Examples of Generic User Rule Assignments for Segment Value Security
To make policies more shareable, you can define generic rule assignments, that is, you define a rule assignment without one or more specific values for the following attributes:
- User Name
- Business Function
- Security Context and Security Context Value
You can select different variations of settings for these attributes to achieve the desired effect of granting access to a user for the secured account values.
Rule Assignments Without a Specified User Name
In this example, you assign three users the same segment value security role.
This is because there are cases where all three users will need access to the same secured account values under the same qualified circumstances of business function, data security context, and access level, which are the attributes of a rule assignment.
The users are CCLARK, LLOPEZ, and PPATEL. They use Oracle General Ledger and are all assigned the same Vision Corporation data access set. The Natural Account segment of the chart of accounts is secured and you define a policy that allows read and write access to all accounts that start with 1. You assign the policy to the shared segment value security role.
This table shows the relevant attribute values on the Rules worksheet.
| Attribute | Value |
|---|---|
| Policy Name | Accounts Start with 1 |
| Policy Description | Natural account segment values start with 1 |
| Role Name | Shared Segment Value Security |
| Operator | Starts with |
| From Value | 1 |
This table shows the relevant attribute values on the Rule Assignments worksheet.
| Attribute | Value |
|---|---|
| User Name | All users assigned to the role of the policy |
| Policy Name | Accounts Start with 1 |
| Role Name | Shared Segment Value Security |
| Business Function | General Ledger |
| Security Context | Data access set |
| Security Context Value | Vision Corporation |
| Access Level | Read and write |
| Start Date | 1-Jan-2024 |
The User Name for this rule assignment is All users assigned to the role of the policy. This indicates that the rule assignment will apply to users CCLARK, LLOPEZ, and PPATEL for the General Ledger business function when using the Vision Corporation data access set on a read and write basis because they’re all assigned the segment value security role Shared Segment Value Security.
Rather than having to define three separate rule assignments for each user, you can structure the rule assignment this way to allow it to be shared and the policy effectively applied to all three users. This streamlines the maintenance of the rule and rule assignment.
Rule Assignments Without a Specified Business Function
It's possible to assign a rule to a user or group of users in a broad manner, where the grant to the secured value is applicable to all business functions that the user or group of users works with.
In this first example, the rule assignment is a broad one, where the user CCLARK can use the Cost Center 100 policy for whatever business function that CCLARK is working with, and for any security context and security context value on a read and write basis.
This table shows the relevant attribute values on the Rule Assignments worksheet.
| Attribute | Value |
|---|---|
| User Name | CCLARK |
| Policy Name | Cost Center 100 |
| Role Name | CCLARK Cost Center 100 |
| Business Function | All business functions |
| Security Context | All security contexts |
| Security Context Value | All security context values |
| Access Level | Read and write |
| Start Date | 1-Jan-2024 |
In this second example, the rule assignment applies to all business functions on a read and write basis, but the user CCLARK is limited to just when the security context is Business unit.
This table shows the relevant attribute values on the Rule Assignments worksheet.
| Attribute | Value |
|---|---|
| User Name | CCLARK |
| Policy Name | Cost Center 100 |
| Role Name | CCLARK Cost Center 100 |
| Business Function | All business functions |
| Security Context | Business unit |
| Security Context Value | All security context values |
| Access Level | Read and write |
| Start Date | 1-Jan-2024 |
Business unit is a relevant security context for the Payables and Receivables business functions. Therefore, this rule assignment would effectively only apply when the user CCLARK is working with those two business functions, and not other business functions like Assets, General Ledger, Provider Intercompany, and Receiver Intercompany, which use a different security context.
Rule Assignments Without a Specified Security Context
The previous topic described a rule assignment example that broadly covered all usage contexts, regardless of the business function, security context, and security context value for the user’s usage scenario.
Here are some additional considerations for rule assignments without a specified security context.
This table shows the relevant attribute values on the Rule Assignments worksheet.
| Attribute | Value |
|---|---|
| Business Function | All business functions |
| Security Context | All security contexts |
| Security Context Value | All security context values |
Because there isn't a single business function where all the different security context types (Asset book, Business unit, Data access set, Intercompany organization) would apply, the All security contexts selection for the Security Context attribute of a rule assignment can only work with the All business functions selection for the Business Function attribute.
Also, since there likely isn’t a single security context value that would be a match for all the different security context types, selecting All security contexts for the Security Context attribute for the rule assignment would also automatically mean All security context values.