Power User Security in Account Reconciliation

Under Access Control, you can use Power User Security to see all the users who have Power User Security and also users assigned the Profiles and Reconciliations - Manage and Access Control - Manage granular roles.

Service Administrators can create security filters using the following:

  • profile segments
  • organizational units
  • combination of profile segments and organizational units

This enables organizations to manage access for power users in a way that reflects real-world requirements such as regions, countries, or business units. For example, you can provide a power user with access to the North America organizational unit and only accounts that are within a specific range.

Power Users and users who have been assigned the Profiles and Reconciliations - Manage and Access Control - Manage granular roles can only see reconciliations included in their security filter. These users can act on profiles or reconciliations within their security scope. However, if the user is also assigned as a Preparer or Reviewer, the user can also act as a workflow user, but only for those reconciliations to which the user is directly assigned.

The panel on the left of the Power User Security tab displays the list of Power Users and users who are assigned the Profiles and Reconciliations - Manage and Access Control - Manage granular roles. Click a user name to display the power user security filters for that user. The right side displays the Filter Definition for the selected Power User. Click Create Condition to create a condition that defines the security filter for the selected power user. In Attribute, you can select Organizational Unit or the required profile segment. You can define complex conditions that are based on the values of organization unit and the profile segment.

Note:

If a user has been granted the Profiles and Reconciliations - Manage granular role, then that user's ID will appear in the Power User Security list but they must be given a security filter in order to access the Profiles List or Reconciliations List so they only see the appropriate profiles and reconciliations.

Oracle highly recommends that if you assign a user the Profiles and Reconciliations - Manage role, you make sure that the security scope is set appropriately for that user.