General Ledger FAQ for Segment Security Rules


I have defined a security rule and assigned it to my responsibility. Why does it still not work?

Make sure that you have enabled security at both the segment and value set levels, it must be enabled at both these levels to work.
Also make sure you have switched out and back into the responsibility.

My security rules don't work for the Account Analysis and General Ledger reports in Release 11.0.3.

This functionality is available starting in Release 11i. In Releases 11 and lower, one cannot set security for standard reports. Security Rules will only limit users from a few functions (e.g. Account Inquiry, Budgets, Journal Entries, and FSGs). In addition,in Release 11i there is limited use of the security rule functionality for running standard reports.
If your goal is to restrict users from submitting reports for a particular company, then this cannot be accomplished using security rules.

When using the intercompany segment, can I have a security rule on the balancing segment (company) without affecting the intercompany segment, since they share the same value set?

Yes it is possible. You would enable security on the value set, but then on the flexfield segment (intercompany) you would not enable security.

How can I assign different security rules to a responsibility based on the User ID?

You cannot apply different security rules to the same responsibility for different users based on the user ID. You will have to create a new responsibility and define its own security rules. Then you can assign the new responsibility to one of the users.

Can I use security rules to control the posting of journal entries?

Security rules apply only with regards to creation/modification of lines within a journal. They do not apply when the journal is posted.

When I perform a query, Security rules don't seem to work on all forms, why?

Flexfield Value Security gives you the capability to restrict the set of values a user can use during data entry. With easy-to-define security rules and responsibility level control, you can quickly set up data entry security on your flexfield segments and report parameters.

Flexfield Value Security lets you determine who can use flexfield segment values and report parameter values. Based on your responsibility and access rules that you define, Flexfield Value Security limits what values you can enter in flexfield pop-up windows and report parameters.

Security rules for the Accounting Flexfield also restrict query access to segment values in the Account Inquiry, Funds Available, and Summary Account Inquiry windows. In these windows, you cannot query up any combination that contains a secure value.

However in all other forms, you will be able to query up a value even if it is restricted to the user.

Can I use Security Rules to prevent users in one organization (in the same set of books) from adding Cross Validation Rules to another organization?

There is no way in the same set of books, to prevent users from one operating unit via security rules, from changing cross validation rules for another operating unit. The only way to do this would to be create a separate set of books for each operating unit. Since security rules prevent users from either viewing data or entering data in general, they do not pertain to set up issues such as creating cross validation rules. Therefore, the only other way to prevent one user from one organization from creating cross-validation rules to the other organization, when in the same set of books, would be to completely remove that menu function from the user.

Every Country has a Global Manager or User Responsibility to access Global SOB but it is supposed to limit users to their own Legal Entities. However, a journal from one country can be posted by a user of another country. How is this possible?

This is working as intended. Security rules will prohibit a responsibility from being able to enter or review certain values. However security rules will not prohibit the actions above because they are in the same set of books. The system does not determine if a journal has values in it that are blocked by security rules. If it did that, the journal would appear as unbalanced. There would have to be an incredible amount of logic involved, which would further reduce performance, for the posting program to scan the journal for security rules first before posting. Posting does not take into consideration the rules, this is done at the time of journal entry.

I forgot to check the security enabled flag for each segment and now it is not updateable. How do I correct this?

Check your Accounting Flexfield structure to see if it is frozen. Unfreeze the structure, then you should be able to enable Security for the Segment.

Can I delete an Exclude statement in order to resolve a Security Rule issue?

The Security rule should not be modified by deleting an exclude or include as it may corrupt the rule. Instead, delete all rule lines (include and excludes), save and redefine the include and excludes. If the rule still doesn't work, create a new rule and assign it to the responsibilities in place of the original rule.

What standard reports have security enabled in Release 11i?

Trial Balance, Account Analysis and General Ledger are the only standard reports in Release 11i for which security rules apply.

Must I use a universal Include when setting up rules?

It is recommended by development to start each security rule with a universal Include statement and then eliminate each value using Exclude statements.

What functions do security rules apply to?

Security rules apply to Account Inquiry, budgets, FSG's and journal entry functions.
Since Release 11i this also applies to several standard reports.
Please note, they do not apply to the posting of journals or the review of journals. When reviewing a journal with security rules, the totals are still displayed, it is only the individual lines with secured accounts that are not visible. This is standard functionality.






Post a Comment