How You Segregate Import Journals Access from FBDI Import for Journals Access

You can restrict the combined use of the Import Journals process and the Load Interface File for Import process for file-based data import (FBDI) journals to certain users.

Users who aren't authorized to import journals using FBDI can be assigned privileges that allow them to submit journal import only for processes such as Create Accounting for subledger transactions and Oracle General Ledger journal creation through the Application Development Framework desktop integration (ADFdi) spreadsheet.

Separate privileges give you the flexibility to assign different users different levels of access to the Import Journals process to optimize security control and prevent interruptions in FBDI journal import procedures that are reserved for automated and mass volume imports.

Here are the privileges that allow access to journal import processes other than FBDI import for journals.

• Run Import Journals Program without FBDI Access (GL_RUN_IMPORT_JOURNALS_PROGRAM_WITHOUT_FBDI_ACCESS): Allows submission of the journal import program using the Oracle Fusion Enterprise Scheduler Services. However, this privilege does not include the ability to use the Import Journals process when submitting the Load Interface File for Import program to support creating journal records using File Based Data Import.
• Post Subledger Journal Entry to General Ledger No Journal Import Access for FBDI (XLA_POST_SUBLEDGER_JOURNAL_ENTRY_TO_GL_NO_JOURNAL_IMPORT_ACCESS_FOR_FBDI): Allows submission of the program to transfer to and post journal entries in General Ledger. However, this privilege does not include the ability to use the Import Journals process when submitting the Load Interface File for Import program to support creating journal records using File Based Data Import.

These privileges aren't assigned to any predefined role. You must assign them to a custom role to use them as substitutes for the Run Import Journals Program (GL_RUN_IMPORT_JOURNALS_PROGRAM_PRIV) and Post Subledger Journal Entry to General Ledger (XLA_POST_SUBLEDGER_JOURNAL_ENTRY_TO_GENERAL_LEDGER_PRIV) privileges, which allow access to FBDI import for journals.

If you're creating a role based on the predefined General Accountant job role, here's a summary of the steps you would follow to prevent a user from using FBDI journal import, while still allowing that user to submit journal import through other processes.

1. Use the Security Console to make a deep copy of the predefined General Accountant job role by copying its top role and inherited roles. The inherited roles include the Journal Management and Subledger Accounting Manager duty roles.
2. After the role has been copied, search for the Journal Management custom duty rule that was generated. Perform the following actions in the Function Security Policies step:
   1. Add the Run Import Journals Program without FBDI Access privilege.
   2. Delete the Run Import Journals Program privilege.
3. Search for the Subledger Accounting Manager custom duty role that was generated. Perform the following actions in the Function Security Policies step:
   1. Add the Post Subledger Journal Entry to General Ledger No Journal Import Access for FBDI privilege.
   2. Delete the Post Subledger Journal Entry to General Ledger privilege.

If you're creating your own custom role or starting with an existing custom role, perform these steps in the Security Console to prevent a user from using FBDI journal import, while still allowing that user to submit journal import through other processes.

1. Add the Run Import Journals Program without FBDI Access and Post Subledger Journal Entry to General Ledger No Journal Import Access for FBDI privileges.
2. Delete the Run Import Journals Program and Post Subledger Journal Entry to General Ledger privileges wherever they exist in the role hierarchy.

Note: Users who already submit the Load Interface File for Import for other import processes such as Import Bank Statements from a Spreadsheet and Import AutoInvoice won't be impacted by the removal of the Run Import Journals Program and Post Subledger Journal Entry to General Ledger privileges.

If a user who's only assigned the Run Import Journals Program without FBDI Access or the Post Subledger Journal Entry to General Ledger No Journal Import Access for FBDI privilege submits the Load Interface File for Import process for the Import Journals process, the job will end in error. The log file will display an insufficient permissions message.