Scribd
Upload
128 views8 pages

Case Study: The Requirement Is To Restrict The User To Use Only A List of Expense Accounts Which He Can

This document outlines steps to restrict users to only a list of expense accounts when assigning assets: 1. Create two roles - one with full access and one with restricted access to only certain account values 2. Set up segment security by enabling it on the natural account value set, defining conditions to restrict access to only three account values, and creating policies attaching the roles 3. Deploy the flexfield changes and run the user synchronization process to apply the new security setup. Users with the restricted role can now only select the three allowed account values when adding assets.

Uploaded by

Matthew Pitkin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
128 views8 pages

Case Study: The Requirement Is To Restrict The User To Use Only A List of Expense Accounts Which He Can

This document outlines steps to restrict users to only a list of expense accounts when assigning assets: 1. Create two roles - one with full access and one with restricted access to only certain account values 2. Set up segment security by enabling it on the natural account value set, defining conditions to restrict access to only three account values, and creating policies attaching the roles 3. Deploy the flexfield changes and run the user synchronization process to apply the new security setup. Users with the restricted role can now only select the three allowed account values when adding assets.

Uploaded by

Matthew Pitkin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 8

Case Study: The requirement is to restrict the user to use only a list of expense accounts which he can

assign the assets to. This can be achieved by doing a segment security setup where restricted access is
given to the user to use only to a set of values from the value set used for the natural account segment.

A. Need to set two roles via Oracle Identity Manager

FULL_ACCOUNT_ACCESS
Since security removes access to all values the moment it is enabled. This role is needed to give
access to users who have to access all values.

It is assigned to a user fin_user1


REST_ACCOUNT_ACCESS
This role will have restricted access to the account values, and it is assigned to the users who
need to see only the set number of values.
Add user as members for example ASSET_ACCTG_MGR_VF_US_FOODS.

B. Steps to set up Segment security


1. Navigate to the Setup and Maintenance page. In the All Tasks tab, search for
Manage Segment Value Security Rules. Click the Go to Task. Enter the Value Set
Code field . Click search.

2. With the valueset for the natural account highlighted, click Edit. Enable the Security
enabled check box.
3. Enter the Data Security Resource Name.
Click Edit Data Security to begin defining the security condition and policy

With the Condition tab selected, click Create to begin creating the condition for Restricted
Access. Here the condition gives access to three values.

Set ‘Match’ based on what the condition is going to be. For example if it is three values and
user should be able to use any one. Then pick ‘ANY’. Else ‘ALL’ is picked for the user who has
access to all values.

While defining each condition, you can select to specify whether it uses tree operators or
regular operators
For non-tree operators select from:
Equal to
Not Equal to
Between
Not Between

Here an ‘Equal to’ to give access to three values in the condition.


Click Save.

4. On the Policy tab, click Create in the General Information tab.

In the role tab attach the REST_ACCESS_ROLE that was set in the step A of this
document.

And in the Rule tab associate the relevant condition to the policy.

The Row Set field determines the range of value set values affected by the policy.

Pick multiple values since it has a list of three values it gives access to and attach the
condition set for this policy.

Set one more policy to assign full access to the all values.
Attach the FULL_ACCOUNT_ACCESS role that was created in step A of this document.

All Values is selected, so that the policy grants access to all values in the value set and no
condition is needed.
5. Click Save and Close
6. Click Submit

C. Deploy the flexfield by clicking the Deploy Flexfield button on the Manage Chart of Accounts
structures page.

The green tick sign means flexfields are deployed properly.

D. Run User and Roles Synchronization process in Setup and Maintenance > Manage Tasks
The program should complete without error.
To Check is all is working fine, log in as user ASSET_ACCTG_MGR_VF_US_FOODS and add an
asset. While selecting the expense account the user only has option to pick three values we
attached in the conditions. That is 56010, 56012 and 56011.

The same behavior is confirmed by adding the asset via a spreadsheet. Only the said three
values are visible.

Log in as Fin_user1 who has full access to all values.


For more details refer the following section of the help

https://docs.oracle.com/cloud/farel8/financialscs_gs/FACSF/F1004387AN145CC.htm#F905740AN14AE0

You might also like