Division scoping is limiting access to Exact Online companies (also known as “divisions” in English and “divisies” in Dutch) for a published application on Exact Online.
Division scoping is one of the ways to control rights, in addition to assigning rights to users, data scoping and licensing modules within Exact Online. The overall picture for determining the permissions of an Exact Online API call can be found at Exact Online API rechten van een user op specifieke endpoint (Dutch).
How does division scoping work?
For each published application from an Exact Online App Developer, the user can restrict access to either a specific list of companies or all companies to which that user has permissions.
Self-managed applications do not have division scoping; self-published applications can access any company within the subscription and any company on which permissions have been given to an accountant by a linked business owner.
When an application is first used, the user is asked permission via the so-called “consent form” whether the application may be linked. Here the user sees a list of the requested scopes and can assign permissions to companies.
The user can independently select companies from those available.
When retrieving from and writing data to Exact Online all actions via both the Exact Online REST API and the XML API should be checked against the selected companies to which access is given. Besides some minor glitches, it is also difficult for an application-based link to bypass this security and retrieve information from unauthorized companies.
If permissions are missing, then an error message can occur such as:
Forbidden - User division is not within division scope
with an error code itgeneor228 or itgeneor060.
Adjusting linked companies
The Exact Online companies linked to an application can be updated afterwards via the Company menu in the top left blue bar:
- Choose “Import/Export.”
- Choose “App permissions” under group “Other”.
Next, choose the Exact Online app in question. For example, for Invantive Cloud, it looks like this:
The SQL driver for the Exact Online APIs requires all permissions, so it’s quite a lot. This makes the list of administration settings disappear below the “fold” of the screen. Scroll down to the end, here are the company settings:
The “Manage Companies” button allows you to control which companies the app can access.
In this list, all companies are on the left if the app had “All Companies.” This is a bit illogical, but it’s no different. Next, choose the companies you want to give the app permissions to:
Changes in the list of companies may take some time to become visible depending on the time used and cache settings. To avoid frequent calls to heavy Exact Online APIs to retrieve all companies, the list of companies is held for some time.
More tips to automatically have new companies that the Exact user has permissions to select are in Nieuwe Exact Online administratie niet zichtbaar in Invantive Cloud voor Power Query/BI - 2 van forums (Dutch).
The article just mentioned will also help you if the automatic addition of new companies had expired because the selected companies were manually modified once.
Tips
Division scoping has some tricky parts from the concept, not all of which are nicely built. These issues are especially apparent in accountancy subscriptions that have access to a number of subscriptions of entrepreneurs, but entrepreneurs can also experience these issues.
Therefore, please also read the following topics:
- Itgenoda474 "Can not determine partition information" bij ophalen gegevens vanuit Exact Online - 2 van forums (Dutch)
- Itgeneor321 De Exact Online divisie '123456' is niet opgenomen in de rechten die aan deze applicatie werden verleend - 2 van forums (Dutch)
In general, we recommend working with a self-registered Exact Online application. All Invantive products provide support for this. Instructions can be found at:
- Invantive Cloud with Bring Your Own App: Register Exact Online app for use with Invantive Cloud
- Invantive Query Tool, Data Hub, Control for Excel: Register Exact Online app for use with Invantive Control for Excel