Entries in KIM control user permissions to edit an accounting line on an enroute Financial Processing document, to blanket approve one of these transactions, and to perform many other activities in the KFS.
KIM also identifies responsibilities that generate workflow action requests in the KFS. When a Fiscal Officer approves a financial processing document or a Chart Manager approves a Chart of Accounts maintenance document, the user is acting on a request that has been generated by a responsibility specified in KIM.
In KIM, you do not assign permissions and responsibilities directly to individual users; instead, you associate users with roles, and you give each role an appropriate set of responsibilities and permissions. For example, the Fiscal Officer role includes permission to edit accounting lines on certain enroute documents. This role also includes responsibilities that generate requests for the specific actions fiscal officers must take on documents.
In the base KFS configuration, similar business functions are often grouped into a single role—for example, many tax functions are combined into the Tax Manager role. Your institution may choose to assign permissions and responsibilities differently or even create its own roles to fit its business processes.
In KIM, each user is identified on the KIM Person document. This document identifies the person by a Principal ID and assigns that person to any number of roles. Role assignments may be made via the Person document or the Role document. Some types of roles, called 'derived roles,' automatically determine their members from data in other KFS components. For example, because Fiscal Officer is an definition of the Account in the KFS, the Fiscal Officer role derives its assignees based on the data in the Account table. You do not need to assign users to derived roles such as this one.
More: