Manage Segment Value Security Rules Spreadsheet
You can control user access to chart of account segment values by defining segment value security rules. These rules restrict data entry, online inquiry, and reporting. You can define segment value security rules in the application or through desktop-integrated spreadsheets.
This topic describes the Manage Segment Value Security Rules spreadsheet, which you can use to create, edit, and delete the segment value security rules for a value set. Once you use this spreadsheet, you must continue to use it to manage the rules for that value set.
When to Use the Spreadsheet
You can only use the spreadsheet if you're enabling security on a value set for the very first time and haven't created any segment value security rules for it yet.
This table shows how the method you use to create the original rules for a value set determines which methods you can use to manage the rules for that value set going forward.
Method Used to Create Original Rules | Which methods can be used to create additional rules? | Which methods can be used to edit or delete the rules? |
---|---|---|
Manage Segment Value Security Rules spreadsheet | Manage Segment Value Security Rules spreadsheet | Manage Segment Value Security Rules spreadsheet |
Edit Data Security page |
|
Edit Data Security page |
Create Segment Value Security Rules spreadsheet |
|
Edit Data Security page |
How You Open the Spreadsheet
-
In the Setup and Maintenance work area, use the Manage Chart of Accounts Configurations task.
-
Offering: Financials
-
Functional Area: Financial Structures
-
Task: Manage Chart of Accounts Configurations
-
-
On the Manage Chart of Accounts Configurations page, select the chart of accounts.
-
In the Segments section, select the value set.
-
In the Value Set tab, select the Enable security check box.
Note: Since you're enabling security at the value set level, all charts of accounts that use that value set are affected. -
Enter a data security resource name.
-
Save your changes.
-
Click Manage Data Security.
What to Do After You Enable Security on a Value Set
You must deploy the accounting flexfield and publish the account hierarchies tied to the secured value set. These steps are independent of working with the spreadsheet. You can deploy the flexfield from the Manage Chart of Accounts Configurations page. Just click Deploy All Charts of Accounts.
To publish the account hierarchies, use the Publish Account Hierarchies task.
-
Offering: Financials
-
Functional Area: Financial Structures
-
Task: Publish Account Hierarchies
What's in the Spreadsheet
The spreadsheet has rows for defining segment value security policies and assigning them to segment value security roles. A policy can have one or more conditions, which consist of operators, values, and in some cases, tree codes and tree versions. Some spreadsheet columns represent policy level attributes, and some represent condition level attributes.
Here's a summary of the columns on the spreadsheet.
Column |
Is It Required? |
Can You Update It? |
Is It an Attribute of the Policy or Condition? |
---|---|---|---|
Policy Name |
Yes |
No |
Policy |
Policy Description |
No |
Yes |
Policy |
Segment Value Security Role Name |
Yes |
No |
Policy |
Operator |
Yes |
Yes |
Condition |
From Value |
Yes, for all operators other than All Values |
Yes |
Condition |
To Value |
Yes, for the Between operator |
Yes |
Condition |
Tree Code |
Yes, for hierarchical operators |
Yes |
Condition |
Tree Version |
Yes, for hierarchical operators |
Yes |
Condition |
Policy Start Date |
Yes |
No |
Policy |
Policy End Date |
No |
Yes |
Policy |
Mark for Deletion |
No |
Yes |
Condition |
Here's more information about the policy columns to help you prepare the spreadsheet.
Column |
What It Represents |
How to Use It |
---|---|---|
Policy Name |
The name for a group of related condition rows. |
When a policy has multiple conditions, you must use the same policy name across all related condition rows. |
Policy Description |
A brief summary of the scope and purpose for the policy. |
When a policy has multiple conditions, you must use the same policy description across all related condition rows. |
Segment Value Security Role Name |
The existing role that the policy is being assigned to. |
When a policy has multiple conditions, you must use the same segment value security role across all related condition rows. Note: To complete the segment value security rule definition,
the role must be assigned to the users the policy applies to.
|
Policy Start Date |
The effective start date of the policy. |
You can specify a date in the future. When a policy has multiple conditions, you must use the same start date across all related condition rows. |
Policy End Date |
The effective end date of the policy. |
If you don't specify an end date, the policy is in effect indefinitely. When a policy has multiple conditions, you must use the same end date across all related condition rows. Note: For audit purposes, you can't delete a policy. Use
the end date attribute to indicate when the policy is no longer applicable.
|
Here's more information about the condition columns to help you prepare the spreadsheet.
Column |
What It Represents |
How To Use It |
---|---|---|
Operator |
The method used to evaluate the values in the condition. |
When a policy has multiple conditions, you can use different operators across all related condition rows. |
From Value |
The value the operator evaluates in determining what account values to provide access to. |
You must enter a value for all operators, except for the All Values operator. When a policy has multiple conditions, you can use different values across all related condition rows. The account value must exist unless you're using the Between operator. For that operator, the value represents the starting value in the range. |
To Value |
The value the Between operator evaluates in determining what account values to provide access to. |
You must enter a value when you're using the Between operator and the value represents the ending value in the range. The value doesn't have to be an existing account. |
Tree Code |
The tree code for the parent account specified in the From Value column. Used only with hierarchical operators. |
You must select a tree code when you use hierarchy operators Is a descendant of and Is a last descendant of. When a policy has multiple hierarchical conditions, you can use different tree codes across all related condition rows. |
Tree Version |
The tree version for the parent account specified in the From Value column. Used only with hierarchical operators. |
You must select a tree version when you use hierarchy operators Is a descendant of and Is a last descendant of. When a policy has multiple hierarchical conditions, you can use different tree versions across all related condition rows. |
Mark for Deletion |
The indicator for whether to remove an individual condition from the policy. |
If a policy has only one condition and you mark it for deletion, the policy is automatically end-dated. It no longer appears in the spreadsheet the next time you download the rules from the application. |
Operators are key attributes of a condition. They specify how the rule evaluates condition values in determining what account values the role can access. When a policy has multiple conditions, an account value just has to meet any one of the conditions for the rule to apply.
Here's the list of available operators. Use this information to help you prepare the spreadsheet.
Operator |
What It Does |
---|---|
All values |
Provides access to all account values in the value set. |
Between |
Provides access to the account values included in the range of values specified in the From and To Value columns. When the range of values includes a parent account, access applies to that parent value only, in all trees and tree versions that include that parent. The rule doesn't provide access to any of its descendants, unless they're part of the specified range. |
Contains |
Provides access to account values that contain the specified value. When the matching value is a parent account, access applies to that parent value only, in all trees and tree versions that include that parent. It doesn't provide access to any of its descendants unless those descendants also happen to match the condition. |
Ends with |
Provides access to account values that end with the specified value. When the matching value is a parent account, access applies to that parent value only, in all trees and tree versions that include that parent.It doesn't provide access to any of its descendants unless those descendants also happen to match the condition. |
Equal to |
Provides access to a specific account value. When the specified value is a parent account, access applies to that parent value only, in all trees and tree versions that include that parent. The rule doesn't provide access to any of its descendants. |
Is descendant of |
Provides access to the specified parent account value and all of its descendants. Descendants include middle level parent accounts and nonparent accounts throughout all of that parent's hierarchical branches, from the root to the leaf nodes. |
Is last descendant of |
Provides access to the specified parent account value and to the account values at the leaf nodes of that parent. |
Not equal to |
Provides access to all non-parent account values, except for the specified account. Caution: Here are some important points about this operator.
|
Starts with |
Provides access to account values that start with the specified value. When the matching value is a parent account, access applies to that parent value only, in all trees and tree versions that include that parent. It doesn't provide access to any of its descendants unless the descendants also happen to match the condition. |
How You Review or Edit Existing Rules
When you have to review or edit rules, it's important to always work with the most current version of the rules recorded in the application. The way to do this is to always download the rules from the application.
-
Open the spreadsheet and connect to the application.
-
Click Search in the Manage Segment Value Security ribbon.
-
Search by policy name or assigned segment value security role, or both.
-
Review the rules or make changes and then upload them to the application.
Note: You can also create rules in the same spreadsheet that you're reviewing or editing.