Create Data Security Policy For Viewing Invoices and Accessing Invoice List of Values

If you want to automatically generate activities from invoices or want to manually link sustainability activities to payables invoices, then you must grant the invoice data access to a user who is responsible for creating activities in Oracle Fusion Cloud Sustainability.

This access lets the user associate the activity with an invoice or drill into an invoice from an activity. This is the user who is assigned a role that includes the Generate Sustainability Activity from Payables Invoice (SUS_GENERATE_ACTIVITIES_FROM_INVOICES) privilege.

Note:

To perform this procedure, you must be assigned the IT Security Manager role.

  1. Navigate to Tools > Security Console.
  2. On the Roles page, click Create Role to create your own job role.
  3. On the Create Role page, in the Role Name field, enter a role name such as Invoice Data Access. Specify values for the rest of the fields on the page such as Role Code and Role Category.
  4. Navigate to the Data Security Policies train stop.
  5. On the Data Security Policies page, click Create Data Security Policy.
  6. In the Create Data Security Policy dialog box:
    • Enter a name for the policy. For example, Grant on Invoices.
    • In the Start Data field, a date is automatically assigned. Change this date if required.
    • In the Data Resource field, search for and select Business Unit (FUN_ALL_BUSINESS_UNITS_V). This is the data resource for which you're defining the policy.
    • From the Data Set drop-down list, select Select by instance set.
    • From the Condition Name drop-down list, select Access the business units for which the user is explicitly authorized.
    • From the Actions drop-down list, select Manage Payables Invoice.
  7. Click OK.
  8. Navigate to the Summary train stop.
  9. Click Save and Close.
  10. In the Setup and Maintenance work area, go to the Manage Business Unit Data Access for Users or Manage Data Access for Users task in the Users and Security functional area.
  11. On the Manage Data Access for Users page, ensure that the value of the Security Context drop-down list is set to Business Unit.
  12. In the Search Results section, click the Create icon.
  13. In the Create Data Access for Users dialog box:
    1. From the User Name drop-down list, select the user to whom you need to grant access.
    2. From the Role drop-down list, select Invoice Data Access.
    3. From the Security Context drop-down list, select Business unit.
    4. From the Security Context Value drop-down list, select your business unit.
    5. Click Save and Close.
  14. On the Manage Data Access for Users page, verify that the user access is granted, and then click Done.
  15. Assign the job role that you created (for example, Invoice Data Access) to the user who is assigned a role that has the privileges of the predefined Sustainability Analyst role to create activities.