1. Getting Started with Your Financials Implementation
  2. Other Financials Security Considerations

Other Financials Security Considerations

Common functionality that's not job specific, such as creating expense reports and timecards, are granted to the abstract role Enterprise Resource Planning Self Service User. Abstract roles like Employee, Contingent Worker, and Line Manager also grant access to common functionalities across a wide collection of Oracle Fusion Cloud Applications.

A library of duty roles, packaging access to respective Transaction Business Intelligence subject areas and corresponding detail pages, are also available as building blocks to provide self-service reporting access.

Oracle Fusion Cloud Financials includes the following roles that are designed for initial implementation and the ongoing management of setup and reference data:

  • Application Implementation Manager: Used to manage implementation projects and assign implementation tasks.

  • Application Implementation Consultant: Used to access all setup tasks.

  • IT Security Manager: Used to access the Security Console to manage roles, users, and security.
  • Financial Integration Specialist: Used to plan, coordinate, and supervise all activities related to the integration of financials information systems.
Note: For the ongoing management of setup and reference data, the predefined Financial Application Administrator role provides access to all financial setup tasks.

Separation of Duties Considerations

Separation of duties (SOD) separates activities such as approving, recording, processing, and reconciling results so you can more easily prevent or detect unintentional errors and willful fraud.

Oracle Financials includes prebuilt roles that can accelerate deployment. To find out whether they could be valuable to your organization:
  1. Gather your FIN stakeholders, for example, the owners of business processes, IT security administrators, and internal audit / financial governance teams.
  2. Identify the prebuilt roles that are relevant to your FIN activities.
  3. Determine whether those roles should be used as is, or fine-tuned to suit your operational, security, and compliance requirements. For example, if a user has the Create Payments and Approve Invoice privileges, you might consider it an SoD conflict. The predefined Accounts Payable Manager role has the privileges of Force Approve Invoices and Create Payments. When you assess and balance the cost of duty separation against reduction of risk, you might determine that the Accounts Payable Manager role should not be allowed to perform Force Approve Invoices and remove that privilege.

To learn more about SoD, see Using Advanced Controls in the Oracle Help Center (http://docs.oracle.com). To learn more about the policies and roles, see the Security Reference Manuals in the Oracle Help Center.

Data Security Considerations

  • Use segment value security rules to restrict access to transactions, journal entries, and balances based on certain values in the chart of accounts, such as specific companies and cost center values, to individual roles.

  • Use data access set security for Oracle General Ledger users to control read or write access to entire ledgers or portions of the ledger represented as primary balancing segment values, such as specific legal entities or companies.

For more information on securing your applications, see the Oracle Fusion Cloud ERP Securing ERP guide in the Oracle Help Center (http://docs.oracle.com).