Overview of Segment Value Security

Segment value security provides chart of accounts security to secure access to create or view financial data.

Selectively enable enforcement using segment value security rules by business function, including by General Ledger, Payables, Receivables, Assets, Intercompany and Subledger Accounting. Security administrators can grant account values access to users based on certain business functions, data security context, and read-only or read and write access levels. For all other modules besides the six listed here, chart of accounts security will not be enforced when security is enabled for the chart of accounts segment value set, and users working with these modules will have access to all accounts.

Here are some business benefits that chart of accounts segment values security provides.

• Provides precision in securing account access for each user to each product module, including General Ledger, Payables, Receivables, Assets, Intercompany and Subledger Accounting. Limit security enforcement to the modules where this is required.
  This feature addresses a wide range of financial data security requirements by providing a chart of accounts-based data security control using highly precise grants of secured account values to users qualified by:

  • Business function
  • Data security context
  • Read only versus read and write access level

  A user’s access to specific account values can be selectively provided with rule assignments that are tagged with a business function and data access context such that the grant would only apply for that user under the matching usage scenario. Moreover, the access can be granted on a read and write or read-only basis. If there are no matching rule assignments for that user for a given usage scenario, the user gets access to all account values for the secured chart of accounts value set.

  This ensures that all users only get the exact and appropriate access to the financial data they need to work with.

  For example, with the General Ledger business function you might have some select accountants in your organization who not only manage the financial accounting for their region but are also responsible for calculating the global bad debt reserve. They require full read and write access to all accounts when working with the financial data specific to their assigned region but should have read-only access to specific accounts of the worldwide financial data related to calculating the global bad debt reserve. It would be possible to achieve this type of access control with this feature by enabling security enforcement for the General Ledger business function. Such users would then be assigned rules that granted read-only access to those select bad debt reserve related accounts when working with the global ledgers outside of their region, while being given access to all accounts on a read and write basis when working with their regional ledger.

• Reduce the time needed to set up and maintain rules. Users with unrestricted access to accounts are automatically granted all account values; users who require restricted access are assigned an explicit security configuration.

  Streamlined configuration and administration of this chart of accounts security feature is achieved by selectively enabling security enforcement for distinct business functions. Simplified onboarding via management by exception is achieved through initially providing access to all secured account values by default to all users. Only those users who should work with just certain accounts for their given usage scenarios need to be actively managed and assigned distinct rules to limit their access.

  Setup efficiency is optimized with rule assignments that can be flexibly configured with varying degrees of specificity to fit the unique data security requirements of a particular user. Generic rule assignments can be shared between groups of users with similar access requirements to secured accounts.