Describing General ChartField Security Functionality
This section provides an overview of general ChartField Security functionality, lists prerequisites, and discusses the following basic functionality:
Secure access to transaction pages.
Secure access to accounting data.
Secure ChartField prompt edit values.
Secure defaulted ChartField values.
Secure distribution code prompt values.
Note: This section describes ChartField Security basic functionality and general behavior of the component pages that support ChartField Security. This behavior is common across all the products that support ChartField Security. However, this behavior may deviate for some of the products. Any specific behavior that deviates from the general behavior that is described in this section is documented within the individual product sections. For product-specific information, see the associated product sections in this topic.
ChartField Security is designed so that transactions with one or more lines containing secured ChartField values are not accessible.
ChartField Security restricts access to component pages that display a single transaction, such as a voucher, journal, or purchase order. You are allowed access to the pages only if the authorization to view the accounting data of the transaction is defined in the security setup.
You can secure access for:
Component search lists.
Page drill links.
Component action option.
Securing Access for the Component Search List
ChartField Security is enforced when you select the transaction from the component search list. You are only allowed access to the component pages if you are authorized to view the ChartField values of the transaction. When you open a component, the system displays a search page that contains a search list. The search list contains a list of items (transactions) that you can select to open the component pages. ChartField Security does not filter the component search list; therefore, you are able to view the entire component search list based on the search criteria, as shown in the following example:
Secure access from component search page example
When you select a transaction from the component search list, ChartField Security determines if you are authorized to open the component pages. If you are not authorized, then the system displays the following message and denies access:
ChartField Security access error message
Securing Access for Page Drill Links
Some component pages provide links and buttons that allow you to drill to a page that displays the transaction data. ChartField Security secures access to transaction pages from the drill links. The following provides an example of security from drill links:
Secure access from drill links example
Security is enforced when you select the link to drill to the transaction detail.
Some product pages allow you to directly enter a ChartField value as an alternative to using a prompt list of values. This method bypasses the secured view, which controls the authorized list of values you may access.
Securing Access for the Component Security Action Option
ChartField Security supports an option to determine access behavior when the user is only authorized to view or modify some of the accounting rows for a single transaction. Possible option values are:
Deny Access: Restrict access to the transaction pages if the user is not authorized to at least one ChartField value in the transaction. Access is only granted if the user has access to all the ChartField values in the transaction.
Grant Access: Restrict access to the transaction pages if the user is not authorized to view or modify all the ChartField values in the transaction. Access is granted if the user has access to at least one ChartField value in the transaction.
An example of security behavior for action options is presented below with the following scenario:
Secured ChartFields are Department and Operating Unit.
Authorized Department values are: 11000, 12000, 13000, 14000 and 15000.
Authorized Operating Unit Value is CALIF.
The following table presents scenarios given the aforementioned security and shows access behavior under each of the two action options:
|
Scenario |
Deny Access Option |
Grant Access Option |
|---|---|---|
|
Transaction distribution:
|
Access is denied. |
Access is granted because the user is authorized for at least one of the ChartField values. |
|
Transaction distribution:
|
Access is denied. |
Access is granted because the user is authorized for at least one of the ChartField values. |
ChartField Security recognizes blank values as authorized values. In the example pictured, the user is authorized to access the transaction pages for both options:
This example illustrates the fields and controls on the Example of blank values as authorized values. You can find definitions for the fields and controls later on this page.
ChartField Security uses a different method to secure access to accounting information that is sourced from multiple transactions. Instead of securing access to the page, ChartField Security only displays the data that the user is allowed to access. This data typically includes inquiry components that display posted accounting data, such as GL Ledger Inquiry.
The following examples show the inquiry results. The first shows when ChartField Security is not enabled, and the second shows when it is enabled.
When ChartField Security is not enabled, all the ledger rows appear for the ledger criteria:
This example illustrates the fields and controls on the Not enabled ChartField Security. You can find definitions for the fields and controls later on this page.
When ChartField Security is enabled, only the rows that the user is authorized to view appear. In this example, the user is only authorized to view department 14000:
This example illustrates the fields and controls on the Enabled ChartField Security. You can find definitions for the fields and controls later on this page.
Note: Because ChartField Security restricts information in these components, you need to determine if security is required for certain users. For example, users who need access to all the information in order to perform their daily tasks will not require security. ChartField Security setup supports disabling security at the component level and overriding security for specific users.
Note: The component security action option is not supported for these components.
Chartfield Security restricts users to only select or directly enter authorized Chartfield values. This applies to transaction entry components and components that allow users to update the transaction ChartFields. This does not apply to the inquiry components unless the prompt field value is used to update transaction data.
The following presents an example of a prompt list that includes only the authorized values:
Journal Entry - Lines page: example of selecting prompt with only authorized values
When selecting the Dept prompt, the user can access only the authorized values:
Example of authorized prompt list
If a user tries to directly enter an unauthorized value in the secured field, they receive the following error:
ChartField security prompt error message
Several products support features that provide default ChartField values from a predefined setup. For example, SpeedTypes and SpeedCharts are used in some financial online transaction pages to provide default ChartField values.
Note: Generally, default values are secured unless documented in the product-specific sections. However, ChartField values that are provided by default from SpeedTypes and SpeedCharts are not secured since you can set them up by user ID or permission list.
ChartField Security supports securing the distribution code prompt values for the products that use distribution codes to provide default ChartField values. Similar to the ChartField prompt values, ChartField Security only displays the authorized values in the prompt list. ChartField Security does not look at distribution codes to authorize access to transaction pages. Only the distribution code prompt values are secured.
In the following example, the prompt list includes only the authorized distribution codes:
This example illustrates the fields and controls on the Example of Look Up Code prompt showing authorized codes. You can find definitions for the fields and controls later on this page.
Note: Security for distribution code can be enabled and disabled at the component level in the Component Registry page.
See Component Registry - Secured Components Page.
See Securing ChartFields for PeopleSoft Receivables.