Subledger Security Setup

Overview

Subledger Security is an extension of Oracle Applications enabling organizations to selectively partition data in a single install of Oracle Applications.

Subledger Security is primarily a technical implementation of a business security policy. Subledger Security is implemented by a systems administrator.

Note: Read the Subledger Security topical essay before completing any procedures.

Before using Subledger Security, you should consider:

• Determine Overall Security Policy

  A business analyst must determine the organization’s requirements and translate the business requirements into subledger security architecture.

• Physical Definition of Security Policy

  Systems administration must define the Subledger Security architecture using Subledger Security features.

• Application of Security Policy

  Systems administration must make Subledger Security architecture available to users of Oracle Financials modules.

• Maintenance of Security Policy

  Continuous maintenance of the Subledger Security system is required. The security policy may be altered according to the organizational changes.

Related Topics

Subledger Security Process, Oracle Public Sector Financials (International) User Guide

Security Group Consolidation Example, Oracle Public Sector Financials (International) User Guide

Prerequisites

Before setting up Subledger Security, you must enable subledger security.

Related Topics

Enabling Oracle Public Sector Financials (International) Features Procedure

Responsibilities Window, Oracle Applications System Administrator's Guide - Security

Subledger Security Setup Steps

This table lists setup steps for Subledger Security.

Step Number	Step Description	Required or Optional
1	Set Up Application Level Profile Options. See Profile Options and Setting Application Level Profile Options	Required
2	Set Up Site Level Profile Options. See Profile Options.	Required
3	Define Security Groups. See Defining Security Groups and Maintaining Security Groups	Required
4	Define Responsibilities. See Responsibilities Window, Oracle Applications System Administrator's Guide	Required
5	Set Up Responsibility Level Profile Options. SeeSet Profile Options.	Required
6	Define Users	Optional
7	Define Secure Tables. See Defining Secure Tables and Maintaining Secure Tables	Required
8	Define Process Groups. See Defining a Process Group and Maintaining Process Groups	Optional
9	Allocate Secure Tables and Process Groups. See Table Allocation to Security Groups, Table Allocation to Process Groups, and Process Group Allocation to Security Groups	Required
10	Copy Allocations from Security Groups	Optional
11	View Tables	Optional
12	Apply Security	Required
13	Consolidate Security Groups	Optional
14	Secure Existing Data	Optional

Setting Application Level Profile Options

To set the application level profile options:

1. Navigate to the System Profile Values window.

2. Select Application.

3. In the Application field, select the Oracle application that requires Subledger Security to be applied.

4. In the Profile field, select Initialization SQL Statement - Custom.

5. Click Find.

6. In the Application field, type the following command line:

   begin igi_sls_context_pkg.set_sls_context; end;

   For information on storing runtime database variables in memory, see Application Context, Oracle Public Sector Financials (International) User Guide.

Maintaining Security Groups

Defining Security Groups

To define a security group:

1. Navigate to the Maintain Groups window.

2. Enter the name of a security group, for example, the cost center name.

3. In the Type field, select Security.

4. Run the Apply Security concurrent program.

Disabling Security Groups

To disable a security group:

1. Navigate to the Maintain Groups window.

2. To query, enter the security group name in the Name field.

3. Deselect the Enable check box.

4. Run the Apply Security concurrent program.

   Note: The Apply Security concurrent program disables security on all database tables belonging to this security group only.

Re-enabling Security Groups

To re-enable a security group:

1. Enter query mode.

2. To query, enter the security group name in the Name field.

3. Select the Enable check box.

4. Run the Apply Security concurrent program.

   Note: The Apply Security concurrent program re-enables security on all database tables belonging to this security group only.

Deleting Security Groups

To delete a security group:

1. Navigate to the Maintain Groups window.

2. To query, enter the security group name in the Name field.

3. Select the Delete check box.

4. Run the Apply Security concurrent program.

   Warning: This step is irreversible. The Apply Security concurrent program removes all security information associated with this security group from all database tables belonging to this security group

Viewing Security Group History

To view security group history:

1. Navigate to the Maintain Groups window.

2. In the Name field, enter the name of the security group, for example, the cost center name.

3. Click History.

Related Topics

Applying Security Procedure

Defining Users

Defining users is optional as users may already be defined within the organization.

Note: The previously defined Subledger Security responsibilities must be assigned to application users.

Related Topics

Users Window, Oracle Applications System Administrator's Guide - Security

Application Users, Oracle Public Sector Financials (International) User Guide

Maintaining Secure Tables

Using subledger security, you can define, re-enable, and delete secure tables.

Defining Secure Tables

To define a secure table:

1. Navigate to the Maintain Tables window.

2. Select the owner.

3. In the Secure Table field, select the database table name.

4. Optionally, enter a description.

   Note: This process provides the Subledger Security extended table name in the SLS Table field for the required secure database table and makes the database table available for allocation to a security group.

5. Run the Apply Security concurrent program.

Disabling Security on Tables

To disable security on tables:

1. Navigate to the Maintain Tables window.

2. Select the table owner.

3. Deselect the Enable check box.

4. Run the Apply Security concurrent program.

   Warning: Running the Apply Security concurrent program disables security on the table across the subledger security system.

Re-enabling Security on Tables

To re-enable security on tables:

1. Navigate to the Maintain Tables window.

2. Enter query mode.

3. Select the table owner to be disabled in the Owner field.

4. Select the Enable check box.

Related Topics

Applying Security Procedure

Maintaining Process Groups

Using subledger security, you can define, disable, re-enable, delete, and view the process groups history.

Defining a Process Group

To define a process group:

1. Navigate to the Maintain Groups window.

2. In the Name field, enter the process group name, for example, Requisitions.

3. Optionally, enter a description.

4. In the Type field, select Process.

5. Select the Enable check box to disable the group from security restrictions.

6. Save your work.

7. Close the window.

8. Run the Apply Security concurrent program.

Disabling Process Groups

To disable a process group:

1. Navigate to the Maintain Groups window.

2. Enter query mode.

3. In the Name field, enter the process group name.

4. Run the query.

5. Deselect the Enable check box.

6. Save your work.

7. Close the window.

8. Run the Apply Security concurrent program.

   Note: The Apply Security concurrent program disables security on all database tables belonging to this process group only.

Re-enabling Process Groups

To re-enable a process group:

1. Navigate to the Maintain Groups window.

2. Query the process group name.

3. Select the Enable check box.

4. Save your work.

5. Close the window.

6. Run the Apply Security concurrent program.

   Note: The Apply Security concurrent program re-enables security on all database tables that belong only to this process group.

Deleting Process Groups

To delete a process group:

1. Navigate to the Maintain Groups window.

2. Enter query mode.

3. In the Name field, enter the process group name.

4. Run the query.

5. Select the Delete check box.

6. Save your work.

7. Close the window.

8. Run the Apply Security concurrent program.

   Warning: This step is irreversible. The Apply Security concurrent program removes all security information associated with the allocated secured database tables from the security group or groups to which the process group belongs. The Apply Security concurrent program can only remove security information if the secured database table does not already belong to the security group, either directly or through another process group.

Viewing Process Group History

To view process group history:

1. Navigate to the Maintain Groups window.

2. In the Name field, enter the process group name.

3. Click History.

   The window shows when the process group was enabled or disabled and shows the date that security was applied.

Related Topics

Applying Security Procedure

Maintaining Allocations

In Subledger Security, you can allocate tables to security groups or process groups, and allocate process groups to security groups as described in these sections:

Table Allocation to Security Groups

Allocating Tables to Security Groups

To allocate tables to security groups:

1. Navigate to the Maintain Allocations window.

2. In Group Name, select the security group name.

3. To display the allocated tables, click Find Allocations.

   Tables allocated to the security group are displayed in the Allocations region.

   Note: Performing this function enables the system administrator to view process groups allocated to the security group.

4. In the Allocations region, select the table name in the Name field to add a table to the security group.

5. Ensure Type is set to Table.

6. Save your work.

7. Close the window.

8. Run the Apply Security concurrent program.

Disabling Tables from Security Groups

To disable tables from security groups:

1. Navigate to the Maintain Allocations window.

2. In the Group Name field, select the security group name.

3. To display allocated tables, click Find Allocations.

   Note: Performing this function enables the systems administrator to view process groups allocated to the security group.

4. Deselect the Enable check box.

5. Save your work.

6. Close the window.

7. Run the Apply Security concurrent program.

Re-enabling Tables to Security Groups

To re-enable a table to a security group:

1. Navigate to the Maintain Allocations window.

2. In the Group Name field, select the security group name.

3. Click Find Allocations.

   Note: Performing this function enables the systems administrator to view process groups allocated to the security group.

4. Select the Enable check box.

5. Save your work.

6. Close the window.

7. Run the Apply Security concurrent program.

Deleting Tables from Security Groups

To delete tables from security groups:

1. Navigate to the Maintain Allocations window.

2. In the Group Name field, select the security group name.

3. To display allocated tables, click Find Allocations.

   Note: Performing this function enables the systems administrator to view process groups allocated to the security group.

4. Select the Delete check box.

5. Save your work.

6. Close the window.

7. Run the Apply Security concurrent program.

   Warning: This step is irreversible. Running the Apply Security concurrent program removes information relating to the table for this security group.

Related Topics

Applying Security Procedure

Table Allocation to Process Groups

In Subledger Security, you can allocate tables to or delete tables from the process groups as described in these sections:

Allocating Tables to Process Groups

To allocate tables to process groups:

1. Navigate to the Maintain Allocations window.

2. In the Group Name field, select the process group name.

3. Click Find Allocations.

4. Select the table name in the Name field to add tables to the process group.

5. Save your work.

6. Close the window.

7. Run the Apply Security concurrent program.

Deleting Tables from Process Groups

To delete tables from a process group:

1. Navigate to the Maintain Allocations window.

2. In the Group Name field, select the process group name.

3. Click Find Allocations.

4. Select the Delete check box.

5. Save your work.

6. Run the Apply Security concurrent program.

   Note: Tables can be deselected before running the Apply Security concurrent program to prevent deletion.

   Warning: This step is irreversible. The Apply Security concurrent program removes all security information, associated with the allocated secured database tables, from the security group or groups to which the process group belongs. This applies if the secured database table does not already belong to the security group, either directly or through another process group.

Related Topics

Applying Security Procedure

Process Group Allocation to Security Groups

In Subledger Security, you can allocate process groups to security groups, disable, re-enable, and delete process groups, as described in these sections:

Allocating Process Groups to Security Groups

To allocate process groups to security groups:

1. Navigate to the Maintain Allocations window.

2. In the Group Name field, select the security group name.

3. Click Find Allocations.

   Note: Performing this function enables system administrators to view tables allocated to the security group.

4. To add process groups, select Process in the Type field.

5. In the Name field, enter the name of the process group.

6. Save your work.

7. Close the window.

8. Run the Apply Security concurrent program.

Disabling Process Groups from Security Groups

To disable a process group from a security group:

1. Navigate to the Maintain Allocations window.

2. In the Group Name field, select the security group name.

3. Click Find Allocations.

   Note: Performing this function enables the systems administrator to view tables allocated to the security group.

4. Deselect the Enable check box.

5. Save your work.

6. Close the window.

7. Run the Apply Security concurrent program.

Re-enabling Process Groups to Security Groups

To re-enable a process group to a security group:

1. Navigate to the Maintain Allocations window.

2. In the Group Name field, select the security group name.

3. Click Find Allocations.

   Note: Performing this function enables the systems administrator to view tables allocated to the security group.

4. Select the Enable check box.

5. Save your work.

6. Close the window.

7. Run the Apply Security concurrent program.

Deleting Process Groups from Security Groups

To delete a process group from a security group:

1. Navigate to the Maintain Allocations window.

2. In the Group Name field, select the security group name.

3. Click Find Allocations.

   Note: Performing this function enables the systems administrator to view tables allocated to the security group.

4. Select the Delete check box.

   Note: Deleting a process group deletes the tables associated with the process group from the security group. The record is permanently deleted when the Apply Security concurrent program is run.

5. Save your work.

6. Close the window.

7. Run the Apply Security concurrent program.

Related Topics

Applying Security Procedure

Maintain Allocations Window

Maintain Allocations Window Description

Field Name	Description
Name	security group name
Type	group type; valid values: Process Group or Security Group
Description	user-defined name description
Find Allocations	displays tables allocated to security group
Copy From	displays list of security groups; select security group to copy from
All Tables	displays All Tables window
Distinct Tables	displays Distinct Tables window
Type	allocation type; valid values are: Table or Process; Table selected by default
Name	table name
Description	user-defined name description
Enable	if selected, enabled; if deselected, disabled
Delete	if selected, indicates record marked for deletion
Security Applied	system generated showing if security is applied; selected by default; if selected, security applied
History	displays History window; displays date enabled, date disabled, and date security applied

Copying Allocations from Security Groups

Allocations can be copied to a new security group or an existing group with no allocations.

To copy allocations from an existing security group:

1. Navigate to the Maintain Allocations window.

2. In the Name field, select a security group name.

3. Click Copy From.

4. Select a security group name.

5. Click OK.

Note: All copied allocations are enabled by default.

Viewing Tables

In Subledger Security, you can view all allocated tables or distinct allocated tables. You can view tables allocated to more than one process group. Viewing distinct tables displays tables once though the table is allocated to more than one process group. A table should not be allocated to more than one process group to facilitate maintenance

To view tables:

1. Navigate to the Maintain Allocations window.

2. In the Name field, select a security group name.

3. To view all tables, click All Tables.

4. To view all distinct tables, click Distinct Tables.

All Tables Window

All Tables Window Description

Field Name	Description
Table Name	table name
Process Group	process group name
Enabled	if selected, enabled; if deselected, disabled
Deleted	if selected, deleted; if deselected, not deleted
Close	closes All Tables window

Distinct Tables Window

Distinct Tables Window Description

Field Name	Description
Table Name	table name
Secured	if selected, tables secured; if deselected, tables unsecured
Close	closes Distinct Tables window

Applying Security

To apply security:

Use the Standard Request Submission process to run the apply security program.

1. Navigate to the Submit Request window.

2. Place the cursor in the Name field.

   The Subledger Security - Apply Security concurrent program name is automatically displayed.

3. In the Mode field, select Create or Refresh.

   • To recompile triggers or policy functions that are invalid or disabled, select Refresh.

   • To change subledger security architecture, select Create.

   Note: Refresh is used only to recompile invalid triggers or policy functions. Create is used at all other times.

4. To apply the parameters, click OK.

5. To run the Apply Security concurrent program, click Submit.

Related Topics

Using Standard Request Submission, Oracle Applications User Guide

Consolidating Security Groups

Subledger Security enables you to map changes to the organization by consolidating security groups.

To consolidate security groups:

1. Navigate to the Security Group Consolidations window.

2. Select the name in the Destination Security Group Name field.

   The destination security group is where the source security groups are consolidated.

3. Click Find.

4. Select the Source Security Group(s) Name to be consolidated into the destination security group.

5. Save your work.

6. Run the Apply Security concurrent program.

   Warning: This step is irreversible after the Apply Security concurrent program has run successfully.

Related Topics

Applying Security Procedure.

Security Group Consolidations Window

Security Group Consolidations Window Description

Field Name	Description
Name	destination security group name
Description	destination security group description
Find	displays source security groups in Source Security Group(s) region
Name	source security group name
Description	source security group description
Date Security Applied	date security applied
Security Applied	indicates if security applied; if selected, security applied; if deselected, security not applied

Subledger Security - Securing Existing Data Process

Use the Standard Request Submission process to secure existing data.

To secure existing data:

1. Navigate to the Submit Request window.

   The Submit a New Request window appears.

2. Place the cursor in the Name field.

3. Select the Subledger Security - Secure Existing Data concurrent program.

4. In the SLS Group Name field, select the security group to secure the existing data.

5. To apply the parameters, click OK.

6. To run the Apply Security concurrent program, click Submit.

Related Topics

Using Standard Request Submission, Oracle Applications User Guide