1. Securing ERP
  2. Receivables-Specific Considerations for Segment Value Security

Receivables-Specific Considerations for Segment Value Security

Chart of accounts segment value security controls user access to chart of accounts-based accounting information in Receivables.

Use segment value security to define user access to Accounting Flexfield segment values in Receivables. A given user can only work with account values in the secured chart of accounts value set to which they have been granted access and at the level of their rule assignments.

Segment value security doesn't affect Receivables setup or transaction creation.

Enable Receivables for Segment Value Security by Business Function

Use the Manage Segment Value Security by Business Function action in the Manage Chart of Accounts Configuration page to enable Receivables for segment value security.

To enable Receivables for segment value security:

  1. 1. Navigate to the Manage Chart of Accounts Configurations task.
  2. 2. In the Manage Chart of Accounts Configurations page, click the Manage Segment Value Security by Business Function button.
  3. 3. In the Manage Segment Value Security by Business Function window, enable the Receivables option.
  4. Save your work.

When you enable segment value security for Receivables, by default all Receivables users are granted access to all segment values. You must set up rules to restrict user access to Accounting Flexfield segment values by business function. In the context of Receivables, the business function is the business unit.

Set Up Segment Value Security Rules in Receivables

Use the Segment Value Security by Business Function spreadsheet to assign segment value security rules to the users who require some form of restricted access to Accounting Flexfield segment values.

As a general rule, create dedicated segment value security roles for each designated group of Receivables users and the related data security policies that govern their access to secured segment account values.

Note: Never directly create segment value data security policies using the existing Receivables job roles, such as Receivables Manager. The existing job roles are likely to be shared by all Receivables users, and many separate groups of users are likely to have different chart of account segment value security profiles.

The dedicated segment value security roles you create, with their accompanying secured segment values, can be assigned to and even shared among the corresponding users based on their particular segment value access requirements.

You can enable security enforcement for all business functions or for one or more specific business functions. This table provides an example of how to designate segment value access rule assignments to Receivables users:

Segment Value Access

Access Type Business Function Security Context Security Context Value
Global access All business functions All security contexts All security context values
Access to business unit business-function-only Business unit Business unit All security context values
Access to a specific business unit Business unit Business unit Name of business unit

Global access: Assign global access to users with responsibilities across multiple business functions, for example, Assets, Receivables and General Ledger. Global access users would then require access to the same specified segment account values across all of their assigned asset books (FA), business units (AR), and ledgers (GL).

Access for business unit business-function-only: Assign business-function-only access to users with the Receivables responsibility who require access to the same specified segment account values for all of their assigned business units.

Access for a specific business unit: Assign specific business unit access to users with the Receivables responsibility who require access to the specified segment account values for one business unit only.

Read-Write and Read-Only Access

You can further restrict user access to accounting flexfield segment values by assigning users Read-Write and Read-Only privileges.

  • Read-Write: Users can create and update transactions, view accounting, and report on Receivables transactions that reference the account values granted.
  • Read-Only: Users can view, query, and report on Receivables transactions that reference the account values granted. For example, users who don’t have Read-Write access to segment values belonging to transaction distributions can still search for and review these distributions.

Summary of Segment Value Security Enforcement in Receivables

Users with Read-Write access to specified account values can take these actions on the transactions that reference these account values:

  • Create, save and complete a transaction.
  • Credit a transaction.
  • Update account values in the distributions belonging to a transaction.
  • Post transactions to General Ledger.
  • Apply a receipt or credit memo to a transaction.
  • Unapply a receipt or credit memo from a transaction.
  • Manage adjustments to transactions.
  • Create draft subledger accounting.
  • Use these web service components: Get, Create, Update, Delete, Reverse.

Users with Read-Only access to specified account values can take these actions on the transactions that reference these account values:

  • Create and save a transaction.
  • View transaction distributions.
  • Run reports.

Segment value security is not enforced on these activities:

  • Receivables implementation tasks in Functional Setup Manager.
  • These reports in Scheduled Processes:
    • Receivables Aging by GL Account Report
    • MFAR Aging and Reconciliation Report
    • General Ledger Reconciliation Report

Example of Segment Value Security Enforcement in Receivables

The following example illustrates segment value security enforcement by business function in Receivables.

User James has access to two business units: Vision ASC605 BU001 and Vision ASC605 BU002. He has Read-Only access to Vision ASC605 BU001 and Read-Write access to Vision ASC605 BU002.

Example of Segment Value Security

User Role Business Function Business Unit Security Context Value (Cost Center) Access Level
James Accounts Receivable Manager Business Unit Vision ASC605 BU001 00000000, 20000220 Read-Only
James Accounts Receivable Manager Business Unit Vision ASC605 BU002 00000000, 20000220 Read-Write

This table describes the results of the various actions that James attempts on the Create Transaction: Invoice page in each business unit, as determined by his segment value security assignments.

User Actions and Results

User Business Unit Cost Center Value Access Level Action Result
James Vision ASC605 BU001 00000000, 20000220 Read-Only Save Transaction James can save the transaction.
James Vision ASC605 BU001 00000000, 20000220 Read-Only Review Distributions James can review all distributions.
James Vision ASC605 BU001 00000000, 20000220 Read-Only Edit Distributions James can't edit or even see the distribution segment values.
James Vision ASC605 BU001 00000000, 20000220 Read-Only Complete Transaction James can't complete the transaction.
James Vision ASC605 BU001 00000000, 20000220 Read-Only Post to Ledger James can't post the transaction.
James Vision ASC605 BU002 00000000, 20000220 Read-Write Save Transaction James can save the transaction.
James Vision ASC605 BU002 00000000, 20000220 Read-Write Review Distributions James can review all distributions.
James Vision ASC605 BU002 00000000, 20000220 Read-Write Edit Distributions James can edit distributions and change the cost center.
James Vision ASC605 BU002 00000000, 20000220 Read-Write Complete Transaction James can complete the transaction after changing the cost center.
James Vision ASC605 BU002 00000000, 20000220 Read-Write Post to Ledger James can post the transaction.