Introduction of Domain Deployment Control in AFCS

This enhancement introduces a new user group within AFCS (AFCSDMNDEPADMNGRP - AFCS domain deployment Admin), ensuring that only authorized users assigned to this group can access the "Add Domain" tab and manage domain deployments under the Administration section in the User Interface. This update further strengthens security and streamlines domain management by enabling tighter access controls.

Restricting domain deployment access to authorized users helps organizations prevent misconfigurations and unauthorized changes to critical financial data structures. This enhanced control ensures that only approved domains are deployed, reducing the risk of data quality issues and increasing the reliability of downstream processes—including subledger applications, data pipelines, and redaction policies. Ultimately, this feature improves both the security and integrity of your organization’s financial data environment.

Steps to Enable

1. Identify Users for Domain Deployment
   Review and identify users who require permission to deploy domains.

2. Map Users to the New Group
   Assign these users both to the new group,  AFCSDMNDEPADMNGRP, as well as the existing group, AFCSADMNGRP.

3. Save and Confirm
   Ensure the user mapping is saved. Ask affected users to log out and log back in to the application to reflect the changes.

4. Verify Access
   Confirm that the users now see the "Add Domain" tab in the Administration section.

Tips And Considerations

Note: This change does not affect domain deployment via automated processes, APIs, upgrades, or fresh provisioning. Those flows will continue to operate as before.