Row-level security /visma-net-erp/help/access-management/row-level-security section To give your organisation additional flexibility to the configuration of access rights for workspaces and windows, Visma Net provides restriction groups, which you can administer in the Row-level security workspace. 2026-02-19T17:09:06+01:00 # Row-level security To give your organisation additional flexibility to the configuration of access rights for workspaces and windows, Visma Net provides restriction groups, which you can administer in the Row-level security workspace. You can use restriction groups when users should have access to a window, but in this window they are allowed to see one set of entities and are not allowed to see another set of entities. In these topics you will read about ways of using restriction groups, types of restriction groups, operations that you can perform with the groups, and specific information about particular entities whose visibility you can control. About restriction groups in Visma.net ERP /visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp section Visma Net provides you with restriction groups, which are flexible tools for limiting the visibility and use of entities, such as General ledger accounts, items, and customer and supplier accounts. 2026-02-19T17:09:06+01:00 # About restriction groups in Visma.net ERP Visma Net provides you with restriction groups, which are flexible tools for limiting the visibility and use of entities, such as General ledger accounts, items, and customer and supplier accounts. In this topic, you can find information about situations where restriction groups are useful and types of entities that you can include in restriction groups. ## Restriction groups in Visma Net You can use restriction groups to do the following: + Control the visibility of sensitive data for employees of your organisation. + Relate entities to one another so that they are used only together in Visma Net windows (or so that they cannot be used together). In Visma Net, you can use specific windows to create restriction groups, view the entities included in a group, and manage the list of entities of a particular type in a restriction group. For details on the typical operations you can perform with restriction groups, see: About operations with restriction groups. ## Restriction groups with users To understand how restriction groups with users are used, consider a typical case with restriction groups that include users and general ledger accounts. ### Example Suppose that a role allows all its users to access all general ledger accounts, but for two groups of accounts, you want to provide visibility to only particular users. Restriction groups for general ledger accounts and users: ![Images_RestrictionGroups_Direct_Restriction (1)](/media/visma-net-erp/Images_RestrictionGroups_Direct_Restriction%20%281%29.png) The diagram above shows how restriction groups can address these security needs. + You define Group 1 as a restriction group that includes only appropriate accountants (User C and User D) and accounts (1, 2, and 3). + You create Group 2, which includes User Y and User Z, as well as the accounts they should work with (4, 5, and 6). ### Final visibility Among all users in the system: + Only User C and User D will see the first group of sensitive accounts (1, 2, and 3). + Only User Y and User Z will see the second group of sensitive accounts (4, 5, and 6). + Users who are not assigned to any restriction group will not see the accounts associated with either group. ## Combinations of restriction groups with users You can create restriction groups that include users in the following way: + **Users and general ledger accounts**: With these restriction groups, if your organisation has sensitive general ledger accounts, you can make these accounts visible to a limited number of employees. For details, see: [About account and subaccount security](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-account-and-subaccount-security/). + **Users and subaccounts**: As with groups that include users and general ledger accounts, you can limit the visibility of sensitive subaccounts to employees. For performance reasons, visibility restrictions by user for subaccounts do not affect analytical (ARM) and window-based reports or general inquiries. This means that users who can view the reports and general inquiries that include subaccounts will see the full list of subaccounts. + **Users and supplier accounts**: You can define these restriction groups to make particular suppliers visible in the system to only employees who work with these suppliers. For details, see: [About supplier security](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-supplier-security/). + **Users and customer accounts**: With these restriction groups, you can make particular customers visible to only employees who work with these customers. For details, see: [About customer security](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-customer-security/). + **Users and general ledger budget articles**: With these restriction groups, you can limit the visibility of sensitive budget articles so that only particular users can see and work with these articles. [About security of general ledger budget articles](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-security-of-general-ledger-budget-articles/). For more information, see: + **Users and warehouses**: You can create restriction groups to display a particular warehouse (or set of warehouses) for only employees who work with this warehouse (or this set of warehouses). For details, see: [About warehouse security](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-warehouse-security/). + **Users and items**: You can define these restriction groups to reduce the number of items in the lists with items, depending on the particular employee logged in to the system. [About item security](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-item-security/). For more information, see: + **Users and projects**: You can define these restriction groups to configure the visibility of particular projects only to a responsible project team. + **Branches, general ledger accounts, and users**: With these restriction groups, you can allow users to work with only branch-specific accounts. + **Branches, subaccounts, and users**: You can set up these restriction groups so that the system displays to users only the branch-specific subaccounts. [About account and subaccount security](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-account-and-subaccount-security/). ## Restriction groups without users If a restriction group does not include users, all users may view the entities that are members of the group (if their roles provide access to windows with these entities), but entities included in the group become related in a way that limits their use. ### Example Suppose that you create two groups with general ledger accounts and subaccounts as follows: + Group 1 includes Account 1, Subaccount K, Subaccount L, and Subaccount M. + Group 2 includes Account 2, Subaccount P, Subaccount Q, and Subaccount R. For simplicity, suppose that there are no other accounts and subaccounts in the system. ### Final visibility The result of these settings is the following: + A user that selects Account 1 on an entry form, will only be able to select Subaccount K, Subaccount L, or Subaccount M in a field with subaccounts. The subaccounts included in Group 2 will be hidden from the list. + A user that selects Account 2, will see Subaccount P, Subaccount Q, and Subaccount R in the field with subaccounts. The user will not see Subaccount K, Subaccount L, and Subaccount M. If you are using restriction groups to control the accounts and subaccounts that can be used together, you must create at least two groups and include all subaccounts in either of the groups. ## Combinations of restriction groups without users With the most common scenarios, you can create restriction groups that include the following system entities: + **Branches and cash accounts**: If there are multiple branches in your organisation, with these restriction groups, you can allow users in each branch to work with only branch-specific cash accounts. For details, see: [About security of cash accounts](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-security-of-cash-accounts/). + **General ledger accounts and subaccounts**: If you have subaccounts that employees must use only with particular general ledger accounts, by defining these restriction groups, you can set up lists of available subaccounts for each general ledger account. [About account and subaccount security](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-account-and-subaccount-security/). For more information, see:

Related pages

Tasks

Windows

 About types of restriction groups /visma-net-erp/help/access-management/row-level-security/about-types-of-restriction-groups section In this topic, you will find descriptions of the different types of restriction groups in Visma Net, the differences between these types, and usage examples. 2026-02-19T17:09:06+01:00 # About types of restriction groups In this topic, you will find descriptions of the different types of restriction groups in Visma Net, the differences between these types, and usage examples. ## Types of restriction groups Visma Net provides two basic types of restriction groups, A and B. Restriction groups of both types can limit the visibility of system entities in a direct way (types **A** and **B**) and an inverse way (types **A inverse** and **B inverse**). The differences between **A** and **B** and between **A inverse** and **B inverse** are in how these groups work if the same entity is added to multiple groups. ## Descriptions of Types of Restriction Groups The following table summarises the types of restriction groups and describes how the visibility of entities is affected if a particular entity belongs to multiple groups of the type. |Group type|Restriction|Description| |---|---|---| |**A**|Direct|Makes entities included in the group visible to users who are also included in the group. Other users cannot view these entities. When a particular entity belongs to multiple groups of type **A**, if you want a user to see this entity in the system, you add the user to at least one of these groups.| |**A inverse**|Inverse|Hides the entities included in the group from users who are also included in the group. Users who are not assigned to this group can view and use the entities. When a particular entity belongs to multiple groups of type **A inverse**, if you don't want a user to see this entity, you must include this user in each of these groups. If you include the user in only one of the groups, he or she will see the entity in the system.| |**B**|Direct|Makes entities included in the group visible to users who are also included in the group. Other users cannot view these entities. When a particular entity belongs to multiple groups of type **B**, if you want a user to see this entity in the system, you need to include this user in each of these groups.| |**B inverse**|Inverse|Hides the entities included in the group from users who are also included in the group. Users who are not assigned to this group can view and use the entities. When a particular entity belongs to multiple groups of type **B inverse**, if you don't want a user to see this entity in the system, you include the user in at least one of these groups.| ## Using group A or B direct You use groups of types **A** or **B** or groups with direct restriction when you need to make entities visible to users within the group. (For groups with only entities, the direct restriction group includes entities that must be used together.) The following diagram shows how groups with direct restriction work. In the diagram, you can see four users (for example, accountants) and six entities (for example, general ledger accounts). Initially, all users can see all accounts. + Group 1 is defined to include Users С and D and Accounts 1, 2, and 3. These accounts are visible to Users С and D and hidden from Users Y and Z. + Group 2 is defined to include Accounts 4, 5, and 6 and Users Y and Z. Users Y and Z can see Accounts 4, 5, and 6, and Users С and D cannot see these accounts. ![Images_RestrictionGroups_Direct_Restriction (1)](/media/visma-net-erp/Images_RestrictionGroups_Direct_Restriction%20%281%29.png) ## Using group A or B inverse You use groups of types **A inverse** or **B inverse** or groups with inverse restriction when you need to hide entities from a small number of users. (For groups without users, an inverse restriction group includes entities that may not be used together.) See the following diagram, which illustrates how groups with an inverse restriction work. + Group 1 is defined to include Users С and D and Accounts 1, 2, and 3. Accounts 1, 2, and 3 become invisible to Users С and D and remain visible to users Y and Z. + Group 2 is defined to include Accounts 4, 5, and 6 and Users Y and Z. This hides Accounts 4, 5, and 6 from Users Y and Z, but Users С and D still can see these accounts. The final visibility for groups with inverse restriction is the opposite of the final visibility for groups with direct restriction. ![Images_RestrictionGroups_Inverse_Restriction](/media/visma-net-erp/Images_RestrictionGroups_Inverse_Restriction.png) ## Recommendations for selecting the restriction group type As you decide which type of restriction group best meets your security needs, consider the following recommendations: + When you create multiple groups with entities of the same combination of types, use groups of the same basic type (either A or B). For example if you have two restriction groups that include users and customers. Otherwise, if you were to add the same entity to multiple groups of different types, the result may not be what you expect. + To configure the required visibility of entities, you can combine direct and inverse restriction groups of the same basic type (either A or B). For an example of this, please see **Usage example 2** in About types of restriction groups. Thus, you can combine groups of types **A** and **A inverse**, and groups of types **B** and **B inverse**. + If you want to hide particular entities from the majority of users, include the entities and the users who should see the entities in a group with direct restriction (type **A** or **B** ). + If you want to hide particular entities from a small number of users, add the entities and the users who shouldn't see the entities to a group with inverse restriction (type **A inverse** or **B inverse** ).

Related pages

Tasks

 About practical scenarios with Restriction groups /visma-net-erp/help/access-management/row-level-security/about-practical-scenarios-with-restriction-groups section In this topic, you will find practical situations where restriction groups can be used, each presenting a distinct problem, along with effective solutions. 2026-02-19T17:09:06+01:00 # About practical scenarios with Restriction groups In this topic, you will find practical situations where restriction groups can be used, each presenting a distinct problem, along with effective solutions. These examples explore the complexities of establishing user visibility in a business. The restriction groups in the examples contain users and entities, but the same principles apply to groups that contain only entities. ## Usage example 1 ### Problem statement Suppose that as a system administrator, you have to configure the visibility of accounts to the appropriate users considering the following: + There are four accountants in your organisation: User C, User D, User Y, and User Z. + User M is the accounting manager who controls work of the accounting department. + There are six accounts in the general ledger: Account 1, Account 2, Account 3, Account 4, Account 5, and Account 6. + Only users C and D are allowed to see Accounts 1, 2, and 3. + Only users Y and Z are allowed to see Accounts 4, 5, and 6. + User M is allowed to see all accounts. You can use either of two solutions (described below) to configure the visibility of accounts to users. #### Solution 1 You can create three restriction groups of type **A**: + Group 1: In this group, you include Accounts 1, 2, and 3 and Users C and D. + Group 2: In this group, you include Accounts 4, 5, and 6 and Users Y and Z. + Group 3: In this group, you include User M and all six accounts. #### Solution with type B If you were to use groups of type **B** instead of type **A**, all accounts would be hidden from the users included in Groups 1, 2, and 3. To make this approach work with groups of type **B**, you would need to include User M in Groups 1, 2, and 3. See **Final visibility (Group type B)** in the diagram below. ![Images_RestrictionGroups_Direct_Restriction_Intersecting_Entities](/media/visma-net-erp/Images_RestrictionGroups_Direct_Restriction_Intersecting_Entities.png) #### Solution 2 You can create two restriction groups of type **A** or **B**: + Group 1: In this group, you include Accounts 1, 2, and 3 and Users C and D. + Group 2: In this group, you include Accounts 4, 5, and 6 and Users Y and Z. + You include User M in both groups. ![Images_RestrictionGroups_Direct_Restriction_No_Intersecting_Entities](/media/visma-net-erp/Images_RestrictionGroups_Direct_Restriction_No_Intersecting_Entities.png) ## Usage example 2 ### Problem statement Suppose that as a system administrator, you have to configure the visibility of accounts to the appropriate users considering the following: + There are four accountants: User C, User D, User Y, and User Z. + There are six accounts in the general ledger: Account 1, Account 2, Account 3, Account 4, Account 5, and Account 6. + User Y works with only one sensitive account, Account 1. + User Y is not allowed to see Account 2, Account 3, Account 4, Account 5, and Account 6. + The other accountants work with all accounts except Account 1. + Only accountants have access to the Finance module. (Thus, there is no need to hide accounts from other system users.) #### Solution You can create two restriction groups, Group 1 of type **A** or **B**, and Group 2 of type **A inverse** or **B inverse**. |IF|THEN| |---|---| |you select type **A** for Group 1|you should select type **A inverse** for Group 2.| |you select type **B** for Group 1|you should select type **B inverse** for Group 2.| These groups are defined as follows: + Group 1: In this group, you include User Y and Account 1. (Other users will not see Account 1.) + Group 2: In this group, you include User Y and Accounts 2 to 6. (User Y will not see these accounts.) The following diagram illustrates the proposed solution. ![Images_RestrictionGroups_Combined_Direct_and_Inverse_Restriction](/media/visma-net-erp/Images_RestrictionGroups_Combined_Direct_and_Inverse_Restriction.png) ## Usage example 3 ### Problem statement Suppose that as a system administrator, you have to configure the visibility of accounts to the appropriate users considering the following: + There are four accountants in your organisation: User C, User D, User Y, and User Z. + There are six accounts in the general ledger of your organisation: Account 1, Account 2, Account 3, Account 4, Account 5, and Account 6. + Users С and D should work with all six accounts. + User Y should work with Accounts 1, 2, and 3 but is not allowed to see Accounts 4, 5, and 6. + User Z is a junior accountant, so this user is not allowed to see the accounts. You can use either of two solutions (described below) to configure the visibility of accounts to users. #### Solution 1 You can create two groups of type **B inverse** —Group 1 and Group 2 (see **Final visibility (Group type B inverse)** ): + Group 1: In this group, you include User Y and Accounts 4, 5, and 6. + Group 2: In this group, you add User Z and Accounts 1, 2, 3, 4, 5, and 6. #### Solution with type A inverse If you were to use groups of type **A inverse** instead of **B inverse** in this example, Accounts 4, 5, and 6 would be visible to all users because they are added in two restriction groups (see **Final visibility (Group type A inverse** ) in the following diagram). ![Images_RestrictionGroups_Direct_Restriction_Intersecting_Entities](/media/visma-net-erp/Images_RestrictionGroups_Direct_Restriction_Intersecting_Entities.png) #### Solution 2 You can create two groups of the **A inverse** or **B inverse**: + Group 1: In this group, you include User Z and Accounts 1, 2, and 3. + Group 2: In this group, you include Users Y and Z and Accounts 4, 5, and 6. The following diagram illustrates Solution 2. ![Images_RestrictionGroups_Inverse_Restriction_No_Intersecting_Entities](/media/visma-net-erp/Images_RestrictionGroups_Inverse_Restriction_No_Intersecting_Entities.png) Manage visibility with restriction groups /visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups section In Visma Net, you can use restriction groups in addition to role-based access rights to configure the security of information within the system. 2026-02-19T17:09:06+01:00 # Manage visibility with restriction groups In Visma Net, you can use restriction groups in addition to role-based access rights to configure the security of information within the system. In Visma Net, you can use restriction groups in addition to role-based access rights to configure the security of information within the system. In these topics you will read about different ways of using restriction groups and specific information about particular entities whose visibility you can control. About account and subaccount security /visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-account-and-subaccount-security page In Visma Net, you can control which users will use particular general ledger accounts and subaccounts. 2026-02-19T17:09:06+01:00 # About account and subaccount security In Visma Net, you can control which users will use particular general ledger accounts and subaccounts. To configure the security of general ledger accounts and subaccounts, you can use a combination of user roles and restriction groups. By using user roles, you can configure the access of users to branches and to all branch-specific accounts and subaccounts. With restriction groups, you can set up the visibility of particular accounts and subaccounts within branches and for certain users, and you can limit the use of subaccounts with particular accounts. ## Most common scenarios with accounts and subaccounts In this topic, you will read about using restriction groups and branch-specific roles to configure and manage the security of accounts and subaccounts. The sections below describe in detail the most common scenarios of managing the security of accounts and subaccounts. These are: + Managing the visibility by branch + Managing the visibility by user + Managing the visibility of subaccounts by account + Adding the needed objects to one restriction group to control visibility by multiple factors ## Managing the visibility by branch When your organisation consists of multiple branches (and you have created multiple branches in Visma Net ), you can configure the system so that it narrows the lists of accounts and subaccounts by branch on data entry forms. You can configure and use the restriction groups that include branches only if the **Multi-branch support** functionality is enabled in the [Enable/disable functionalities (CS100000)](/visma-net-erp/help/common-settings/enable-or-disable-functionalites/enable-disable-functionalities-cs100000/) window. ### SCENARIO Suppose that your organisation has two branches, the Headquarters office ( **HQ** in the system) and the Regional sales office ( **RS** ). The accounting department processes documents for both branches. The following table explains how to configure the visibility restrictions of accounts and subaccounts by branch.
STEP ACTION
1 Configure user roles for each branch (for example, Branch HQ and Branch RS ).
2

Assign both roles to the user accounts of the accountants.

Result: The accountants will see information for both branches in Visma Net.
3

In the General ledger accounts by branch access (GL103040) window:

  • create two restriction groups of type A with direct restriction: the HQ Accounts group for the Headquarters office and the RS Accounts group for the Regional sales office.
  • In the HQ Accounts group, include the Headquarters branch ( HQ ) and the accounts that should be visible within the HQ branch.
  • In the RS Accounts group, include the Regional sales branch ( RS ) and the accounts specific to the RS branch.
4

In the Subaccounts by branch access (GL103060) window:

  • create two restriction groups of type A with direct restriction: the HQ subaccounts group for the Headquarters office and the RS subaccounts group for the Regional sales office.
  • In the HQ subaccounts group, include the HQ branch and the subaccounts that should be visible within this branch.
  • In the RS subaccounts group, include the RS branch and the subaccounts specific to this branch.
5 Result: The system will narrow the lists of accounts or the list of subaccounts in data entry windows after a user selects a branch.
### Resulting visibility Suppose that an accountant is adding an invoice in the [Purchase invoices (AP301000)](/visma-net-erp/help/supplier-ledger/supplier-ledger-windows/purchase-invoices-ap301000/) window and selects the **HQ** branch in the **Branch** column of the **Document details** tab. The accountant will only see accounts added to the **HQ accounts** restriction group. ## Managing the visibility by user If your organisation has sensitive general ledger accounts and subaccounts, you can provide the visibility of these objects to only a limited set of users. For performance reasons, visibility restrictions by user for subaccounts do not affect analytical (ARM) and window-based reports or general inquiries. This means that users who can view the reports and general inquiries that include subaccounts will see the full list of subaccounts. ### SCENARIO 1 Suppose that only a chief accountant of your organisation can work with the tax payable account. The following table explains how to make this account visible only to the chief accountant.
STEP ACTION
1 Go to the General ledger account access (GL104000) window.
2 Create a restriction group (for example, Access to VAT payable account ) with direct restriction.
3 Add the user account of the chief accountant to the group.
4 Add the tax account to the group.
### SCENARIO 2 Suppose that the subaccount for the financial department can be used only by accountants (and not by other users). The following table explains how to make this subaccount visible only to accountants. |STEP|ACTION| |---|---| |1|Go to the [General ledger account access (GL104000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-account-access-gl104000/) window.| |2|Create a restriction group (for example, **Access to financial subaccount** ) with direct restriction.| |3|Add the user accounts of the accountants to the group.| |4|Add the subaccount for the financial department to the group.| ## Managing the visibility of subaccounts by account You can specify which subaccounts can be used with only a particular account in windows in Visma Net. This means that only the specified subaccounts will appear for selection if that account is selected. This limitation will help users to avoid errors when they select accounts and subaccounts in windows. If you are using restriction groups to control the accounts and subaccounts that can be used together, you must create at least two groups and include all subaccounts in either of the groups. ### SCENARIO Suppose that you need to restrict visibility of subaccounts for only one account. The following table explains how to solve this task. |STEP|ACTION| |---|---| |1|Create two restriction groups.| |2|In the first group with **direct** restriction, include a general ledger account and the list of subaccounts that should be related to this account.| |3|In the second group with **inverse** restriction, include the same account and subaccounts that should not be displayed after users select this account.| |4|**Result**: When users select the account in a window, they will see only one of the subaccounts included in the first group.| ### PRACTICAL EXAMPLE Suppose that the ELE-000 subaccount, which is used for electronics and computers, should be visible only after a user has selected the 12100 warehouse account, and the NSS-000 subaccount should be related to the 12200 warehouse account. The following table explains how to restrict the visibility of the subaccounts by account in this particular case. |STEP|ACTION| |---|---| |1|Go to the [General ledger account access (GL104000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-account-access-gl104000/) window.| |2|Create the restriction group Stock item subaccounts and include the **12100** warehouse account and the **ELE-000** subaccount.| |3|Create the restriction group Non-stock item subaccounts and include the **12200** warehouse account and the **NSS-000** subaccount.| ## Visibility of accounts, subaccounts, and users If you need to limit the users who use sensitive accounts, and only particular subaccounts must be used with these sensitive accounts, you can configure restriction groups to address this task. To implement this functionality, you need to add users, accounts, and subaccounts (or subaccount segments) to the same group. ### SCENARIO Suppose that the ELE-000 (electronics and computers) and FUR-000 (furniture) subaccounts should be visible only if a user has selected the 12100 warehouse account, and that only the warehouse workers User Y and User Z should work with these accounts and subaccounts. The following table explains how to restrict the visibility in this case.
STEP ACTION
1 Go to the General ledger account access (GL104000) window.
2 Create a restriction group, for example Restriction of warehouse accounts.
3 Add the 12100 warehouse account to the group.
4 Add the ELE-000 and FUR-000 subaccounts to the group.
5 Add User Y and User Z to the group.
6 Result: User Y and User Z will only be able to select subaccounts ELE-000 and FUR-000 in combination with warehouse account 12100 when processing a document.
## Subaccount segment values If the **By segment: all avail. segment values** lookup mode is selected in the [Segment keys (CS202000)](/visma-net-erp/help/common-settings/common-settings-windows/segment-keys-cs202000/) window for the **SUBACCOUNT** segmented key (that is, if the users of your Visma Net instance enter subaccounts by segments in windows), you manage the security of subaccount segments instead of entire subaccounts. In this case, you need to add all subaccount segments, that form a subaccount whose visibility should be restricted, to a restriction group. ## Cash account security Cash accounts are one type of sensitive accounts that you may need to secure in the system. The ways of managing the security of cash accounts differ from the ways of managing the security of general ledger accounts. For more information, see: [About the security of cash accounts](/visma-net-erp/help/cash-management/configure-cash-accounts/about-the-security-of-cash-accounts/). ## Windows for account and subaccount security In the following table, you can find the list of windows that you can use to manage restriction groups with accounts, subaccounts, and subaccount segments, and tasks that you can resolve by using each window. |Task|Window| |---|---| |To initially configure the visibility of accounts and subaccounts (or subaccount segments) to users.|[General ledger account access (GL104000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-account-access-gl104000/)| |To initially configure the visibility of accounts by branches.|[General ledger accounts by branch access (GL103040)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-accounts-by-branch-access-gl103040/)| |To initially configure the visibility of subaccounts (or subaccount segments) by branches.|[Subaccounts by branch access (GL103060)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/subaccounts-by-branch-access-gl103060/)| |To change the visibility of an account in multiple restriction groups.|[Restriction groups by general ledger account (GL104020)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-general-ledger-account-gl104020/)| |To change the visibility of a subaccount in multiple restriction groups.|[Restriction groups by subaccount (GL104030)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-subaccount-gl104030/)| |To change the visibility of a subaccount segment in multiple restriction groups.|[Restriction groups by sub segment (GL104040)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-sub-segment-gl104040/)| |To change the visibility of system objects by a user in multiple restriction groups.|[Restriction groups by user (SM201035)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-user-sm201035/)| |To change the visibility of system objects by a branch in multiple restriction groups.|[Restriction groups by branch (GL103020)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-branch-gl103020/)| For information about how to add or remove objects from a restriction group, see: [About operations with restriction groups](/visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups/).

Related pages

Concepts

 About security of cash accounts /visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-security-of-cash-accounts page Cash is a company's most liquid asset, which is why an organisation must have adequate controls to secure it. 2026-02-19T17:09:06+01:00 # About security of cash accounts Cash is a company's most liquid asset, which is why an organisation must have adequate controls to secure it. In Visma Net, you can control which users can view which particular cash accounts. In this topic the following scenarios of managing the security of cash accounts are described: + Managing the visibility by branch. + Managing the visibility by user. ## Multiple branches vs. single branch organisations If your organisation consists of multiple branches, you can allow users in each branch to work with only branch-specific cash accounts. You can only configure multiple branches if the **Multi-branch support** functionality is enabled in the [Enable/disable functionalities (CS100000)](/visma-net-erp/help/common-settings/enable-or-disable-functionalites/enable-disable-functionalities-cs100000/) window. If the **Multi-branch support** functionality is disabled, all cash accounts belong to a single branch and are visible to all users who are allowed to view the accounts, based on their membership in restriction groups. ## Visibility of cash accounts by branch The visibility of a cash account can be restricted based on the branch the account belongs to. Consider a user who is allowed to view multiple branches due to this user's assigned branch roles. On the data entry forms, this user can view the cash accounts of all the branches this user is allowed to view, based on the branch selected in the **Branch** field of the data entry form. This field is filled by default with the branch to which the user is currently signed in. The following steps describe how to restrict the visibility of a cash account by the branch.
STEP ACTION
1 Go to the Enable/disable functionalities (CS100000) window.
2

Enable the Inter-branch transactions functionality, which gives you the ability to configure the automatic generation of inter-branch transactions for each document that involves multiple branches.

Result: The Restrict visibility with branch check box appears in the Cash accounts (CA202000) window.
3 Go to the Cash accounts (CA202000) window.
4 Select a cash account.
5 Select the Restrict visibility with branch check box.
6 Save your changes.
Repeat steps 4-6 for each cash account whose visibility you want to control. ### Resulting visibility The table below explains how cash account access varies based on the selection of the checkbox **Restrict visibility with branch** in the [Cash accounts (CA202000)](/visma-net-erp/help/cash-management/cash-management-windows/cash-accounts-ca202000/) window. |SCENARIO|VISIBILITY OF CASH ACCOUNT| |---|---| |Check box selected for a cash account|Visible to users selecting the specified branch in the "Branch" field on data entry forms.| |Check box cleared for a cash account|Visible regardless of the selected branch.| |When the Branch field is absent on a data entry form|Visibility determined by the user's currently signed-in branch.| ## Restricting access with user roles If you want, you can restrict access to cash accounts by using branch roles in the same way as for general ledger accounts. For more information, see [About account and subaccount security](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-account-and-subaccount-security/). ## Visibility of cash accounts by user You can control the visibility of a specific cash account to users with the help of restriction groups. Suppose that there is only one accountant in your organisation and only this person should work with a cash account in the system. The following steps describe how to restrict the visibility of the cash account by user. |STEP|ACTION| |---|---| |1|Go to the [General ledger account access (GL104000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-account-access-gl104000/) window.| |2|Create a restriction group with direct restriction, for example **Access to cash account**.| |3|Add the user account of the accountant to the group.| |4|Add the general ledger account the cash account is linked to.| ### RECOMMENDATION We recommend that you carefully design and configure restriction groups containing accounts, so that a user can view the accounts he or she needs for work. Otherwise, a user may encounter problems with processing transactions of the linked cash accounts. ## Windows for security of cash accounts In the following table, you can find the list of the windows that you can use to manage restriction groups with cash accounts and the tasks that you can solve by using each window. |Task|Window| |---|---| |To initially configure the visibility of a general ledger account to which a cash account is linked to users.|[General ledger account access (GL104000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-account-access-gl104000/)| |To change the visibility of a general ledger account a cash account is linked to.|[Restriction groups by general ledger account (GL104020)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-general-ledger-account-gl104020/)| |To change the visibility of a general ledger account to which a cash account is linked by a user in multiple restriction groups.|[Restriction groups by user (SM201035)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-user-sm201035/)| |To change the visibility of a general ledger account to which a cash account is linked by a branch in multiple restriction groups.|[Restriction groups by branch (GL103020)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-branch-gl103020/)| For information about how to add or remove objects from a restriction group, see: [About operations with restriction groups](/visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups/).

Related pages

Concepts

 About security of general ledger budget articles /visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-security-of-general-ledger-budget-articles page In Visma Net, organisations implement general access restrictions by assigning roles to users of the system. 2026-02-19T17:09:06+01:00 # About security of general ledger budget articles In Visma Net, organisations implement general access restrictions by assigning roles to users of the system. In this topic, you will read about configuring restriction groups for managing the security of sensitive general ledger budget articles. ## Restricting view with roles vs. restriction groups If a role allows a user to view or edit General ledger budget articles, the user can view all the articles, including those that might be sensitive. By using restriction groups, you can limit the visibility of sensitive budget articles so that only particular users can see and work with these articles. ## Managing the visibility of general ledger budget articles by user You can configure restriction groups that will limit the visibility of General ledger budget articles (leaf articles or nodes at any level) for users. As a result, the users not included in the group will not be able to see the budget articles (and these articles' subarticles, if there are any). Suppose that the **Wages** budget article should be available to only the chief financial officer of your organisation. The following table describes how to configure the visibility of this budget article in the [General ledger budget access (GL105030)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/budget-access-gl105030/) window. |STEP|ACTION| |---|---| |1|Create a restriction group (for example, **Group for wages budget article** ) with direct restriction.| |2|Add the user account of the chief financial officer to the group.| |3|Add the **Wages** budget article to the group.| For more details about restriction groups, see: [About restriction groups in Visma.net ERP](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## Windows for security of general ledger budget articles In the following table, you can find the list of windows that you can use to manage restriction groups with general ledger budget articles and tasks that you can resolve by using each window. |Task|Window| |---|---| |To initially configure the visibility of a general ledger budget article to users|[General ledger budget access (GL105030)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/budget-access-gl105030/)| |To change the visibility of a general ledger budget article in multiple restriction groups|[Restriction groups by budget article (GL105020)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-budget-article-gl105020/)| |To change the visibility of a general ledger budget article by user in multiple restriction groups|[Restriction groups by user (SM201035)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-user-sm201035/)| For information about how to add or remove objects from a restriction group, see: [About operations with restriction groups](/visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups/). About warehouse security /visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-warehouse-security page An organisation can have multiple warehouses in Visma Net, and different groups of employees can work with these warehouses in the system. 2026-02-19T17:09:06+01:00 # About warehouse security An organisation can have multiple warehouses in Visma Net, and different groups of employees can work with these warehouses in the system. An organisation can have multiple warehouses in Visma Net, and different groups of employees can work with these warehouses in the system. In this topic, you can find information about configuring the security of warehouses in Visma Net. ## Managing multiple warehouses You can create and manage multiple warehouses in Visma Net only if the **Multiple warehouses** functionality is enabled in the [Enable/disable functionalities (CS100000)](/visma-net-erp/help/common-settings/enable-or-disable-functionalites/enable-disable-functionalities-cs100000/) window. ## Restricting access to warehouses To limit the set of employees who work with a particular warehouse, you can create restriction groups to display a warehouse only for employees who are responsible for tasks that involve this warehouse. If the employees who work with the same warehouse perform only specific tasks (such as accepting goods and creating purchase orders), you can provide access to only those windows that these employees should use. The most common scenarios of managing the security of warehouses are the following: + Managing access to windows based on functional role + Managing the visibility of particular warehouses by user ## Access to windows based on roles By using the User security windows, you can use user roles in Visma Net to give employees access to windows related to working with warehouses. A role can correspond to an area of responsibility for an employee who performs warehouse-related tasks, such as creating purchase orders, accepting goods, and preparing replenishment. If needed, you can assign multiple roles to an employee. For more information about user roles, see: [About role-based access](/visma-net-erp/help/access-management/user-security/about-role-based-access/). ### Examples of roles Consider the following examples of roles for employees who work with the Inventory module. Through the [Access rights by role (SM201025)](/visma-net-erp/help/access-management/user-security/user-security-windows/access-rights-by-role-sm201025/) window, you can administer the access you want for each of these roles. Supervisor : A role for an employee who configures the Inventory workspace and manages work with the workspace. Through the above mentioned window, this role should have access to the windows in the **Manage** and **Explore** nodes of the **Work area** tab, and to the **Configuration** tab of the Inventory workspace. Data entry clerk : A role for an employee who creates documents on data entry forms. Through the above mentioned window, you should provide access to windows in the **Enter** node of the **Work area** tab of the Inventory workspace for this role. Purchasing manager : A role for an employee who is responsible for replenishment. For this role, you should provide access to the **Replenishment** node of the **Processes** tab of the Inventory workspace, through the above mentioned window. ## Visibility of warehouses by user By default, all employees who have access to windows of the Inventory module can see all warehouses created in the system. ### Configuring restriction groups By using the windows of the Row-level security workspace, you can configure the system so that each warehouse is displayed only to users who work with this warehouse. You can use restriction groups to set up visibility of warehouses to employees. For details on restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ### Practical example Suppose that your system has the **Wholesale** and **Retail** warehouses defined, and you need to configure visibility of these warehouses to users as follows: + User S is a supervisor and should configure and manage both warehouses. + User C1 is a clerk who enters documents for the **Wholesale** warehouse. + User C2 is a clerk who enters documents for the **Retail** warehouse. The following table describes how to configure visibility of warehouses according to this example.
STEP ACTION
1 Go to the Warehouse access (IN102000) window.
2

Create two restriction groups of type A (with direct restriction):

Group 1
for the Wholesale warehouse, and
Group 2
for the Retail warehouse.
3 In Group 1, include User S, User C1, and the Wholesale warehouse.
4 In Group 2, include User S, User C2, and the Retail warehouse.
### Final visibility The resulting visibility of warehouses will be the following: + User S can see both the **Wholesale** and **Retail** warehouses. + User C1 can see only the **Wholesale** warehouse. + User C2 can see only the **Retail** warehouse. ## Windows for warehouse security In the following table, you can find the list of windows that you can use to manage restriction groups with warehouses and tasks that you can solve by using each window. |Tasks|Window| |---|---| |To initially configure the visibility of a warehouse to users|[Warehouse access (IN102000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/warehouse-access-in102000/)| |To change the visibility of a warehouse in multiple restriction groups|[Restriction groups by warehouse (IN102010)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-warehouse-in102010/)| |To change the visibility of warehouses to a user in multiple restriction groups|[Restriction groups by user (SM201035)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-user-sm201035/)| For information about how to add or remove objects from a restriction group, see: [About operations with restriction groups](/visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups/). ## Restricting visibility of stock items In addition to managing the visibility of warehouses in whole, you can restrict the visibility of particular stock items. For details, see: [About item security](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-item-security/). About item security /visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-item-security page An organisation that distributes goods may have many items in stock. 2026-02-19T17:09:06+01:00 # About item security An organisation that distributes goods may have many items in stock. An organisation that distributes goods may have many items in stock. In this case, users who work with items in the system may have specific tasks and work with only particular item classes. When users create a sales order, they need to enter an item ID for each product. You can define restriction groups to decrease the lists of items a particular user sees. In this topic, you will read about managing the visibility of items to users in the system. ## Visibility of items to users The list of items from which employees should select an item for the product can be very long, which increases the probability of an entry error. By using restriction groups, you can reduce the list of items that users see on windows. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ### Example Suppose that your organisation sells furniture. Each sales manager works with furniture for a particular room, such as kitchen, living room, and bedroom. When managers create a sales order, they should select items only from the list of furniture they sell to avoid entry mistakes. Suppose that: + User K sells kitchen furniture, + User L sells living room furniture, and + User M sells bedroom furniture. The following table describes how to restrict the visibility of items to appropriate users in the system. |STEP|ACTION| |---|---| |1|Go to the [Item access (IN103000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/item-access-in103000/) window.| |2|Create restriction groups K, L and M with direct restriction.| |3|In group K, include User K and all item IDs for kitchen furniture items.| |4|In group L, add User L and all item IDs for items of the living room furniture.| |5|In group M, include User M and all item IDs for the bedroom furniture items.| ### Final visibility As a result, the visibility of the items in sales orders will be restricted in the system as follows: + User K can view and select only items for the kitchen furniture. + User L can work with only items for the living room furniture. + User M can see and select only items for the bedroom furniture. + All other users cannot see the items added to the three restriction groups in the system. ## Types of restriction groups In Visma Net, you can configure groups with direct and inverse restriction. In this topic, groups with direct restriction are used in examples for simplicity. You can use inverse restriction groups in the same way as you use direct restriction groups. For details on the types of restriction groups, see: [About types of restriction groups](/visma-net-erp/help/access-management/row-level-security/about-types-of-restriction-groups/). ## Windows for item security In the following table, you can find the list of the windows that you can use to manage restriction groups with items and the tasks that you can solve by using each window. |Task|Window| |---|---| |To initially configure the visibility of an item to users|[Item access (IN103000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/item-access-in103000/)| |To change the visibility of an item in multiple restriction groups|[Restriction groups by item (IN103020)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-item-in103020/)| |To change the visibility of items to a user in multiple restriction groups|[Restriction groups by user (SM201035)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-user-sm201035/)| For information about how to add or remove objects from a restriction group, see: [About operations with restriction groups](/visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups/). About security of organisation branches /visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-security-of-organisation-branches page If your organisation has multiple branches defined in Visma Net, you may need to control which employees get access to which branches. 2026-02-19T17:09:06+01:00 # About security of organisation branches If your organisation has multiple branches defined in Visma Net, you may need to control which employees get access to which branches. In this topic, you will read about ways to manage the security of a branch. ## Managing multiple branches You can create and maintain multiple branches in your Visma Net instance only if the **Multi-branch support** functionality is enabled in the [Enable/disable functionalities (CS100000)](/visma-net-erp/help/common-settings/enable-or-disable-functionalites/enable-disable-functionalities-cs100000/) window (for details, see: [About multi-branch support](/visma-net-erp/help/organisation-structure/about-multi-branch-support/) ). ## Restricting access to branches Because branches share some data, you may also need to control access to the shared data. Visma Net provides user access roles, which you can use to control users' access to branches, and restriction groups to limit the visibility of shared data. The most common scenarios of managing the security of company branches are the following: + Managing user access to branches + Managing the visibility of data shared between branches ## User access to branches The following table explains how to provide access to branches for users who will work in the system. |STEP|ACTION| |---|---| |1|Go to the [User roles (SM201005)](/visma-net-erp/help/access-management/user-security/user-security-windows/user-roles-sm201005/) window.| |2|Create branch-specific user roles (one role per branch).| |3|Assign these roles to user accounts. For details on user roles, see: About role-based access.| |4|Go to the [Branches (CS102000)](/visma-net-erp/help/organisation-structure/organisation-structure-windows/branches-cs102000/) window.| |5|Assign the roles to branches. That is, for each branch, in the Access role field, you select the user role created for this branch.| ### After assigning the first role Once a role is assigned to one of the branches, other branches must also have roles assigned. A branch with no role assigned will be inaccessible to any user. To allow a user to access multiple branches, assign the roles for the branches to which the user should have access. ### Access to branch data in windows If a user, based on his or her role, has access to a data entry form where this user enters a document and specifies the branch of origin, only the branches to which the user has access are available on the drop-down list. The users who have access to multiple branches can select the specific branch from the **Branches** menu in the window's title toolbar and create documents on behalf of the selected branch. ## Full branch access No matter which branch users have access to, users who have access to the following windows, based on their roles, will see and work with all branches (because users configure system objects by using these windows): + [Inter-branch account mapping - reference information](/visma-net-erp/help/general-ledger/general-ledger-windows/inter-branch-account-mapping-gl101010/) + [Branches (CS102000)](/visma-net-erp/help/organisation-structure/organisation-structure-windows/branches-cs102000/) + [Buildings (CS205010)](/visma-net-erp/help/organisation-structure/organisation-structure-windows/buildings-cs205010/) + [Company tree (EP204060)](/visma-net-erp/help/organisation-structure/organisation-structure-windows/company-tree-ep204060/) + [Restriction groups by branch (GL103020)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-branch-gl103020/) + [General ledger accounts by branch access (GL103040)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-accounts-by-branch-access-gl103040/) + [Subaccounts by branch access (GL103060)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/subaccounts-by-branch-access-gl103060/) ## Visibility of data within a branch Branches have some data shared between branches and some data kept as branch-specific (for details, see: [About multi-branch support](/visma-net-erp/help/organisation-structure/about-multi-branch-support/)). You may need to restrict the visibility of data that is shared but may contain sensitive information, such as general ledger accounts and subaccounts. Visma Net provides restriction groups so you can control which accounts and subaccounts are used with which branch. For details on configuring restriction groups for accounts and subaccounts, see: [About account and subaccount security](/visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-account-and-subaccount-security/). ## Windows for branch security In the following table, you can find the list of the windows that you can use to manage restriction groups with branches and the tasks that you can resolve by using each window. |Task|Window| |---|---| |To initially configure the visibility of accounts by branches|[General ledger accounts by branch access (GL103040)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-accounts-by-branch-access-gl103040/)| |To initially configure the visibility of subaccounts (or subaccount segments) by branches|[Subaccounts by branch access (GL103060)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/subaccounts-by-branch-access-gl103060/)| |To change the visibility of system objects by a branch in multiple groups|[Restriction groups by branch (GL103020)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-branch-gl103020/)| ## Types of restriction groups In Visma Net, you can configure groups with direct and inverse restriction. In this topic, groups with direct restriction are used in examples for simplicity. You can use inverse restriction groups in the same way as you use direct restriction groups. For details on the types of restriction groups, see: [About types of restriction groups](/visma-net-erp/help/access-management/row-level-security/about-types-of-restriction-groups/). For information about how to add or remove objects from a restriction group, see: [About operations with restriction groups](/visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups/). About customer security /visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-customer-security page If your organisation sells goods and provides services to customers, you may have a great deal of customer-related information stored in Visma Net. 2026-02-19T17:09:06+01:00 # About customer security If your organisation sells goods and provides services to customers, you may have a great deal of customer-related information stored in Visma Net. When the employees of your organisation create documents for customers, they have to select the required customer from the full list of customers. If certain employees work with only very important customers, and other employees are not allowed to see these customers in the system for security reasons, you can create restriction groups to manage the visibility of your customers to users of Visma Net, as described in this topic. ## Visibility of customers by user By using restriction groups, you can show or hide particular customers on Visma Net windows, depending on the user who is logged in to the system. For instance, if some customers are very important to your organisation, dedicated employees might be assigned to process documents that contain information about these customers in the system. ### Example Suppose that your organisation provides cleaning services and Megabank is a very important customer of your organisation. Manager M is responsible for all operations in the systems related to Megabank, and other managers should not see Megabank in any windows of the system. The following table explains the steps to configure the visibility of this customer in the system. |STEP|ACTION| |---|---| |1|Go to the [Customer access (AR102000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/customer-access-ar102000/) window.| |2|Create a restriction group (for example, Group for Megabank) with direct restriction.| |3|Add the user account of the Manager M to the group.| |4|Add the Megabank customer to the group.| ## Default restriction groups If you use customer classes and want to include each new customer of a particular class in a restriction group automatically, you can specify a default restriction group for this class, as described in [About operations with restriction groups](/visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups/). ## Windows for customer security In the following table, you can find the list of the windows that you can use to manage restriction groups with customers and the tasks that you can resolve by using each window. |Task|Window| |---|---| |To initially configure the visibility of a customer to users|[Customer access](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/customer-access-ar102000/)| |To change the visibility of a customer in multiple restriction groups|[Restriction groups by customer (AR102010)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-customer-ar102010/)| |To change the visibility of customers to a user in multiple restriction groups|[Restriction groups by user](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-user-sm201035/)| For information about how to add or remove objects from a restriction group, see: [About operations with restriction groups](/visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups/). ## Types of restriction groups In Visma Net, you can configure groups with direct and inverse restriction. In this topic, groups with direct restriction are used in examples for simplicity. You can use inverse restriction groups in the same way as you use direct restriction groups. For details on the types of restriction groups, see: [About types of restriction groups](/visma-net-erp/help/access-management/row-level-security/about-types-of-restriction-groups/). About supplier security /visma-net-erp/help/access-management/row-level-security/manage-visibility-with-restriction-groups/about-supplier-security page If your organisation buys goods and services from external organisations, your accountants manage suppliers' information and process documents. 2026-02-19T17:09:06+01:00 # About supplier security If your organisation buys goods and services from external organisations, your accountants manage suppliers' information and process documents. If your organisation works with more than 10 suppliers, accountants may work with particular suppliers only. In this case, the accountants who do not work with these suppliers should not see them in the system for security reasons and to avoid entry errors. You can use restriction groups to configure and manage the visibility of suppliers to users in the system, as described in this topic. ## Visibility of suppliers by user By using restriction groups you can configure and manage the visibility of suppliers to users in the system. This way you can make suppliers visible only to accountants who work with these suppliers in the system. If each accountant in your organisation works with specific suppliers, you can hide these suppliers from other users. For details about restriction groups, see: [About restriction groups in Visma.net ERP](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ### Example Suppose that ABComputers is your supplier of computers and office equipment, and only the senior accountant is allowed to process documents from this supplier. The following table explains the steps to configure the visibility of this supplier. |STEP|ACTION| |---|---| |1|Go to the the [Supplier access (AP102000)](/visma-net-erp/help/supplier-ledger/supplier-ledger-windows/supplier-access-ap102000/) window.| |2|Create a restriction group with direct restriction (for example: Group for ABComputers).| |3|Add the user account of the senior accountant to the group.| |4|Add the ABComputers supplier to the group.| ## Default restriction groups If you have configured supplier classes, you can specify a default restriction group for a supplier class. With this setting, all new suppliers of the class will be automatically added to the restriction group. For details, see: Setting up default restriction groups for supplier and customer classes in [About operations with restriction groups](/visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups/). ## Windows for supplier security In the following table, you can find the list of the windows that you can use to manage restriction groups with suppliers and the tasks that you can resolve by using each window. |Task|Window| |---|---| |To initially configure the visibility of a supplier to users|[Supplier access (AP102000)](/visma-net-erp/help/supplier-ledger/supplier-ledger-windows/supplier-access-ap102000/)| |To change the visibility of a supplier in multiple restriction groups|[Restriction groups by supplier (AP102010)](/visma-net-erp/help/supplier-ledger/supplier-ledger-windows/restriction-groups-by-supplier-ap102010/)| |To change the visibility of suppliers to a user in multiple restriction groups|[Restriction groups by user (SM201035)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-user-sm201035/)| For information about how to add or remove objects from a restriction group, see: [About operations with restriction groups](/visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups/). ## Types of restriction groups In Visma Net, you can configure groups with direct and inverse restriction. In this topic, groups with direct restriction are used in examples for simplicity. You can use inverse restriction groups in the same way as you use direct restriction groups. For details on the types of restriction groups, see: [About types of restriction groups](/visma-net-erp/help/access-management/row-level-security/about-types-of-restriction-groups/). Configure restriction groups /visma-net-erp/help/access-management/row-level-security/configure-restriction-groups section Restriction groups provide the capability to limit the visibility of system entities for users. 2026-02-19T17:09:06+01:00 # Configure restriction groups Restriction groups provide the capability to limit the visibility of system entities for users. Restriction groups provide the capability to limit the visibility of system entities for users. To start using restriction groups, you need to plan how to use these and configure them, as described in these topics. About preparation for configuration /visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-preparation-for-configuration page Before you start configuring restriction groups, you need to gather the information that will help you to plan your restriction groups. 2026-02-19T17:09:06+01:00 # About preparation for configuration Before you start configuring restriction groups, you need to gather the information that will help you to plan your restriction groups. Before you create and configure restriction groups, you need to follow the three steps explained in this topic, for each visibility-related task you want to resolve. ## STEP 1 - Determine whether or not to include users The following table explains when to include users in your restriction group or not. |IF|THEN| |---|---| |you need to limit the visibility of entities (for example: customers) for users,|the restriction group consists of users and entities.| |you need to restrict the visibility of entities (for example: subaccounts) when they are used with particular entities of a different type (for example: general ledger accounts),|the restriction group consists of only entities.| For details, see: [About restriction groups in Visma.net ERP](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## STEP 2 - Select the restriction group type The following tables explain the type of restriction group to use with and without users respectively. ### For a group with users |IF|THEN| |---|---| |a smaller number of users **should** see the entities,|you select a group with direct restriction.| |a smaller number of users **should not** see the entities,|you select a group with inverse restriction.| ### For a group with entities (no users) For example entities of Type 1 and Type 2 in the table below (for example subaccounts and accounts). |IF|THEN| |---|---| |the number of subaccounts that **should** be visible when an account is selected, is smaller than the number of subaccounts that shouldn't be visible,|you select a group with direct restriction.| |if the number of subaccounts **shouldn’t** be visible when an account is selected, is smaller than the number of subaccounts that should be visible,|you select a group with inverse restriction.| ## STEP 3 - Estimate the number of restriction groups You determine how many groups you need to create by using the following guidelines: |IF|THEN| |---|---| |a particular user or a set of users should (or shouldn't) see entities of different types (such as customers or general ledger accounts),|you need to create a separate restriction group for each entity type.| |multiple sets of users should (or shouldn't) see different values of entities of the same type (such as warehouses),|you need to create a separate group for each entity value or set of entity values.| |you need to control the accounts and subaccounts that can be used together,|you must create at least two groups and include all subaccounts in either of the groups.| |you want include particular combinations of entities in one group with users,|see [About restriction groups in Visma.net ERP](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/) for supported combinations of entities.| For examples of using restriction groups, see: [About practical scenarios with Restriction groups](/visma-net-erp/help/access-management/row-level-security/about-practical-scenarios-with-restriction-groups/). About operations with restriction groups /visma-net-erp/help/access-management/row-level-security/configure-restriction-groups/about-operations-with-restriction-groups page The operations that you can perform with restriction groups (such as creating the groups, adding entities to a group, deleting entities from a group, and viewing group details) depend on the window. 2026-02-19T17:09:06+01:00 # About operations with restriction groups The operations that you can perform with restriction groups (such as creating the groups, adding entities to a group, deleting entities from a group, and viewing group details) depend on the window. This topic describes the operations that you can perform with restriction groups. ## Creating a restriction group The following table explains how to create a restriction group to restrict the visibility of some system entities.
STEP ACTION
1

Open one of the windows in the Row-level security workspace, which you can use to create restriction groups with the particular system entities you want to add.

For examples of combination of restriction groups, see: About restriction groups in Visma.net ERP.
2 Enter a group name that reflects what the group limits visibility to.
3 Select the group type. For information about the types of restriction groups, see: About types of restriction groups.
4 If the group includes users, select the users that will be included in the group on the Users tab.
5

Select the values of the entity that should be included in the group on the tab with the list of entities.

For example: If the entity is warehouses, you select the particular warehouses you want to include in the group.
6 Repeat this step for each entity type that you want to include in the group.
7 Save your changes.
## Deactivating a restriction group If you do not want to apply the restrictions of a group to the entities included in the group, you do the following.
STEP ACTION
1 Open the Restriction groups (SM201030) window.
2 In the Selection area, select the restriction group you want to edit.
3 Clear the Active check box.
4 Save your changes.
5 Result: Restrictions configured in the group are no longer applied to the entities.
## Setting up default restriction groups for supplier and customer classes To simplify the process of adding new supplier and customers to restriction groups, you can specify a default restriction group for a supplier or customer class. This means that suppliers and customers of the selected class will be included in the restriction group automatically. The following table explains the steps to specify a default restriction group for a supplier class.
STEP ACTION
1 Go to the Supplier classes (AP201000) window.
1 In the Class ID field, select the supplier class for which you want to specify the default restriction group.
2 Go to the General settings tab, and in the Default restriction group field of the Default general settings, select the default restriction group that will be used for the selected supplier class.
3 Click Apply restriction settings to all suppliers in the window toolbar, to include all entities of the class in the default restriction group.
4 Save your changes.
You perform similar steps in the [Customer classes (AR201000)](/visma-net-erp/help/customer-ledger/customer-ledger-windows/customer-classes-ar201000/) window when you want to specify a default restriction group for a customer class. ## Removing class entities from a default restriction group The following table explains how to remove all class entities from a default restriction group to cancel the visibility restriction for entities of a supplier class.
STEP ACTION
1 Open the Supplier classes (AP201000) window.
2 Go to the General settings tab, and in the Default general settings section, clear the value in the Default restriction group field.
3 Click Apply restriction settings to all suppliers in the window toolbar.
4 Save your changes.
In the [Customer classes (AR201000)](/visma-net-erp/help/customer-ledger/customer-ledger-windows/customer-classes-ar201000/) window, you can perform similar steps to remove customers of a class from the default restriction group. ## Adding entities to an existing restriction group While addressing your everyday tasks, you may need to add users and entities to restriction groups that you have created and configured previously. Suppose that a new employee of your organisation should use accounts with limited visibility, or that new stock items have been added to the system and should be in a particular restriction group. Follow these steps to add an entity to an existing group.
STEP ACTION
1 Go to the Row-level security workspace.
2

Open the window that displays restriction groups for the entity you want to add to the restriction group.

For example: For a user, you open the Restriction groups by user (SM201035) window.
3

In the top part, select the entity that you want to add to a restriction group.

For example: In the Login field, you select Todd Bloom.
4 In the table with the list of restriction groups, select the unlabelled Included check box for each group in which you want to include the selected entity.
5 Save your changes.
After you have included the entity in the restriction groups, the system applies the visibility limitations to the entity. Similarly, you can remove entities from a restriction group by clearing the **Included** check box for this group. Row-level security windows /visma-net-erp/help/access-management/row-level-security/row-level-security-windows section On the menu of Visma Net, the windows are grouped into workspace items on the left hand side of the screen. 2026-02-19T17:09:06+01:00 # Row-level security windows On the menu of Visma Net, the windows are grouped into workspace items on the left hand side of the screen. Each item contains a workspace with tiles and categories. This topic follows the listing of the category items in the Row-level security module. Customer access (AR102000) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/customer-access-ar102000 page By using this window, you can create restriction groups for managing the visibility of customer accounts to users, or modify existing restriction groups by adding or removing users or customer accounts. 2026-02-19T17:09:06+01:00 # Customer access (AR102000) By using this window, you can create restriction groups for managing the visibility of customer accounts to users, or modify existing restriction groups by adding or removing users or customer accounts. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. > [!NOTE] > You can also use the [Restriction groups by customer (AR102010)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-customer-ar102010/) window to manage the visibility of customer accounts to users, but you cannot create restriction groups on this window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## The top part In this area, you can enter the settings of a new restriction group or select an existing group and edit its settings.
Element Description
Group name The name of the restriction group. You can type a name of a new group or select an existing group.
Description The description of the restriction group. You can type a description if this field is empty or edit an existing description.
Group type The type of the restriction group. You can select one of the following types: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Active

A check box that indicates (if selected) that the restriction group is active. You can clear the check box to make the group inactive, which means that restrictions imposed by the restriction group do not affect the visibility of entities to users.

By default, this check box is selected.
## The Users tab On this tab, you can view the list of users defined in the system and select those to be included in the restriction group.
Element Description
Login Read-only. The login of the user.
Full name Read-only. The full name of the user.
Comment Read-only. The additional information that has been specified for the user in the Users (SM201010) window.
## The Customers tab On this tab, you can view the list of customer accounts defined in the system and select those to be included in the restriction group.
Element Description
Customer no. The number of the customer. You can click the customer number to open the Customers (AR303000) window with information about this customer.
Status The status of the customer account, which is either Active or Inactive.
Customer name The name of the customer as it appears on the documents.
Email account access (SM201050) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/email-account-access-sm201050 page By using this window, you can create restriction groups for managing the visibility of system email accounts to users, or modify existing restriction groups by adding or removing users or system email accounts. 2026-02-19T17:09:06+01:00 # Email account access (SM201050) By using this window, you can create restriction groups for managing the visibility of system email accounts to users, or modify existing restriction groups by adding or removing users or system email accounts. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. By using this window, you can create restriction groups for managing the visibility of system email accounts to users, or modify existing restriction groups by adding or removing users or system email accounts. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## The top part In this area, you can enter the settings of a new restriction group or select an existing group and edit its settings.
Element Description
Group name The name of the restriction group. You can type a name of a new group or select an existing group.
Description The description of the restriction group. You can type a description if this field is empty or edit an existing description.
Group type The type of the restriction group. You can select one of the following types: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Active

A check box that indicates (if selected) that the restriction group is active. You can clear the check box to make the group inactive, which means that restrictions imposed by the restriction group do not affect the visibility of entities to users.

By default, this check box is selected.
## The Users tab On this tab, you can view the list of users defined in the system and select those to be included in the restriction group.
Column Description
Login Read-only. The login of the user.
Full name Read-only. The full name of the user.
Comment Read-only. The additional information that has been specified for the user in the Users (SM201010) window.
## The Email accounts tab By using this tab, you can view the list of system email accounts defined in the system and select those to be included in the restriction group.
Column Description
Email address The email address that corresponds to this system email account.
User name The login that was specified in the system email account settings.
Password The password that was specified in the system email account settings. The password is displayed in an encrypted window.
Included A check box that indicates (if selected) that a system email account is included in the restriction group.
General ledger account access (GL104000) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-account-access-gl104000 page By using this window, you can create restriction groups for managing the visibility of accounts and subaccounts to users, or modify existing restriction groups by adding or removing users, accounts, or subaccounts. 2026-02-19T17:09:06+01:00 # General ledger account access (GL104000) By using this window, you can create restriction groups for managing the visibility of accounts and subaccounts to users, or modify existing restriction groups by adding or removing users, accounts, or subaccounts. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. You can also use the [Restriction groups by general ledger account (GL104020)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-general-ledger-account-gl104020/) and [Restriction groups by subaccount (GL104030)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-subaccount-gl104030/) windows to manage the visibility of accounts and subaccounts to users, but you cannot create restriction groups on these windows. > [!CAUTION] > By restricting the visibility of accounts, subaccounts, > and branches, you also restrict the visibility of the cash accounts that are linked to > the restricted entities. > It is recommended that you carefully configure restriction groups > that contain accounts, subaccounts, and branches because including these entities in > different restriction groups may block the processing of the associated cash > accounts. ## The top part In this area, you can enter the settings of a new restriction group or select an existing group and edit its settings.
Element Description
Group name The name of the restriction group. You can type a name of a new group or select an existing group.
Description The description of the restriction group. You can type a description if this field is empty or edit an existing description.
Group type The type of the restriction group. You can select one of the following types: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Active

A check box that indicates (if selected) that the restriction group is active. You can clear the check box to make the group inactive, which means that restrictions imposed by the restriction group do not affect the visibility of entities to users.

By default, this check box is selected.
## The Users tab On this tab, you can view the list of users defined in the system and select those to be included in the restriction group.
Column Description
Login Read-only. The login of the user.
Full name Read-only. The full name of the user.
Comment Read-only. The additional information that has been specified for the user in the Users (SM201010) window.
## The Accounts tab On this tab, you can view the list of general ledger accounts defined in the system and select those to be included in the restriction group.
Column Description
Account Read-only. The account that can be included in the restriction group.
Type Read-only. The account type, which can be Asset, Liability, Income, or Expense.
Account class Read-only. The account class to which this account belongs.
Active Read-only. A check box that indicates (if selected) that the account is active.
Description Read-only. The description of the account.
Currency Read-only. The account currency, for a currency-denominated account.
## The Subaccounts tab By using this tab, you can view the list of subaccounts defined in the system and select those to be included in the restriction group. This tab is displayed on the window when the **By segmented key** mode is selected in the **Lookup mode** field in the [Segment keys (CS202000)](/visma-net-erp/help/common-settings/common-settings-windows/segment-keys-cs202000/) window for the **SUBACCOUNT** segmented key.
Column Description
Subaccount The subaccount to be included in the restriction group. You can click the subaccount to open the Subaccounts - reference information window.
Active Read-only. A check box that indicates (if selected) that the subaccount is active.
Description Read-only. The description of the subaccount.
## The Subaccount segments tab By using this tab, you can view the list of subaccount segment values by the segment ID defined in the system and select those to be included in the restriction group. This tab is displayed on the window when the **By segment: All avail. segment values** mode is selected in the **Lookup mode** field in the [Segment keys (CS202000)](/visma-net-erp/help/common-settings/common-settings-windows/segment-keys-cs202000/) window for the **SUBACCOUNT** segmented key.
Element Description
Segment ID The ID of the subaccount segment. When you select a value in this field, in the Segment values table, the system displays the list of the segment values that correspond to this ID.
Column Description
Segment value The value of the subaccount segment to be included in the restriction group.
Active Read-only. A check box that indicates (if selected) that the subaccount segment is active.
Description Read-only. The description of the subaccount segment.

Related pages

Concepts

 General ledger accounts by branch access (GL103040) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-accounts-by-branch-access-gl103040 page By using this window, you can create restriction groups for managing the visibility of general ledger accounts to branches, or modify existing restriction groups by adding or removing branches or accounts. 2026-02-19T17:09:06+01:00 # General ledger accounts by branch access (GL103040) By using this window, you can create restriction groups for managing the visibility of general ledger accounts to branches, or modify existing restriction groups by adding or removing branches or accounts. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. By using this window, you can create restriction groups for managing the visibility of general ledger accounts to branches, or modify existing restriction groups by adding or removing branches or accounts. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). > [!CAUTION] > By restricting the visibility of accounts, subaccounts, > and branches, you also restrict the visibility of the cash accounts that are linked to > the restricted entities. > We recommend that you carefully configure restriction groups > that contain accounts, subaccounts, and branches because including these entities in > different restriction groups may block the processing of the associated cash > accounts. ## The top part In this area, you can enter the settings of a new restriction group or select an existing group and edit its settings.
Element Description
Group name The name of the restriction group. You can type a name of a new group or select an existing group.
Description The description of the restriction group. You can type a description if this field is empty or edit an existing description.
Group type The type of the restriction group. You can select one of the following types: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Active

A check box that indicates (if selected) that the restriction group is active. You can clear the check box to make the group inactive, which means that restrictions imposed by the restriction group do not affect the visibility of entities to users.

By default, this check box is selected.
## The Branches tab On this tab, you can view the list of the branches defined in the system and select the branches to be included in the restriction group.
Column Description
Branch The ID of the branch. Branches are defined in the Branches (CS102000) window.
Branch name The name of the branch.
Posting ledger The default posting ledger for the branch, which is specified in the Inter-branch account mapping (GL101010) window.
## The Accounts tab On this tab, you can view the list of General ledger accounts defined in the system and select those to be included in the restriction group.
Column Description
Account Read-only. The account that can be included in the restriction group.
Type Read-only. The account type, which can be Asset, Liability, Income, or Expense.
Account class Read-only. The account class to which this account belongs.
Active Read-only. A check box that indicates (if selected) that the account is active.
Description Read-only. The description of the account.
Currency Read-only. The account currency, for a currency-denominated account.
Budget access (GL105030) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/budget-access-gl105030 page By using this window, you can create restriction groups for managing the visibility of budget articles to users, or modify existing restriction groups by adding or removing users or budget articles. 2026-02-19T17:09:06+01:00 # Budget access (GL105030) By using this window, you can create restriction groups for managing the visibility of budget articles to users, or modify existing restriction groups by adding or removing users or budget articles. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. You can also use the [Restriction groups by budget article (GL105020)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-budget-article-gl105020/) window to manage the visibility of budget articles to users, but you cannot create restriction groups on this window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/) ## The top part In this area, you can enter the settings of a new restriction group or select an existing group and edit its settings.
Element Description
Group name The name of the restriction group. You can type a name of a new group or select an existing group.
Description The description of the restriction group. You can type a description if this field is empty or edit an existing description.
Group type The type of the restriction group. You can select one of the following types: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Active

A check box that indicates (if selected) that the restriction group is active. You can clear the check box to make the group inactive, which means that restrictions imposed by the restriction group do not affect the visibility of entities to users.

By default, this check box is selected.
## The Users tab On this tab, you can view the list of users defined in the system and select those to be included in the restriction group.
Column Description
Login Read-only. The login of the user.
Full name Read-only. The full name of the user.
Comment Read-only. The additional information that has been specified for the user in the Users (SM201010) window.
## The Budget tree tab By using this tab, you can view the list of budget articles defined in the system and select those to be included in the restriction group.
Column Description
Description Read-only. The description of the node or the budget article.
Account Read-only. The account of the budget article. The account is displayed only for budget articles that are not nodes.
Subaccount Read-only. The subaccount of the budget article. The subaccount is displayed only for budget articles that are not nodes.
Account mask Read-only. The account mask for the budget article. The account mask is displayed only for budget articles that are nodes.
Subaccount mask Read-only. The subaccount mask for the budget article. The subaccount mask is displayed only for budget articles that are nodes.
Node Read-only. A check box that indicates (if selected) that this budget article is a node.

Related pages

Concepts

Tasks

Windows

 Item access (IN103000) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/item-access-in103000 page By using this window, you can create restriction groups for managing the visibility of item classes and stock items to users, or modify existing restriction groups by adding or removing users, item classes, or stock items. 2026-02-19T17:09:06+01:00 # Item access (IN103000) By using this window, you can create restriction groups for managing the visibility of item classes and stock items to users, or modify existing restriction groups by adding or removing users, item classes, or stock items. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. > [!NOTE] > You can also use the [Restriction groups by item class (IN103010)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-item-class-in103010/) and [Restriction groups by item (IN103020)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-item-in103020/) windows to manage the visibility of item classes and items to users, but you cannot create restriction groups in these windows. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## The top part In this area, you can enter the settings of a new restriction group or select an existing group and edit its settings.
Element Description
Group name The name of the restriction group. You can type a name of a new group or select an existing group.
Description The description of the restriction group. You can type a description if this box is empty or edit an existing description.
Group type The type of the restriction group. You can select one of the following types: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Active

A check box that indicates (if selected) that the restriction group is active. You can clear the check box to make the group inactive, which means that restrictions imposed by the restriction group do not affect the visibility of entities to users.

By default, this check box is selected.
## The Users tab On this tab, you can view the list of users defined in the system and select those to be included in the restriction group.
Column Description
Login Read-only. The login of the user.
Full Name Read-only. The full name of the user.
Comment Read-only. The additional information that has been specified for the user in the Users (SM201010) window.
## The Item classes tab By using this tab, you can view the list of item classes defined in the system and select those to be included in the restriction group.
Column Description
Class ID Read-only. The ID of the item class that can be included in the restriction group.
Description Read-only. The description of the item class.
## The Items tab By using this tab, you can view the list of items defined in the system and select those to be included in the restriction group.
Column Description
Item ID The ID of the item that can be included in the restriction group.
Description Read-only. The description of the item.

Related pages

Windows

 Project access (PM102000) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/project-access-pm102000 page By using this window, you can create restriction groups for managing the visibility of projects to users, or modify existing restriction groups by adding or removing users or projects. 2026-02-19T17:09:06+01:00 # Project access (PM102000) By using this window, you can create restriction groups for managing the visibility of projects to users, or modify existing restriction groups by adding or removing users or projects. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. You can also use the [Restriction groups by project (PM102010)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-project-pm102010/) window to manage the visibility of projects to users, but you cannot create restriction groups in this window. ## The top part In this area, you can enter the settings of a new restriction group or select an existing group and edit its settings.
Element Description
Group name The name of the restriction group. You can type a name of a new group or select an existing group.
Description The description of the restriction group. You can type a description if this field is empty or edit an existing description.
Group type The type of the restriction group. You can select one of the following types: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Active

A check box that (if selected) indicates that the restriction group is active. You can clear the check box to make the group inactive, which means that restrictions imposed by the restriction group do not affect the visibility of entities to users.

By default, this check box is selected.
## The Users tab On this tab, you can view the list of users defined in the system and select those to be included in the restriction group.
Column Description
Login Read-only. The login of the user.
Full name Read-only. The full name of the user.
Comment Read-only. The additional information that has been specified for the user in the Users (SM201010) window.
## The Projects tab By using this tab, you can view the list of projects defined in the system and select those to be included in the restriction group.
Column Description
Project ID Read-only. The identifier of the project.
Description Read-only. The description of the project.
Customer Read-only. The customer associated with the project, if this project is external. For an internal project, no customer is specified.
Template Read-only. The template used for creating this project, if applicable.
Status Read-only. The status of the project.
Restricted entities (SM201040) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restricted-entities-sm201040 page In this window, you can view the restriction groups that contain a particular system entity, such as an stock item, a general ledger account, or a user, and change the visibility of the entity in the system by including the system entity in other restriction groups or excluding it from groups that currently contain it. 2026-02-19T17:09:06+01:00 # Restricted entities (SM201040) In this window, you can view the restriction groups that contain a particular system entity, such as an stock item, a general ledger account, or a user, and change the visibility of the entity in the system by including the system entity in other restriction groups or excluding it from groups that currently contain it. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. If a group includes particular users, only those users can view the group entities. If a group doesn't include users, the entities of different types included in the group can be used only with group members. You can create restriction groups for managing the visibility of a system entity by using the [Restriction groups (SM201030)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-sm201030/) window or the window intended for entities of this type in the **Manage** section of the Row-level security workspace. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). CAUTION: By restricting the visibility of accounts, subaccounts, and branches, you also restrict the visibility of the cash accounts that are linked to the restricted entities. We recommend that you carefully configure restriction groups that contain accounts, subaccounts, and branches because including these entities in different restriction groups may block the processing of the associated cash accounts. ## The top part In this area, you can select the system entity type and the specific entity for which you want to view or edit its membership in restriction groups.
Element Description
Entity type The type of system entity.
Entity The particular entity of the type you have selected.
## The table In this table, you can view the full list of restriction groups in the system, along with some basic information about each group. The check box in the **Included** column is selected for each group that contains the selected entity. You can select and clear these check boxes to change the membership of the system entity in restriction groups.
Column Description
Included A check box that indicates (if selected) that the entity is included in the restriction group.
Group name The name of the restriction group.
Description The description of the restriction group.
Active A check box that indicates (if selected) that the restriction group is active. The system does not enforce the restrictions of an inactive group.
Group type The type of the restriction group. You can select one of the following types: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Restriction groups (SM201030) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-sm201030 page By using this window, you can create restriction groups for managing the visibility of system entities, or modify existing restriction groups by adding or removing system entities. 2026-02-19T17:09:06+01:00 # Restriction groups (SM201030) By using this window, you can create restriction groups for managing the visibility of system entities, or modify existing restriction groups by adding or removing system entities. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. By using this window, you can create restriction groups for managing the visibility of system entities, or modify existing restriction groups by adding or removing system entities. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). For simplicity, we recommend that you create restriction groups for use in specific workspaces by using the appropriate windows in the **Manage** section of the Row-level security workspace. ## The top part In this area, you can define a new restriction group or select an existing one for editing.
Element Description
Group name The unique group identifier. If you are defining a new group, type the name here. If you are modifying an existing group, select the group name.
Active

A check box that indicates (if selected) that the restriction group is active. You can clear the check box to make the group inactive, which means that restrictions imposed by the restriction group do not affect visibility of entities to users.

By default, this check box is selected.
Group type The type of the restriction group. You can select one of the following types: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Description The description of the group.
Entity type

Required.

The type of system entity that is included in the group.
Specific type

Optional.

The system entity that is used by the system for filtering restriction groups on the Restriction groups tab of the entity window. The entity type selected in this field does not affect visibility of entities included in the restriction group.
Specific module

Optional.

The two-letter code of the workspace where the group is displayed, if the group should be viewed in only a specific workspace.

The workspace selected in this field does not affect visibility of entities included in the restriction group.
## The table You can use this table to view the list of system entities of the selected type and include any of them to the selected restriction group.
Column Description
Included A check box that you select to include the entity in the restriction group.
Entity Read-only. A field that contains the ID of the particular entity and additional information about the entity; pieces of information are separated by commas.
Restriction groups by branch (GL103020) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-branch-gl103020 page In this window, you can view the restriction groups that contain a particular branch. 2026-02-19T17:09:06+01:00 # Restriction groups by branch (GL103020) In this window, you can view the restriction groups that contain a particular branch. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. You can also change the visibility of the branch in the system by including it in other restriction groups or excluding it from groups that currently contain it. You can create restriction groups for managing the visibility of branches and general ledger accounts by using the [General ledger accounts by branch access (GL103040)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-accounts-by-branch-access-gl103040/) window, and for managing the visibility of branches and subaccounts by using the [Subaccounts by branch access (GL103060)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/subaccounts-by-branch-access-gl103060/) window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). > [!CAUTION] > By restricting the visibility of accounts, subaccounts, > and branches, you also restrict the visibility of the cash accounts that are linked to > the restricted entities. > We recommend that you carefully configure restriction groups > that contain accounts, subaccounts, and branches because including these entities in > different restriction groups may block the processing of the associated cash > accounts. ## The top part In this area, you can select the branch for which you want to view or edit its membership in restriction groups. You can also view the posting ledger of the selected branch.
Element Description
Branch The branch of your organisation whose membership in restriction groups you want to view (and edit, if needed) in the table.
Posting ledger Read-only. The default posting ledger for the selected branch. The system fills in this field automatically once you select a branch, based on the settings established in the Inter-branch account mapping (GL101010) window.
## The table In this table, you can view the full list of restriction groups in the system, along with some basic information about each group. The check box in the unlabelled Included column is selected for each group that contains the branch. You can select and clear these check boxes to change the membership of the branch in restriction groups.
Column Description
Group name Read-only. The name of the restriction group.
Description Read-only. The description of the restriction group.
Active Read-only. A check box that indicates (if selected) that the restriction group is active. The system does not enforce restrictions imposed by inactive groups.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Restriction groups by budget article (GL105020) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-budget-article-gl105020 page In this window, you can view the restriction groups that contain a particular budget article. 2026-02-19T17:09:06+01:00 # Restriction groups by budget article (GL105020) In this window, you can view the restriction groups that contain a particular budget article. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. In this window, you can view the restriction groups that contain a particular budget article. You can also change the visibility of the budget article in the system by including it in other restriction groups or excluding it from groups that currently contain it. If the selected budget article is a node or if it contains subarticles, the same visibility restrictions will be applied to the subarticles. You can create restriction groups for managing the visibility of budget articles by using the [Budget access (GL105030)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/budget-access-gl105030/) window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## The top part In this area, you can select the budget article for which you want to view or edit its membership in restriction groups. You can also view additional information about the selected budget article.
Element Description
Budget article The budget article whose membership in restriction groups you want to view (and edit, if needed) in the table.
Account Read-only. The account of the selected budget article if the article is not a node.
Subaccount Read-only. The subaccount of the selected budget article if the article is not a node.
Node Read-only. A check box that indicates (if selected) that the selected budget article is a node.
Account mask Read-only. The account mask used for the selected budget article if the article is a node.
Subaccount mask Read-only. The subaccount mask used for the selected budget article if the article is a node.
## The table In this table, you can view the full list of restriction groups in the system, along with some basic information about each group. The check box in the unlabelled Included column is selected for each group that contains the budget article. You can select and clear these check boxes to change the membership of the budget article in restriction groups.
Column Description
Group name Read-only. The name of the restriction group.
Description Read-only. The description of the restriction group.
Active Read-only. A check box that indicates (if selected) that the restriction group is active. The system does not enforce restrictions imposed by inactive groups.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Restriction groups by customer (AR102010) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-customer-ar102010 page In this window, you can view the restriction groups that contain a particular customer account. 2026-02-19T17:09:06+01:00 # Restriction groups by customer (AR102010) In this window, you can view the restriction groups that contain a particular customer account. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. In this window, you can view the restriction groups that contain a particular customer account. You can also change the visibility of the customer account in the system by including it in other restriction groups or excluding it from groups that currently contain it. > [!NOTE] > You can create restriction groups for managing the visibility of customer accounts by using the [Customer access (AR102000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/customer-access-ar102000/) window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## The top part In this area, you can select the customer account for which you want to view or edit its membership in restriction groups. You can also view additional information about the selected customer account.
Element Description
Customer no. The customer account, by its number whose membership in restriction groups you want to view (and edit, if needed) in the table.
Status Read-only. The status of the selected customer account: Active or Inactive.
Customer name Read-only. The name of the selected customer, which is specified in the Customers (AR303000) window.
## The table In this table, you can view the full list of restriction groups in the system, along with some basic information about each group. The check box in the unlabelled Included column is selected for each group that contains the customer account. You can select and clear these check boxes to change the membership of the customer account in restriction groups.
Element Description
Group name Read-only. The name of the restriction group.
Description Read-only. The description of the restriction group.
Active Read-only. A check box that indicates (if selected) that the restriction group is active. The system does not enforce restrictions imposed by inactive groups.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Restriction groups by general ledger account (GL104020) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-general-ledger-account-gl104020 page In this window, you can view the restriction groups that contain a particular General ledger account. 2026-02-19T17:09:06+01:00 # Restriction groups by general ledger account (GL104020) In this window, you can view the restriction groups that contain a particular General ledger account. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. In this window, you can view the restriction groups that contain a particular General ledger account. You can also change the visibility of the account in the system by including it in other restriction groups or excluding it from groups that currently contain it. You can create restriction groups for managing the visibility of General ledger accounts by using the [General ledger account access (GL104000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-account-access-gl104000/) window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). CAUTION: By restricting the visibility of accounts, subaccounts, and branches, you also restrict the visibility of the cash accounts that are linked to the restricted entities. We recommend that you carefully configure restriction groups that contain accounts, subaccounts, and branches because including these entities in different restriction groups may block the processing of the associated cash accounts. ## The top part In this area, you can select the general ledger account for which you want to view or edit its membership in restriction groups. You can also view additional information about the selected general ledger account.
Element Description
Account The general ledger account whose membership in restriction groups you want to view (and edit, if needed) in the table.
Type

Read-only. The type of the selected account.

For more information, see: About account types and classes.
Description Read-only. The description of the selected account.
Account class

Read-only. The class of the selected account.

For more information, see: About account types and classes
Currency Read-only. The specific currency if the selected general ledger account is a currency-denominated account. (If this field is blank, the base currency is used for the account.)
## The table In this table, you can view the full list of restriction groups in the system, along with some basic information about each group. The check box in the unlabelled Included column is selected for each group that contains the account. You can select and clear these check boxes to change the membership of the general ledger account in restriction groups.
Column Description
Group name Read-only. The name of the restriction group.
Description Read-only. The description of the restriction group.
Active Read-only. A check box that indicates (if selected) that the restriction group is active. The system does not enforce restrictions imposed by inactive groups.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Restriction groups by item (IN103020) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-item-in103020 page In this window, you can view the restriction groups that contain a particular item. 2026-02-19T17:09:06+01:00 # Restriction groups by item (IN103020) In this window, you can view the restriction groups that contain a particular item. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. In this window, you can view the restriction groups that contain a particular item. You can also change the visibility of the item in the system by including it in other restriction groups or excluding it from groups that currently contain it. > [!NOTE] > You can create restriction groups for managing the visibility of items by using the [Item access (IN103000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/item-access-in103000/) window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## The top part In this area, you can select the item for which you want to view or edit its membership in restriction groups. You can also view additional information about the selected item.
Element Description
Item ID The identifier of the item whose membership in restriction groups you want to view (and edit, if needed) in the table.
Description Read-only. The description of the selected item.
Item class Read-only. The item class of the selected item.
Item status Read-only. The status of the selected item.
Stock item Read-only. A check box that indicates (if selected) that the selected item is a stock item.
## The table In this table, you can view the full list of restriction groups in the system, along with some basic information about each group. The check box in the unlabelled Included column is selected for each group that contains the item. You can select and clear these check boxes to change the membership of the item in restriction groups.
Column Description
Group name Read-only. The name of the restriction group.
Description Read-only. The description of the restriction group.
Active Read-only. A check box that indicates (if selected) that the restriction group is active. The system does not enforce restrictions imposed by inactive groups.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.

Related pages

Windows

 Restriction groups by item class (IN103010) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-item-class-in103010 page In this window, you can view the restriction groups that contain a particular item class. 2026-02-19T17:09:06+01:00 # Restriction groups by item class (IN103010) In this window, you can view the restriction groups that contain a particular item class. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. In this window, you can view the restriction groups that contain a particular item class. You can also change the visibility of the item class in the system by including it in other restriction groups or excluding it from groups that currently contain it. > [!NOTE] > You can create restriction groups for managing the visibility of item classes by using the [Item access (IN103000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/item-access-in103000/) window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## The top part In this area, you can select the item class for which you want to view or edit its membership in restriction groups. You can also view the description of the selected item class.
Element Description
Class ID The item class (by its identifier) whose membership in restriction groups you want to view (and edit, if needed) in the table.
Description Read-only. The description of the selected class.
## The table In this table, you can view the full list of restriction groups in the system, along with basic information about each groups. The check box in the unlabelled Included column is selected for each group that contains the item class. You can select and clear these check boxes to change the membership of the item class in restriction groups.
Column Description
Group name Read-only. The name of the restriction group.
Description Read-only. The description of the restriction group.
Active Read-only. A check box that indicates (if selected) that the restriction group is active. The system does not enforce restrictions imposed by inactive groups.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.

Related pages

Windows

 Restriction groups by project (PM102010) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-project-pm102010 page In this window, you can view the restriction groups that contain a particular project. 2026-02-19T17:09:06+01:00 # Restriction groups by project (PM102010) In this window, you can view the restriction groups that contain a particular project. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. In this window, you can view the restriction groups that contain a particular project. You can also change the visibility of the project in the system by including it in other restriction groups or excluding it from restriction groups that currently contain it. You can create restriction groups for managing the visibility of projects by using the [Project access (PM102000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/project-access-pm102000/) window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/) ## The top part In this area, you can select the project for which you want to view or edit its membership in restriction groups. You can also view additional information about the selected project.
Element Description
Project ID The project for which you want to view (and possibly edit) related restriction groups.
Status Read-only. The status of the selected project.
Customer Read-only. The customer for the selected project, if the project is external. For an internal project, this field is empty.
Template Read-only. The template used for creating the selected project, if applicable.
Description Read-only. The description of the selected project.
## The table In this table, you can view the full list of restriction groups in the system, along with basic information about each group. The check box in the unlabeled **Included** column is selected for each group that contains the selected project. You can select and clear these check boxes to change the membership of the project in restriction groups.
Column Description
Group name Read-only. The name of the restriction group.
Description Read-only. The description of the restriction group.
Active Read-only. A check box that indicates (if selected) that the restriction group is active.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups
Restriction groups by sub segment (GL104040) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-sub-segment-gl104040 page In this window, you can view the restriction groups that contain a particular subaccount segment value. 2026-02-19T17:09:06+01:00 # Restriction groups by sub segment (GL104040) In this window, you can view the restriction groups that contain a particular subaccount segment value. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. In this window, you can view the restriction groups that contain a particular subaccount segment value. You can also change the visibility of the subaccount segment value in the system by including it in other restriction groups or excluding it from groups that currently contain it. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## The top part In this area, you can select the subaccount segment value for which you want to view or edit its membership in restriction groups. You can also view additional information about the selected subaccount segment value.
Element Description
Segment ID The subaccount segment (by its identifier) for which you want to select a value.
Segment value The segment value for the selected subaccount segment. In this field, you can select the subaccount segment value for which you want to view or edit its membership in restriction groups.
Description Read-only. The description of the selected subaccount segment value.
Active Read-only. A check box that indicates (if selected) that the selected subaccount segment value is active.
## The table In this table, you can view the full list of restriction groups in the system, along with some basic information about each group. The check box in the unlabelled Included column is selected for each group that contains the subaccount segment value. You can select and clear these check boxes to change the membership of the subaccount segment value in restriction groups.
Column Description
Group name Read-only. The name of the restriction group.
Description Read-only. The description of the restriction group.
Active Read-only. A check box that indicates (if selected) that the restriction group is active. The system does not enforce restrictions imposed by inactive groups.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Restriction groups by subaccount (GL104030) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-subaccount-gl104030 page In this window, you can view the restriction groups that contain a particular subaccount. 2026-02-19T17:09:06+01:00 # Restriction groups by subaccount (GL104030) In this window, you can view the restriction groups that contain a particular subaccount. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. In this window, you can view the restriction groups that contain a particular subaccount. You can also change the visibility of the subaccount in the system by including it in other restriction groups or excluding it from groups that currently contain it. You can create restriction groups for managing the visibility of subaccounts by using the [General ledger account access (GL104000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/general-ledger-account-access-gl104000/) window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). CAUTION: By restricting the visibility of accounts, subaccounts, and branches, you also restrict the visibility of the cash accounts that are linked to the restricted entities. We recommend that you carefully configure restriction groups that contain accounts, subaccounts, and branches because including these entities in different restriction groups may block the processing of the associated cash accounts. ## The top part In this area, you can select the subaccount for which you want to view or edit its membership in restriction groups. You can also view the description of the selected subaccount.
Element Description
Subaccount The subaccount whose membership in restriction groups you want to view (and edit, if needed) in the table.
Description Read-only. The description of the selected subaccount.
## The table In this table, you can view the full list of restriction groups in the system, along with some basic information about each group. The check box in the unlabelled Included column is selected for each group that contains the subaccount. You can select and clear these check boxes to change the membership of the subaccount in restriction groups.
Column Description
Group name Read-only. The name of the restriction group.
Description Read-only. The description of the restriction group.
Active Read-only. A check box that indicates (if selected) that the restriction group is active. The system does not enforce restrictions imposed by inactive groups.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Restriction groups by user (SM201035) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-user-sm201035 page In this window, you can view the restriction groups that contain a particular user. 2026-02-19T17:09:06+01:00 # Restriction groups by user (SM201035) In this window, you can view the restriction groups that contain a particular user. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. In this window, you can view the restriction groups that contain a particular user. You can also change the visibility of the user in the system by including the user in other restriction groups or excluding it from groups that currently contain it. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## The top part In this area, you can select the user for which you want to view or edit its membership in restriction groups. You can also view additional information about the selected user.
Element Description
Login The name of the user whose membership in restriction groups you want to view (and edit, if needed) in the table.
First name Read-only. The selected user’s first name.
Last name Read-only. The selected user’s last name.
Comment Read-only. The comment provided for the selected user account.
## The table In this table, you can view the full list of restriction groups in the system, along with some basic information about each group. The check box in the unlabelled Included column is selected for each group that contains the user. You can select and clear these check boxes to change the membership of the user in restriction groups.
Column Description
Group name Read-only. The name of the restriction group.
Description Read-only. The description of the restriction group.
Active Read-only. A check box that indicates (if selected) that the restriction group is active. The system does not enforce restrictions imposed by inactive groups.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Restriction groups by warehouse (IN102010) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-warehouse-in102010 page in this window, you can view the restriction groups that contain a particular warehouse. 2026-02-19T17:09:06+01:00 # Restriction groups by warehouse (IN102010) in this window, you can view the restriction groups that contain a particular warehouse. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. in this window, you can view the restriction groups that contain a particular warehouse. You can also change the visibility of the warehouse in the system by including it in other restriction groups or excluding it from groups that currently contain it. > [!NOTE] > You can create restriction groups for managing the visibility of warehouses by using the [Warehouse access (IN102000)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/warehouse-access-in102000/) window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## The top part In this area, you can select the warehouse for which you want to view or edit its membership in restriction groups. You can also view the description of the selected warehouse.
Element Description
Warehouse ID The warehouse (by its identifier) whose membership in restriction groups you want to view (and edit, if needed) in the table.
Description Read-only. The description of the selected warehouse.
## The table In this table, you can view the full list of restriction groups in the system, along with some basic information about each group. The check box in the unlabelled Included column is selected for each group that contains the warehouse. You can select and clear these check boxes to change the membership of the warehouse in restriction groups.
Column Description
Group name Read-only. The name of the restriction group.
Description Read-only. The description of the restriction group.
Active Read-only. A check box that indicates (if selected) that the restriction group is active. The system does not enforce restrictions imposed by inactive groups.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.

Related pages

Windows

 Subaccounts by branch access (GL103060) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/subaccounts-by-branch-access-gl103060 page By using this window, you can create restriction groups for managing the visibility of subaccounts to branches, or modify existing restriction groups by adding or removing branches or subaccounts. 2026-02-19T17:09:06+01:00 # Subaccounts by branch access (GL103060) By using this window, you can create restriction groups for managing the visibility of subaccounts to branches, or modify existing restriction groups by adding or removing branches or subaccounts. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. By using this window, you can create restriction groups for managing the visibility of subaccounts to branches, or modify existing restriction groups by adding or removing branches or subaccounts. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). CAUTION: By restricting the visibility of accounts, subaccounts, and branches, you also restrict the visibility of the cash accounts that are linked to the restricted entities. We recommend that you carefully configure restriction groups that contain accounts, subaccounts, and branches because including these entities in different restriction groups may block the processing of the associated cash accounts. ## The top part In this area, you can enter the settings of a new restriction group or select an existing group and edit its settings.
Element Description
Group name The name of the restriction group. You can type a name of a new group or select an existing group.
Description The description of the restriction group. You can type a description if this field is empty or edit an existing description.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Active

A check box that indicates (if selected) that the restriction group is active. You can clear the check box to make the group inactive, which means that restrictions imposed by the restriction group do not affect the visibility of entities to users.

By default, this check box is selected.
## The Branches tab On this tab, you can view the list of the branches defined in the system and select the branches to be included in the restriction group.
Column Description
Included A check box that indicates (if selected) that the branch is included in the restriction group.
Branch The ID of the branch. Branches are defined in the Branches (CS102000) window.
Branch name The name of the branch.
Posting ledger The default posting ledger for the branch, which is specified in the Financial year (GL101000) window.
## The Subaccounts tab On this tab, you can view the list of subaccounts defined in the system and select those to be included in the restriction group. This tab is displayed on the window when the **By segmented key** mode is selected in the **Lookup mode** field in the [Segment keys (CS202000)](/visma-net-erp/help/common-settings/common-settings-windows/segment-keys-cs202000/) window for the **SUBACCOUNT** segmented key.
Column Description
Subaccount The subaccount that can be included in the restriction group.
Active Read-only. A check box that indicates (if selected) that the subaccount is active.
Description Read-only. The description of the subaccount.
## The Subaccount segments tab On this tab, you can view the list of subaccount segment values by the segment ID defined in the system and select those to be included in the restriction group. This tab is displayed on the window when the **By segment: All avail. segment values** mode is selected in the **Lookup mode** field in the [Segment keys (CS202000)](/visma-net-erp/help/common-settings/common-settings-windows/segment-keys-cs202000/) window for the **SUBACCOUNT** segmented key.
Element Description
Segment ID The ID of the subaccount segment. When you select a value in this field, in the Segment values table, the system displays the list of the segment values that correspond to this ID.
Column Description
Segment value The value of the subaccount segment to be included in the restriction group.
Active Read-only. A check box that indicates (if selected) that the subaccount segment is active.
Description Read-only. The description of the subaccount segment.
Warehouse access (IN102000) /visma-net-erp/help/access-management/row-level-security/row-level-security-windows/warehouse-access-in102000 page By using this window, you can create restriction groups for managing the visibility of warehouses to users, or modify existing restriction groups by adding or removing users or warehouses. 2026-02-19T17:09:06+01:00 # Warehouse access (IN102000) By using this window, you can create restriction groups for managing the visibility of warehouses to users, or modify existing restriction groups by adding or removing users or warehouses. This topic provides information about the elements in this window in Visma Net, such as fields, field values, buttons, and check boxes. You can also use the [Restriction groups by warehouse (IN102010)](/visma-net-erp/help/access-management/row-level-security/row-level-security-windows/restriction-groups-by-warehouse-in102010/) window to manage the visibility of warehouses to users, but you cannot create restriction groups on this window. For more information about restriction groups, see: [About restriction groups in Visma Net](/visma-net-erp/help/access-management/row-level-security/about-restriction-groups-in-visma-net-erp/). ## The top part In this area, you can enter the settings of a new restriction group or select an existing group and edit its settings.
Element Description
Group name The name of the restriction group. You can type a name of a new group or select an existing group.
Description The description of the restriction group. You can type a description if this field is empty or edit an existing description.
Group type Read-only. The type of the restriction group: A, A inverse, B, or B inverse. For more information, see: About types of restriction groups.
Active

A check box that indicates (if selected) that the restriction group is active. You can clear the check box to make the group inactive, which means that restrictions imposed by the restriction group do not affect the visibility of entities to users.

By default, this check box is selected.
## The Users tab On this tab, you can view the list of users defined in the system and select those to be included in the restriction group.
Column Description
Login Read-only. The login of the user.
Full name Read-only. The full name of the user.
Comment Read-only. The additional information that has been specified for the user in the Users (SM201010) window.
## The Warehouses tab By using this tab, you can view the list of warehouses defined in the system and select those to be included in the restriction group.
Column Description
Warehouse ID Read-only. The identifier of the warehouse.
Description Read-only. The description of the warehouse.

Related pages

Windows