Subledger Accounting-Specific Considerations for Segment Value Security
This section explains the purpose of Segment Value Security by Business Function and provides an overview of Subledger Accounting, including its activities, setup, transaction processing, and how data security is applied.
Oracle Subledgers such as Payables, Receivables, etc. and Fusion Accounting Hub subledgers are used to capture transaction information which is then processed by the Subledger Accounting engine to generate detailed subledger accounting entries.
In general, Subledger Accounting activities include:
- Setup: Configuring subledger applications, accounting options, accounting rules, mapping sets and supporting references.
- Transaction: Fusion Accounting Hub transaction import, create accounting and posting to the General Ledger, manual adjustment entry, maintaining control balances and supporting reference balances.
- Inquiry and Reporting: Review subledger accounting entries and drill down to source transactions, reviewing reports such as the Subledger Period Close Exception report, Account Analysis report, OTBI reporting on Subledger Accounting Entries and Supporting Reference balances, etc.
Subledger Accounting doesn’t deliver any job roles for Fusion Applications. Applications such as Payables. Receivables, etc. which consume Subledger Accounting services grant access to accounting related activities for their application specific job roles by inheriting the duty roles provided by Subledger Accounting.
Accounting Hub users are required to define custom job roles and assign the appropriate duty roles as needed to perform accounting activities.
No data security is applied for the setup related activities; however, data security is applied on the Ledger and Journal Source LOVs for the Transaction, Inquiry and Reporting activities listed above. Data security is implemented through grants against the job roles which perform subledger transaction, inquiry and reporting activities. For example – Accounts Payable Supervisor requires access to account payables invoices, view accounting, review the subledger accounting entries created or create adjustment accounting entries for Payables journal source.
Here is a summary of how data security is applied on Subledger Accounting for General Ledger and Subledger Job Roles:
| Job Role | Default Data Security |
| General Ledger Job Roles (General Accounting Manager, Financial Specialist, etc.) |
For the ledgers to which user has data access:
|
| Oracle Subledger Job Roles (Payables Supervisor, Receivables Specialist, etc.) |
For the specific security context (i.e. Business Unit, Intercompany Organization, Asset Book, etc.) to which user has data access:
|
Segment Value Security by Business Function implementation in Subledger Accounting
This topic outlines how Segment Value Security is implemented in Subledger Accounting and how it affects different setup, transaction, and reporting areas.
Subledger Accounting is an intermediate processing layer which converts the transaction information from different Oracle and Accounting Hub subledgers into accounting entries based on the accounting rules defined in the system. The Subledger Accounting user interfaces and reports do not enforce data security through a specific data security context such as Data Access Set or Business Unit. Data Security in Subledger Accounting is governed by the data security policies associated with the Job Role which has associated subledger functions.
Subledger Accounting doesn’t have any associated business function. For some of the Subledger Accounting pages such as the ones associated with adjustment subledger accounting entry creation or review, the General Ledger business function context is applied. General Ledger enforces data security through Data Access Sets which control read and write access to the entire ledger, or just to certain primary balancing segment values. When the General Ledger business function is applied on subledger accounting pages, a cumulative effect of all the Data Access Set grants for the user will be applied since subledger accounting pages do not have a Data Access Set context. They provide access for the associated ledger only.
If the subledger accounting entries are viewed in the context of a transaction for Oracle Subledgers such as View Accounting window, the business function of the associated subledger shall be applied.
If the segment value security policies are defined for All business functions, access to the secured segment values is based on the applicable Security Context is applied. For example, if the Security Context is set to Data Access Set, subledger accounting pages which enforce General Ledger business function (Create Subledger Journal, Review Subledger Journals, etc.) will restrict access to the corresponding secured segment values on these pages. However, in the View Accounting page which applies the Subledger business function, these values would not be accessible to users.
If the segment value security policies are defined for All business functions and All security contexts, then access will be restricted to the corresponding secured segment values in all subledger accounting pages where Segment Value Security by Business Function is enforced.
Here is a summary of how Subledger Accounting implements Segment Value Security by Business Function in the different Setup, Transaction and Reporting areas where chart of accounts segments is involved –
| Area | User Interface | Segment Value Security by Business Function Behaviour | Business Function Context Applied |
| Setup | All Setup Pages | Not Applied | Not Applicable |
| Transaction | Create Manual Subledger Journal using UI or Spreadsheet | Applied | General Ledger |
| Create Accounting Online / Batch process | Not Applied | Not Applicable | |
| Create Accrual Reversal Accounting process | Not Applied | Not Applicable | |
| Create Multiperiod Accounting process | Not Applied | Not Applicable | |
| Update Subledger Balances process | Not Applied | Not Applicable | |
| Import Accounting Transactions | Not Applied | Not Applicable | |
| Inquiry and Reporting | Review / View Subledger Journal | Applied | General Ledger |
| Review / View Subledger Journal – Account Override | Applied | General Ledger | |
| View Accounting | Applied | Subledger Context is applied for the supported subledgers (Eg: Payables, Receivables, etc.) | |
| View Accounting – Account Override | Applied | Subledger Context is applied for the supported subledgers (Eg: Payables, Receivables, etc.) | |
| Drill Down – Subledger Journal Lines | Applied | General Ledger | |
| Drill Down – View Transaction | Applied | Subledger Context is applied for the supported subledgers (Eg: Payables, Receivables, etc.) | |
| T-Account Report – Review Subledger Journals | Applied | General Ledger | |
| T-Account Report – View Accounting | Applied | Subledger Context is applied for the supported subledgers (Eg: Payables, Receivables, etc.) | |
| Journal Entries Report | Applied | General Ledger | |
| Account Analysis Report | Applied | General Ledger | |
| Create Accounting Execution Report | Applied | General Ledger | |
| Create Multiperiod Accounting Execution Report | Applied | General Ledger | |
| Create Accrual Reversal Accounting Execution Report | Applied | General Ledger | |
| Subledger Accounting Methods Setup Report | Not Applied | Not Applicable | |
| Accounting Event Diagnostics Report | Not Applied | Not Applicable | |
| Third Party Control Account Balances Report | Not Applied | Not Applicable |
Case Study: Application of Segment Value Security
Joe and Cassie are employees of the Vision Corporation organization.
Vision Operations business unit is one of many business units under the Vision Corporation US ledger which manages the Payables and Payment business functions specifically. To streamline access for accounting users based on balancing segment values, the Vision Corporation US ledger has 3 Data Access Sets defined – Vision Corp DAS A, Vision Corp DAS B and Vision Corp DAS C, other than the implicit DAS Vision Corporation US.
Joe has been hired as a Payables Specialist of Vision Operations in the US to manage payables invoicing related activities such as verifying and recording supplier invoices in the system, making payments timely, monitoring expenses, and keeping a track of all the documents for tax purposes. In certain cases, Joe may be required to enter subledger adjustment accounting entries if the invoice was not captured directly in the Payables – Invoices application.
Cassie has been hired as a General Accountant of Vision Corporation in the US for reviewing account statements, conducting data analysis with financial transactions, and generating reports on revenues, expenses, asset, liability, and equity accounts. She is also responsible for recording accounting adjustments, accruals, allocations, currency revaluations and translations as part of accounting period closure activities. Occasionally, she may create subledger adjustment accounting entries during subledger to general ledger reconciliation.
The following are the job roles and data security assignments provided to Joe and Cassie for managing the responsibilities related to Payables Specialist and General Accountant job roles –
| User | Job Role | Data Security Context |
| Joe | Employee | NA |
| Payables Specialist | Vision Operations (BU) | |
| Cassie | Employee | NA |
| General Accountant | Vision Corp DAS A | |
| General Accountant | Vision Corp DAS C |
Subledger Accounting doesn’t have any separate data security context or business function. By default, all segment values corresponding to the secured segments in the account combination are accessible to perform the activities which are accessible to the Payables Specialist and General Accountant job roles on the Vision Operations business unit and Vision Corporation US ledger respectively. Access to specific segment values of the secured segments while entering an account combination in Payables and General Ledger pages would be restricted based on the respective policies assigned to each user.
Following segment value security policies are assigned to Joe and Cassie –
| User | Job Role | Data Security Context | Business Function | Segment | Segment Value | Access Level |
| Joe | Employee | NA | NA | NA | NA | NA |
| Payables Specialist | Vision Operations (BU) | Payables | Cost Center | 110 | Read/Write | |
| 120 | Read Only | |||||
| Payables Specialist | Vision Corporation US (DAS) | General Ledger | 130 | Read/Write | ||
| Cassie | Employee | NA | NA | NA | NA | NA |
| General Accountant | Vision Corp DAS A (DAS) | General Ledger | Cost Center | 110 | Read/Write | |
| 120 | Read/Write | |||||
| 130 | Read Only | |||||
| 140 | Read Only | |||||
| Vision Corp DAS C (DAS) | 160 | Read/Write | ||||
| 170 | Read/Write |
Here are some sample examples of how the above policy definition would provide access to different subledger accounting pages to Joe and Cassie respectively –
| User | User Interface | Access |
| Joe | View Accounting | This page is read-only, and the Subledger business function is applied here. Since the user has access to read both the cost center values 110 and 120 for Payables business function, they will be able to access those account combinations which use these cost center values. |
| View Accounting – Account Override | This page supports read\write and the Subledger business function is applied here. Since the user has access to read\write to the cost center value 110 only, they will be able to access those account combinations which use this cost center value. | |
| Review Journal Entries / Journal Lines | This page is read-only, and the General Ledger business function is applied here. Since the user has access to read the cost center value 130 for General Ledger business function, they will be able to access those account combinations which use this cost center value. | |
| Account Analysis Report | This is a read-only report, and the General Ledger business function is applied here. Since the user has access to read the cost center value 130 for General Ledger business function, they will be able to access those account combinations which use this cost center value. | |
| Create Subledger Journal | This page supports read\write and the General Ledger business function is applied here. Since the user has access to read\write the cost center value 130 only, they will be able to access those account combinations which use this cost center value. | |
| Cassie | Review Journal Entries / Journal Lines |
This page is read-only, and the General Ledger business function is applied here. The user has access to read the cost center values 110, 120, 130, 140 through the data access set Vision Corp DAS A and the cost center values 160, 170 through the data access set Vision Corp DAS C. So, a cumulative effect of all the Data Access Set grants will be applied for the General Ledger business function here, thereby allowing the user to access those account combinations which use the cost center values – 110, 120, 130, 140, 160 and 170. |
| Account Analysis Report | This is a read-only report, and the General Ledger business function is applied here. Like the above scenario, a cumulative effect of all the Data Access Set grants will be applied for the General Ledger business function here, thereby allowing the user to access those account combinations which use the cost center values – 110, 120, 130, 140, 160 and 170. | |
| Create Subledger Journal |
This page supports read\write and the General Ledger business function is applied here. The user has access to read\write the cost center values 110, 120 through the data access set Vision Corp DAS A and the cost center values 160, 170 through the data access set Vision Corp DAS C. As a cumulative effect of all the Data Access Set grants applied for the General Ledger business function here, the user gets access to those account combinations which use the cost center values – 110, 120, 160 and 170. |