Segment Security Rules FAQ [ID 138143.1]

  • 贾三灌汤包

    2016-02-24 14:29:39
  • Oracle
  • 转载

In this Document
  Purpose
  Questions and Answers
     1. I have defined a security rule and assigned it to my responsibilty, but is still does not work, why?
     2. My security rules don't work for the Account Analysis and General Ledger reports in Release 11.0.3.
     3. In Rel 11i with the intercompany segment being used, is it possible to have a security rule on the balancing segment (company) without it affecting the intercompany segment, since they share the same value set?
     4. Is there a way to assign different security rules to a responsibility based on the User ID?
     5. Can security rules be used to control the posting of journal entries?
     6. Security rules don't seem to work on all forms when performing a query.
     7. Can Security Rules prevent users in one organization in the same set of books from adding Cross Validation Rules to another organization?
     8. Every Country has a Global Manager or User Responsibility to access Global SOB but it is supposed to limit users to their own Legal Entities. However, an Argentian journal can be posted by the Chilian user. How is this possible?
     9. Forgot to check the security enabled flag for each segment and it is not updateable. How do I correct this?
     10. In General Ledger, a security rule of a parent with children was set up to include the parent and assigned to a responsibility. However it is not functioning properly.
     11. Is it feasible to delete an Exclude statement in order to resolve a Security Rule issue?
     12. What standard reports have security enabled in Release 11i?
     13. Is it recommended to use a universal Include when setting up rules?
     14. What functions do security rules apply to?
     15. What is Hierarchical Security? 
  References



Applies to:

Oracle General Ledger - Version: 10.7 to 11.5 - Release: 10.7 to 11.5.10
Information in this document applies to any platform.
Form.:FNDFFSRN.FMB - Define Security Rule
Form.:FNDFFSRA.FMB - Assign Security Rules

Purpose

This document aims at answering certain basic questions about Security Rules. 

Questions and Answers

1. I have defined a security rule and assigned it to my responsibilty, but is still does not work, why?

Make sure that you have enabled security at both the segemnt and value set levels, it must be enabled at both these levels to work. Also make sure you have switched out and back into the 
responsibility. 

2. My security rules don't work for the Account Analysis and General Ledger reports in Release 11.0.3.

This functionality is available starting in Release 11i. In Releases 11 and lower, one cannot set security for standard reports. Security Rules will only limit users from a few functions (e.g. Account Inquiry, Budgets, Journal Entries, and FSGs). In addition,in Release 11i there is limited
use of the security rule functionality for running standard reports.

It appears that your goal is to restrict users from submitting reports for a particular company, this cannot be accomplished using security rules.

3. In Rel 11i with the intercompany segment being used, is it possible to have a security rule on the balancing segment (company) without it affecting the intercompany segment, since they share the same value set?

Yes it is possible. You would enable security on the value set, but then on the flexfield segment (intercompany) you would not enable security.

4. Is there a way to assign different security rules to a responsibility based on the User ID?

You cannot apply different security rules to the same responsibility for different users based on the user ID. You will have to create a new responsibility and define its own security rules. Then you can assign the new responsibility to one of the users. 

5. Can security rules be used to control the posting of journal entries?

Security rules apply only with regards to creation/modification of lines within a journal. They do not apply when the journal is posted. 

6. Security rules don't seem to work on all forms when performing a query.

Flexfield Value Security gives you the capability to restrict the set of values a user can use during data entry. With easy-to-define security rules and responsibility level control, you can quickly set up data entry security on your flexfield segments and report parameters.

Flexfield Value Security lets you determine who can use flexfield segment values and report parameter values. Based on your responsibility and access rules that you define, Flexfield Value Security limits what values you can enter in flexfield pop-up windows and report parameters. 

Security rules for the Accounting Flexfield also restrict query access to segment values in the Account Inquiry, Funds Available, and Summary Account Inquiry windows. In these windows, you cannot query up any combination that contains a secure value. However in all other forms,
you will be able to query up a value even if it is restricted to the user.

Reference : Oracle Applications Flexfield Guide Release 11, page 5-10.

7. Can Security Rules prevent users in one organization in the same set of books from adding Cross Validation Rules to another organization?

There is no way in the same set of books, to prevent users from one operating unit via security rules, from changing cross validation rules for another operating unit. The only way to do this would to be create a separate set of books for each operating unit. Since security rules prevent users from either viewing data or entering data in general, they do not pertain to set up issues such as creating cross validation rules. 
Therefore, the only other way to prevent one user from one organization from creating cross-validation rules to the other organization, when in the same set of books, would be to completely remove that menu function from the user.

8. Every Country has a Global Manager or User Responsibility to access Global SOB but it is supposed to limit users to their own Legal Entities. However, an Argentian journal can be posted by the Chilian user. How is this possible?

This is working as intended. Security rules will prohibit a responsibility from being able to ente certain values as well as prohibit the viewing of those values. However security rules will not prohibit the actions above because they are in the same set of books. The system does not determine if a journal has values in it that are blocked by security rules. If it did that, the journal would appear as unbalanced. 
There would have to be an incredible amount of logic involved, which would further reduce performance, for the posting program to scan the journal for security rules first before posting. Posting does not take into consideration the rules, this is done at the time of journal entry.

9. Forgot to check the security enabled flag for each segment and it is not updateable. How do I correct this?

Check your Accounting Flexfield structure to see if it is frozen. Unfreeze the structure, then you should be able to enable Security for the Segment.

10. In General Ledger, a security rule of a parent with children was set up to include the parent and assigned to a responsibility. However it is not functioning properly.

The system allows the account the customer wanted but doesn't disallow the ones that are children of the parent values excluded. Review note:175555.1 Key Flexfield Rollup Hierarchical Security not Working Properly.

11. Is it feasible to delete an Exclude statement in order to resolve a Security Rule issue?

The Security rule should not be modified by deleting an exclude or include as it may corrupt the rule. Instead, delete all rule lines (include and excludes), save and redefine the include and excludes. If the rule still doesn't work, create a new rule and assign it to the responsibilities in place of the original rule.

12. What standard reports have security enabled in Release 11i?

Trial Balance, Account Analysis and General Ledger are the only standard reports in Release 11i for which security rules apply.

13. Is it recommended to use a universal Include when setting up rules?

It is recommended to start each security rule with a universal Include statement and then eliminate each value using Exclude statements.

14. What functions do security rules apply to?

Security rules apply to Account Inquiry, budgets, FSG's and journal entry functions. In Release 11i, this also applies to several standard reports (listed previously). Please note, they do not apply to the posting of journals or the review of journals. When reviewing a journal with
security rules, the totals are still displayed, it is only the individual lines that are not visible. This is standard functionality.

15. What is Hierarchical Security?

When using 'Heirarchical Security'. 'a flex value is secured if one of it's parent value is secured'.
This feature combines Flex Value Security and Flex Value Hierarchy.

References

NOTE:175555.1 - Key Flexfield Rollup Hierarchical Security not Working Properly

请使用浏览器的分享功能分享到微信等