Field Level Security

Sometimes transaction and action security is not sufficient. There are situations where you may need to restrict access based on the values of data. For example, in Oracle Utilities Customer Care and Billing you might want to prevent certain users from completing a bill for more than $10,000. This is referred to as "field level security".

Field level security can be complex and idiosyncratic. Implementing field level security always requires some programming by your implementation group. This programming involves the introduction of the specific field-level logic into the respective application service(s). The recommendation is to use a business object validation algorithm for checking field level security.

The definition of a user's access rights is performed using the same transactions used to define transaction / action level security. This is achieved as follows:

• Create a security type for each type of field-level security.
• Define the various access levels for each security type. For example, assume you have some users who can complete bills for less than $300, and other users who can complete bills for less than $1,000, and still other users who can complete bills for any value. In this scenario, you'd need 3 access levels on this security type:
  • Level 1 (lowest): May authorize bills <= $300
  • Level 2 (medium): May authorize bills <= $1,000
  • Level 3 (highest): May authorize all bills
• Link this security type to each application service where this type of field level security is implemented. This linkage is performed on the security type transaction.
• Defining each user group's access level for each security type (this is done for each application service on which the security type is applicable).