Intercompany-Specific Considerations for Segment Value Security
These are some considerations for the Segment Value Security by Business Function feature in the Intercompany module.
- Intercompany organization is used as the data access security object in the Intercompany module.
- For the Segment Value Security by Business Function feature, the Intercompany module
supports these two distinct business functions:
- Provider Intercompany
- Receiver Intercompany
This allows for different security grants to be defined for each intercompany organization when used as a provider, versus when used as a receiver in an intercompany transaction.
This can even be configured for individual users, where a user can be given different security grants for the same intercompany organization depending on whether the user acts as a provider or a receiver for an intercompany transaction.
Example
This example demonstrates how a user can have access to one intercompany organization but can have access to a different set of accounts depending on whether the user acts as a provider or a receiver for an intercompany transaction.
Let’s look at the security grants of two users, Paul and Rita, who work for intercompany organizations IC-Org1 and IC-Org2 respectively.
- Paul manages intercompany transactions only for IC-Org1. He needs different account access as a provider and as a receiver.
- Rita manages intercompany transactions only for IC-Org2. She needs full access to all accounts for both provider and receiver business functions.
To achieve the access control for Paul, you assign rules that grant Paul access to different accounts as a provider and as a receiver.
| User/Grant | Intercompany Data Access | Account Access | Business Function | Access level |
|---|---|---|---|---|
| Paul | IC-Org1 | 1100-1199 | Provider Intercompany | Read and write |
| Paul | IC-Org1 | 2100-2199 | Receiver Intercompany | Read and write |
Note that no security grants are configured for Rita because she has access to all accounts, which is the default Segment Value Security by Business Function feature.
With the security grants that Paul carries, let us look at the these scenarios:
Scenario 1: Paul in the role of a providerfor a loan funding transaction. Here are the steps that Paul and Rita take to complete an intercompany transaction from IC-Org1 to IC-Org2.
- Paul creates an intercompany transaction for loan funding from provider IC-Org1 to receiver IC-Org2.
- Paul enters the provider distribution account. He can only select accounts from 1100 to 1199.
- Paul submits the loan funding intercompany transaction.
- Rita reviews the inbound transaction for IC-Org2 that Paul has initiated.
- Rita enters the receiver distribution account. She can select any account.
- Rita submits the intercompany transaction.
Scenario 2: Paul in the role of a receiver for an expense sharing transaction. Here are the steps that Rita and Paul take to complete an intercompany transaction from IC-Org2 to IC-Org1.
- Rita creates an intercompany transaction for expense sharing from provider IC-Org2 to receiver IC-Org1.
- Rita enters the provider distribution account. She can select any account.
- Rita submits the expense sharing intercompany transaction.
- Paul reviews the inbound transaction for IC-Org1 that Rita initiated.
- Paul enters the receiver distribution account. He can only select accounts from 2100 to 2199.
- Paul submits the intercompany transaction.
Important Notes
The Segment Value Security by Business Function feature has not been implemented for:
- Intercompany reports.
- For example, users with limited access, who cannot view certain accounts on the intercompany UIs, will be able to see these accounts in the Intercompany Account Details report.
- Multitier Intercompany Operations module.
- The security grants configured for intercompany does not apply to Multitier Intercompany Operations feature.
Additional Notes
- The examples above demonstrate users with read/write access only. However, user access can be granted on a read/write or read-only basis to satisfy the business needs.
- Segment Value Security by Business Function applies to accounts that are generated by Transaction Account Builder (TAB). If the user creating the intercompany transactions does not have read/write access to the account, TAB will not generate the account.
- Segment Value Security by Business Function does not apply to application generated intercompany payables and receivables accounts. These accounts are generated accordingly regardless of how the Segment Value Security by Business Function is configured.
- Segment Value Security by Business Function applies to accounts generated along with intercompany transactions sourced from intercompany allocations. If the user executing intercompany allocations does not have read/write access to the account, intercompany allocations will fail to generate intercompany transactions.