toenter expensesonbehalfof another employee (proxyconfiguration)
•Createtemplates
•RunExpense reports withsensitivedata
•ViewExpenseReport
andCashAdvance paymentsand cancelations. / N/A / N/A
EmployeeProfileMaintenance
V_AP_COVA_EMP_PROFILE_MAINT / Thisrolehasaccess
to:
•Create/update employeeprofilesnot
includingbanking information / N/A / Theagencywill need
tomaintainemployee profiles.Thereshould beat least one individual ateach agencywith thisrole.
ExpenseApprover
V_AP_COVA_EXPENSES_APPROVER / Thisrolehasaccess
to:
•Approveexpense transactions / Shouldnotbe
given toauser with the Expenses Employee role. / Anyuserthat may
approveexpenses shouldbegiven this role,eveniftheyare notdesignatedasa Fiscal Officer or Agency Head. Users with this role must be designated by the agency as an Expense Proxy.
ExpensesReassign
V_AP_COVA_EXPENSES_REASSIGN / Thisrolehasaccess to:
•Moveexpense transactionsfromone
approver'sworklist to another / N/A / N/A
DescriptiveRoleName / RoleDescription / Segregationof
Duties / OtherRole
Considerations
SecurePaymentReporter
V_AP_COVA_SECURE_PMNT_REPORTER / Thisrolehasaccess to:
•Runpayment reports containingsensitive data
•RunPayment History by Vendor,Payment
Historyby Bank, PaymentHistoryby
Payment,andTrial
Register reports / N/A / N/A
PettyCashProcessor
V_AP_COVA_PETTY_CASH_PROCESSOR / Thisrolehasaccess
to:
•Createpettycash checksviaexpresspay
page / Shouldnotbe
given toauser with theVoucher Approveror
Final Voucher
Approverroles. / N/A
PaymentCashConfigurator
V_AP_COVA_PYMNT_CASH_CONFIG / Thisrolehasaccess
to:
•Setpayment priorities
for specificvouchers, expense reports, and/or cashadvances viacashchecking transactionpriority page / N/A / N/A
WFSystemAdministrator
V_COVA_WF_WL_REASSIGN / Thisrolehasaccess to:
•Moveworklistitems fromoneUser to
another.
•SettheAlternateUser
ID towhichfuture transactionswill flow. / Shouldnotbe given toauser
withapproval accessto
Vouchersand
Journals. / Thisroleshouldbe assignedtooneUserandno more than 2 backupsper agency.
EDI VIEWER
V_AP_COVA_EDI_SRC / Thisrolehasaccess to:
•Run the query for the EDI vendor list.
Note: This role is available to Tier II and Tier III agencies only. / N/A / This role will have access to sensitive data, as it will be able to view Vendor TIN.
AccountsPayableWorkflow
AboutthisSection
Workflowisanautomatedprocessthat takesaCardinal transactionand routesit tothenextapprover levelfor action(approveordeny).
ExpensesWorkflow
Expense transactions are routed for approval based on Department IDs
ThefollowingExpenserole(s)aretiedtoworkflow:
•ExpenseApprover
As a general rule, only employees assigned to the Expense Approver role because it deals with the approval of expenses. Non-employees cannot be assigned to this role. When an expense transaction is entered for an employee, the person who is identified in Cardinal as their supervisor in their expense profile will be the first level of Cardinal approval for online agencies. This is not necessarily their operational supervisor, as not all supervisors have users IDs in Cardinal. The supervisor approver level does not apply for interfacing agencies.
Pleaseuse theinformationprovidedbelowtoselect theappropriateExpenseApproverworkflowprofile for yourusersinCardinal andlist the department ID rangesfor which theuserwill approve. A user can only be assigned to one of the below expense approver profiles and only one user per profile/department range combination.
ExpenseApproverProfile / ProfileDescriptionFiscalOfficer / Approvalof allexpensereports,travelauthorizations,andcash advances.Thisapprovallevelis optionalforonlineagencies.
AgencyHead / Approvalof expensereportsandtravelauthorizationscontaining
expenseamountsovertheallowableamountand/orover$500. Interfacingagencieswillnothavethe AgencyHeadapprovallevelin Cardinal.
DOA Pre Audit / Approval of expense reports for Capital Outlay projects. This role may only be selected by employees of the following agency(s):Department of Accounts – General Accounting
VoucherWorkflow
Usersassignedthefollowingrolewill beassigned theagencyspecificroutecontrol profile(s)inorderto properlyroutetransactionsforapproval. Routecontrol profilesareassigned touserstoidentifythe
areasonwhich theywork.
•VoucherApprover or Final VoucherApprover
Iftheuser isassignedtotheVoucher Approveror Final VoucherApprover role,agencieswill needto identifytheBusiness Unitnumber(s)forwhich thatusercanperform approvals. Pleasenote,theFinal VoucherApprover roleisonlyapplicable toagencies that havepreviouslyselectedtwolevelsofvoucher approval.
AccountsReceivableUserRoles
AccountsReceivable (AR)isthefunctional areathathandlesaseriesofaccounting transactionsdealing withfundsreceipts. AR includes thefollowingprocess:
•EnterFundsReceipts
AboutthisSection
Thissectionoutlinestheavailable rolesforAR inCardinal.UsetheAR UserRolesDescriptionsTable belowtodeterminetheappropriateAR rolesneededbyagency users inCardinal.
TheAR User RolesDescriptionsTableprovides thefollowinginformation:
•RoleDescriptions
•SegregationofDuties
•OtherRoleConsiderations
AR User Roles & Descriptions Table
DescriptiveRoleName / RoleDescription / SegregationofDuties / OtherRole
Considerations
FundsReceipt Processor
V_AR_COVA_FUNDS_REC_PROCESSOR / Thisrolehasaccessto:
•Enter depositsfor miscellaneouspayments•Enter direct journalaccountingentriesfor deposits / N/A / N/A
Funds Receipt Manager
V_AR_COVA_FUNDS_REC_MANAGER / Thisrolehasaccessto everythingtheFunds ReceiptsProcessor rolehas. Inaddition, thisrolehas accessto:
•ReviewandComplete direct journal accounting entries
•BudgetCheckjournal entriesonline
•Groupandapprove depositswithacustom depositcertificateforsubmissiontoCARS and theDepartmentof Treasury. / N/A / N/A
DescriptiveRoleName / RoleDescription / Segregationof
Dutiess / OtherRole
Considerations
FundsReceiptsProcessorfor
MultipleGLBU
V_AR_COVA_FUNDS_REC_MULTIBU / Thisrolehasaccessto:
•Enter paymentsand deposits
•Enter directlyjournaled payments
•Process formultipleGL businessunitsona FundsReceipt transaction / Therolewill be
restrictedtoa select groupof usersfrom the Department ofthe Treasury. / Approval is required by a designated Cardinal DOA Approver to obtain this role.
FundsReceiptManager Multi BU
V_AR_COVA_FUNDS_REC_MGR_MULTI / This role has access to everything the Funds Receipts Multi BU Processor role has. In addition, this role has access to:
•Review and Complete direct journal accounting entries for Multi BU transactions
•Budget Check journal entries online for Multi BU transactions
Group and approve deposits with a custom deposit certificate for submission to CARS and the Department of Treasury. / N/A / Approval is required by a designated Cardinal DOA Approver to obtain this role.
GeneralLedgerUserRoles
General Ledger (GL) is thefunctional areathathandles the set of financial accountsusedto:accumulate theresultsoftransactionprocessing,createbudgets,generatefinancial statementsandprovidesource financial datafor reportingpurposes. GLincludes thefollowingprocesses:
•SystemSetupandChartFields
•CreateandProcessBudgetJournals
•CreateandProcessJournals
•PeriodClose
AboutthisSection
Thissectionoutlinestheavailable rolesfor GLinCardinal.UsetheGLUserRolesDescriptionsTable belowtodeterminetheappropriateGLrolesneededbyagency users inCardinal.
TheGLUser RolesDescriptionsTableprovides thefollowinginformation:
•RoleDescriptions
•SegregationofDuties
•OtherRoleConsiderations
GL User RolesDescriptionsTable
DescriptiveRoleName / RoleDescription / SegregationofDuties / OtherRole
Considerations
JournalProcessor
V_GL_COVA_JOURNAL_PROCESSOR / Thisrolehasaccessto:
•Enter journals online
•Enter spreadsheet journals
•Edit journalsonline
•Budget check journalsonline
•Copya journal
•ExecuteSpreadsheet Upload process(batchprocess)
•Reviewbudget check
exceptions / Shouldnotbe given toauser
with the
Journal
Approverrole. / Agenciescannot enter an“agencyto
agency” (ATA)
journalthat crosses businessunits
outsideof their
controlgroup. Agencieswill need
tosubmit requests
toDOAGeneral Accountingwhen anATAjournal is
needed (seeCAPP Cardinal Topic
20405fordetails).
JournalProcessor
Interfacing
V_GL_COVA_JRNL_PROCESSOR_INT / Thisroleisthesameas the
Journal Processor roleabove, butit isonlyavailable to InterfacingAgencies. / Shouldnotbe
given toauser with the Journal Approverrole. / N/A
DescriptiveRoleName / RoleDescription / Segregationof
Duties / OtherRole
Considerations
JournalApprover
V_GL_JOURNAL_APPROVER / Thisrolehasaccessto:
•Approve journals
•Post journalsthroughbatch processor online
•Reviewjournal lines
•ExecuteSpreadsheet Upload process(batchprocess)
•ExecuteJournalEdit through batchprocess
•ExecuteJournalBudget
Check throughbatchprocess / Thisrole shouldnotbe
given toauser with the Journal
Processor,
Journal
Processor – Interfacing or Workflow System Administrator roles. / N/A
AgencyChartField
Administrator
V_GL_COVA_AGENCY_CF_ADMIN / Thisrolehasaccessto:
•MaintainAgencycontrolled
ChartFields(Department, Project, Cost Center,Task, Asset, Agency Use1,Agency Use2)
•MaintainSpeedTypes/SpeedCharts / N/A / N/A
BudgetProcessor
V_GL_COVA_BUDGET_PROCESSOR / TheBudget Processoris responsibleforbudget journals at theagency-level. Thisrole
hasaccessto:
•Enter budgetjournals,budget transfersandbudget
adjustments
•Upload journalsusingthe
Spreadsheet Budget Journal upload
•Reviewandcorrectbudget journal errors / Shouldnotbe given toauser with theBudgetApproverrole. / N/A
BudgetApprover
V_GL_COVA_BUDGET_APPROVER / TheBudget Approveris responsibleforagency-level budgets.
Thisrolehasaccessto:
•Post budget journalsthrough onlineorbatchprocess
•Deletebudget journals
throughonlineorbatch process
•Post budget transfersand
adjustments
• Overrideagency level budget exceptions
Upload spreadsheet budget journals / Shouldnotbe given toauser with theBudgetProcessor role. / N/A
DescriptiveRoleName / RoleDescription / Segregationof
Duties / OtherRole
Considerations
GeneralLedgernVision
Executer
V_GL_COVA_NVISION_EXECUTER / Thisrolehasaccessto:
•Maintain thescopeof nVisionreports
•CreatenVision report
requests / Thisrolemay only be selected by employees of the following agency/division(s):
- Department of Accounts
- BOA
have theCAFR Processor role.
CAFR Processor
V_GL_COVA_CAFR_PROCESSOR / Thisrolehasaccessto:
•Enter andreportonCAFRledgers(Cash,ModifiedAccrual,Full Accrual)
. / Thisrole may only be selected by employees of the following agency/division(s):
- Department of Accounts
- BOA
conjunctionwith the Journal Processor roleinorder tobe
able toenter journal entriestotheCAFR
ledgers.
<or>
Thisrolehastobe assigned in conjunctionwith the Journal Approver role tobeableto postCAFR entries, althoughthereisno approval process
forCAFR entries.
GeneralLedgerWorkflow
AboutthisSection
Workflowisanautomatedprocessthat takesaCardinal transactionand routesit tothenextapprover level toapproveordeny.TheGLJournal Approveristiedtoworkflow.
Usersassignedtothefollowingrolewill beassigned theagencyspecific routecontrol profile(s), to properlyroutetransactions forapproval. Routecontrol profilesareassigned touserstoidentifythe areasonwhich theywork.
•Journal Approver
Iftheuser isassignedtotheJournal Approverrole,agencieswill need toenter theBusinessUnit(s)forwhich that usercanperform approvals.
AdditionalUserRoles
Theadditional roles that followrelate toreporting,queries,PeopleSoftusersystem setup and Special Approval roles.
AboutthisSection
Thissectionoutlinesadditional rolesinCardinal.Pleaseuse theAdditionalUserRolesDescriptions
Tablebelowtounderstand therolesall Cardinal userswill receive.
TheAdditional UserRolesDescriptionsTableprovides thefollowinginformation:
•RoleDescriptions
•SegregationofDuties
•OtherRoleConsiderations
AdditionalUserRolesDescriptionsTable
Descriptive Role Name / Role Description / Segregation of Duties / Other Role ConsiderationCardinal Viewer
V_COVA_CARDINAL_VIEWER / This role has access to:
- Read only pages in Cardinal that do not contain sensitive data
Cardinal Reporter
V_COVA_CARDINAL_REPORTER / This role has access to:
- Run public queries that do not contain sensitive data
Cardinal PeopleSoft User
V_COVA_PEOPLESOFT_USER / This role has access to:
- Run public queries that do not contain sensitive data
BI_Adhoc_User
V_BI_ADHOCUSER_FIN / This role is for select users designated as Cardinal BI reporting super users. This role has access to:
- Develop ad hoc private reports and queries in the Cardinal Business Intelligence (BI) application
APA Audit Special
V_ALLPAGES_APA_RO / This role is designated for APA Staff responsible for auditing the Cardinal Financial System.
- Read Only access to production database for all business units
- Create private queries
- Read Only access to Remote Desktop, SQL Developer Read Only & Application Designer
Audit Inquiry
V_AUDITOR / This role is for designated Audit Staff responsible for conducting agency audits. This role has access to:
- Comprehensive Read Only inquiry including sensitive data.
Appendix
StatewideCentralRoles
Statewide Central Roles areonly available toselect agencies and/or operations, for example: Department ofAccounts(e.g., General Accounting, Commonwealth Vendor Group), Departmentof Treasury, etc. Anyrequest toassigna StatewideCentral Rolerequiresapprovalfrom adesignatedCardinal DOA Approveror specific designeenotedin thetable thatfollows.
AboutthisSection
ThissectionoutlinescentralrolesinCardinal. PleaseusetheStatewideCentral RolesDescriptions
Tablebelowtounderstand therolesin Cardinalthatwill becontrolledbycentral departments.
TheAdditional UserRolesDescriptionsTableprovides thefollowinginformation:
•RoleDescriptions
•Restrictions
•OtherRoleConsiderations
StatewideCentralRolesDescriptionsTable
DescriptiveRoleName / RoleDescription / Restrictions / OtherRoleConsiderations
VendorMaintenanceSpecialist
V_AP_VENDOR_MAIN_SPECIAL / Thisrolehasaccessto:
•Enter vendors
•Maintainvendors includingfinancial sanctions,TINmatching, and1099reportingclass setup
•ConfigureDepartment of Small Business and Supplier Diversity (DSBSD) certification types and conversation keywords / Thisrolemayonly beselectedby
employeesofthe following agency/division(s):
•Department of Accounts: CVG
•Department of
Accounts:General
Accounting / Vendoradditions
and maintenance will beownedby CVG. Users assigned to this role must also be assigned the
Vendor Conversation Processor role.
EDICoordinator
V_AP_EDI_COORDINATOR / Thisrolehasaccessto:
•Enter EDI banking informationfor vendors andemployees / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts: General Accounting / N/A
DescriptiveRoleName / RoleDescription / Restrictions / OtherRole
Considerations
PaymentProcessor
V_AP_COVA_PAYMENT_PROCESSOR / Thisrolehasaccessto:
•Viewpaycycle exceptions
•Cancel payments / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
SpecialPaymentProcessor
V_AP_COVA_SPEC_PYMNT_PROCESSOR / Thisrolehasaccessto:
•Use theExpress Paymentpageto process Emergency Checks / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
BankingConfigurator
V_AP_COVA_BANKING_CONFIGURATOR / Thisrolehasaccessto:
•SetupCommonwealth ofVirginiabankaccounts / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
PaycycleConfigurator
V_AP_PAYCYCLE_CONFIGURATOR / Thisrolehasaccessto:
•Updatecheckwrite datesonPay Cycle / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
Travel Expense Configurator
V_AP_TRAVEL_EXPENSE_CONFIG / This role has access to:
•Maintain Expense configuration such as locations, lodging rates, mileage rates, per diem, etc. / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts
DescriptiveRoleName / RoleDescription / Restrictions / OtherRole
Considerations
DOA Special Paycycle Processor
V_AP_DOA_SPEC_PAYCYLE_PROC / This role has access to:
•Run the special Paycycles for Petty Cash, Wire and Treasury Accounts Payable Business Units / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / Users assigned this role should also be assigned the V_R_DOA_SPC_PAY Row Level Security Permission List.
Statewide Pre Audit Approver
V_AP_PRE_AUDIT_APPROVER / Thisrolehasaccessto:
•Approve Capital Outlay transactions
•Approve Legal Services transactions / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
Voucher Spreadsheet Processor
V_AP_COVA_DOA_VCHR_SPD / Thisrolehasaccessto:
•Load vouchers into Cardinal using the Spreadsheet Upload / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / Should not be given to users who have the Voucher Spreadsheet Approver, Voucher Approver, or Final Voucher Approver roles.
Voucher Spreadsheet Approver
V_AP_COVA_DOA_SPD_APPR / Thisrolehasaccessto:
•Approve Spreadsheet Vouchers using the mass approval page / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / Should not be given to users who have the Final Voucher Approver, Voucher Spreadsheet Processor, Petty Cash Processor, Special Voucher Processor, or Workflow System Administrator roles. Users assigned this role should also be assigned the COVA Voucher Approver Role.
DescriptiveRoleName / RoleDescription / Restrictions / OtherRole
Considerations
PaymentCashTransaction
Override
V_COVA_PYMNT_CASH_TRANSOVRD / Thisrolehasaccessto:
•Recordspecific businessunit/fund combinationsfor cash checkingfundlevel processing rulesof bypass,overrideand fiscal yearoption
•Recordspecific vouchers,expense reports, and/orcash advancesoncash checkingtransaction overridepage / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
Oversight Viewer
V_OVERSIGHT_VIEWER / Thisrolehas view only accessto:
•Accounts Payable
•Expenses
•Vendors
•Payments / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts / N/A
StatewideJournalApprover
V_GL_STATE_JOURNAL_APPROVER / Thisrolehasaccessto:
•ApproveJournals
•Post journalsthrough batchprocessor online
•Reviewjournal lines
•Uploadimport file
•ExecuteSpreadsheet
Uploadprocess(batch process)
•ExecuteJournalEdit throughbatchprocess
•ExecuteJournalBudget
Check throughbatch process / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
DescriptiveRoleName / RoleDescription / Restrictions / OtherRole
Considerations
StatewideChartField
Administrator
V_GL_COVA_STATE_CF_ADMIN / Thisrolehasaccessto:
•Maintainall Chartof
Accountsvalues
•Maintain SpeedTypes/Speed Charts / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
GeneralLedgerTreeCombo
Maintenance
V_GL_COVA_TREE_COMBO_MAINT / Thisrolehasaccessto:
•Maintain treesin
Cardinal Financials
•MaintainCombination
Edits / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
• Department of Accounts:General Accounting / N/A
StatewideGeneral Ledger
SystemAdministrator
V_GL_COVA_STATE_SYSTEM_ADMIN / Thisrolehasaccessto:
•UpdateOpenPeriods
•MaintainTableSet
Controls
•MaintainBusinessUnits
•MaintainCalendars
•MaintainJournalSources
•MaintainLedger
Configuration
•MaintainChartField
ValueSets
•MaintainActuals
ClosingRules
•MaintainJournal
Generator templates
•MaintainAccounting
Entry Definitions
•RunChartField
Configurator
•ExecuteandValidateActualsCloseprocesses / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
DescriptiveRoleName / RoleDescription / Restrictions / OtherRole
Considerations
StatewideGeneral Ledger
SystemProcessor
V_GL_COVA_STATE_SYST_PROCESSOR / Thisrolehasaccessto:
•Unlockbudget processesandGL Journals / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
Statewide Budget Administrator
V_GL_COVA_STATE_BUDGET_ADMIN / Thisrolehasaccessto:
•Maintain budget periods
•Maintain budget structures
•Maintain budget closing rules
•Execute and validate Budget Close processes / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
Statewide Budget Processor
V_GL_COVA_ST_BUDGET_PROCESSOR / The Statewide Budget Processor is responsible for Central-level Budgets.
This role has access to:
•Enter and delete budget journals
•Enter budget transfers and adjustments
•Review and correct budget journal errors
•Upload spreadsheet budget journals / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
DescriptiveRoleName / RoleDescription / Restrictions / OtherRole
Considerations
Statewide Budget Approver
V_GL_COVA_ST_BUDGET_APPROVER / The Statewide Budget Approver is responsible for Central-level Budgets.
This role has access to:
•Post budget journals through online or batch process
•Delete budget journals through online or batch process
•Override budgets
•Post budget transfers and adjustments
•Upload using Spreadsheet Budget Journal upload
•Run the budget interface from Performance Budgeting / Thisrolemayonlybeselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / N/A
GL Revenue Reporter
V_GL_COVA_REVENUE_REPORTER / Thisrolehasaccessto:
•Run and receive the RGL304 General Fund/ Statement of Revenue Collections, Estimates & Transfers report / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting
•Department of Taxation / N/A
DOA Journal Bypass
V_GL_COVA_DOA_JRNL_BYPASS / Thisrolehasaccessto:
•Bypass the Cash Account balancing and Transfer Account balancing Journal Edits / Thisrolemayonly
beselectedby employeesofthe following agency/division(s):
•Department of Accounts:General Accounting / Thisrolehastobe assignedin
conjunctionwith the Journal Processor or Journal Approver or Statewide Journal Approver role.