Receivables-Specific Considerations for Segment Value Security
Chart of accounts segment value security controls user access to chart of accounts-based accounting information in Receivables.
Use segment value security to define user access to Accounting Flexfield segment values in Receivables. A given user can only work with account values in the secured chart of accounts value set to which they've been granted access and at the level of their rule assignments.
Segment value security doesn't affect Receivables setup or transaction creation.
Enable Receivables for Segment Value Security by Business Function
Use the Manage Segment Value Security by Business Function action in the Manage Chart of Accounts Configuration page to enable Receivables for segment value security.
To enable Receivables for segment value security:
- Navigate to the Manage Chart of Accounts Configurations task.
- In the Manage Chart of Accounts Configurations page, click the Manage Segment Value Security by Business Function button.
- In the Manage Segment Value Security by Business Function window, enable the Receivables option.
- Save your work.
When you enable segment value security for Receivables, by default all Receivables users are granted access to all segment values. You must set up rules to restrict user access to Accounting Flexfield segment values by business function. In the context of the Receivables business function, business unit is the security context.
Set Up Segment Value Security Rules in Receivables
Use the Manage Segment Value Security Rule Assignments spreadsheet to assign segment value security rules to the users who require some form of restricted access to Accounting Flexfield segment values.
As a general rule, create dedicated segment value security roles for each designated group of Receivables users and the related data security policies that govern their access to secured segment account values.
The dedicated segment value security roles you create, with their accompanying secured segment values, can be assigned to and even shared among the corresponding users based on their particular segment value access requirements.
You can enable security enforcement for all business functions or for one or more specific business functions. This table provides an example of how to designate segment value access rule assignments to Receivables users.
| Access Type | Business Function | Security Context | Security Context Value |
|---|---|---|---|
| Global access | All business functions | All security contexts | All security context values |
| Access to Receivables business function only | Receivables | Business unit | All business units |
| Access to a specific business unit of Receivables business function | Receivables | Business unit | Name of the specific business unit |
Global access: Assign global access to users with responsibilities across multiple business functions, for example, Assets, Receivables and General Ledger. Global access users would then require access to the same specified segment account values across all their assigned asset books (FA), business units (AR), and ledgers (GL).
Access for Receivables business function only: Assign business-function-only access to users with the Receivables responsibility who require access to the same specified segment account values for all their assigned business units.
Access for a specific business unit: Assign specific business unit access to users with the Receivables responsibility who require access to the specified segment account values for one business unit only.
Read-Write and Read-Only Access
You can further restrict user access to accounting flexfield segment values by assigning users Read-Write and Read-Only privileges.
- Read-Write: Users can create and update transactions, view accounting, and report on Receivables transactions that reference the account values granted.
- Read-Only: Users can view, query, and report on Receivables transactions that reference the account values granted. For example, users who don’t have Read-Write access to segment values belonging to transaction distributions can still search for and review these distributions.
Summary of Segment Value Security Enforcement in Receivables
Users with Read-Write access to specified account values can take these actions on the transactions that reference these account values:
- Create, save and complete a transaction.
- Credit a transaction.
- Update account values in the distributions belonging to a transaction.
- Post transactions to General Ledger.
- Apply a receipt or credit memo to a transaction.
- Unapply a receipt or credit memo from a transaction.
- Manage adjustments to transactions.
- Create draft subledger accounting.
- Use these web service components: Get, Create, Update, Delete, Reverse.
Users with Read-Only access to specified account values can take these actions on the transactions that reference these account values:
- Create and save a transaction.
- View transaction distributions.
- Run reports.
Segment value security isn't enforced on these activities:
- Receivables implementation tasks in Functional Setup Manager.
- These reports in Scheduled Processes:
- Receivables Aging by GL Account Report
- MFAR Aging and Reconciliation Report
- General Ledger Reconciliation Report
Example of Segment Value Security Enforcement in Receivables
The following example illustrates segment value security enforcement by business function in Receivables.
User Perry has the Accounts Receivables Manager role, but isn't assigned any segment value security rules. This implies that Perry has global access to all accounts.
User James, who also has the Accounts Receivables Manager role, has access to two business units: Vision ASC605 BU001 and Vision ASC605 BU002. The details of the access are described in the following table.
| User | Role | Business Function | Business Unit | Security Context Value (Cost Center) as per the rule assignments | Access Level |
|---|---|---|---|---|---|
| James | Accounts Receivable Manager | Receivables | Vision ASC605 BU001 | 00000000, 20000000 to 20000220 | Read-Only |
| James | Accounts Receivable Manager | Receivables | Vision ASC605 BU002 | 00000110, 20000221 to 20000440, 30000550 | Read-Write |
This table describes the results of the various actions that James attempts on the Create Transaction: Invoice page in each business unit, as determined by James' segment value security assignments. The Cost Center Value column represents the cost centers used in the transaction.
| User | Business Unit | Cost Center Value | Access Level | Action | Result |
|---|---|---|---|---|---|
| James | Vision ASC605 BU001 | 00000000, 20000220, 30000330 | Read-Only | Save Transaction | James can save the transaction. |
| James | Vision ASC605 BU001 | 00000000, 20000220, 30000330 | Read-Only | Review Distributions | James can review distributions for which James has read-only access. James can’t view the account of the distribution with cost center value 30000330. |
| James | Vision ASC605 BU001 | 00000000, 20000220, 30000330 | Read-Only | Edit Distributions | James can't edit or even see the distribution segment values. |
| James | Vision ASC605 BU001 | 00000000, 20000220, 30000330 | Read-Only | Complete Transaction | James can't complete the transaction. |
| James | Vision ASC605 BU001 | 00000000, 20000220, 30000330 | Read-Only | Post to Ledger | James can't post the transaction. |
| James | Vision ASC605 BU002 | 00000110, 20000440 | Read-Write | Save Transaction | James can save the transaction. |
| James | Vision ASC605 BU002 | 00000110, 20000440 | Read-Write | Review Distributions | James can review all distributions. |
| James | Vision ASC605 BU002 | 00000110, 20000440 | Read-Write | Edit Distributions | James can edit distributions and change the cost center. |
| James | Vision ASC605 BU002 | 00000110, 20000440 | Read-Write | Complete Transaction | James can complete the transaction. |
| James | Vision ASC605 BU002 | 00000110, 20000440 | Read-Write | Post to Ledger | James can post the transaction. |