Introduction: Segment
value security rules are setup on value sets to control access to parent or
detail segment values for chart of accounts segments. Segment value security rules restrict data entry, online
inquiry, and reporting. These are basically used for Non
Balancing segment values security. Since we can control the access for Balancing
segment values through Manage Data Access Sets.
Business case:
|
Data
Access Sets |
|||||
|
Ledger Name |
Balancing Segment |
|
User A |
User B |
|
|
US Primary Ledger |
101 |
Comp101 |
Y |
Y |
|
|
102 |
Comp102 |
Y |
N |
||
|
Security Rules |
|||||
|
Ledger Name |
Cost Center |
|
User A |
User B |
|
|
US Primary Ledger |
110 |
CEO |
Y |
N |
|
|
120 |
Division US |
Y |
N |
Process:
· Define roles for segment value security rules.
· Enable segment value security for the value set.
· Define the conditions.
· Define the policies.
· Deploy the accounting flexfield.
· Publish the account hierarchies.
· Assign segment value security roles to users.
Below picture illustrates steps for defining and implementing security rules for segment values.
Note: When you enable security on a value set, access to all values for
that value set is denied.
Working Example: This example demonstrates how to enable
security on a chart of accounts to control access to specific segment (Cost
Center) values.
While creating
journals by default, we are able to see all the values in cost center segment
LOV. For this scenario, we need to control the access to 110 and 120.
Step 1: Create a custom job role solely for the purpose of segment value security. This role is then assigned to the users who need access. For this scenario, we created a role: VIS_General Accountant.
Step
2:
Navigate to ‘Manage Segment Value Security Rules’ task
Use the Manage
Segment Value Security Rules task to enable security on the cost center value
set associated with the chart of accounts.
Step 3: Enable the Security and Enter the Data Security Resource Name.
Step 5: Create a condition for the value set. For example, the condition (CostCenter110120) for the cost center is that the value must be equal to 110 or must be equal to 120.
Step 6: Create a policy to associate the conditions to the roles. For example, create a policy (CorpCostCenter110120) to assign the condition CostCenter110120 to the role VIS_General Accountant Role.
Enter Role code
instead of Role Name. And select fscm as Application.
Step 7: Select Multiple Values as row set and assign condition to the policy.
Click Save and close.
Click Save and Submit.
Step
8:
Navigate to Manage Chart of Accounts
Structures.
Select the module and click Deploy Flexfield.
Optionally, Publish the account hierarchies.
Use the Security
Console to assign the appropriate role to the appropriate user. For example,
assign the role VIS_General Accountant role to the users who
should have access to the cost centers 110 and 120. Login
as that user and verify in the Create journal screen. Only cost centers 110 and 120 are visible as
below.
Since, enabling data security on the value set will deny
the access to all values for
that value set. Which means other users who do not have VIS_General Accountant
Role will not be able to access any values of Cost Center Segment.
We can define another
similar Policy to provide access to All values of the Value set and assign to a
custom role solely created to provide access to all the values of the value set.
Use the Security Console to assign this role to the appropriate users who
should have access to all the cost centers.
Note: It is not necessary to create a condition for this and we need to
select All Values as row set.
No comments:
Post a Comment