Tip: Security by

Subledger Application
Do you need to restrict access by subledger application?

For example, you may have users responsible for accounting and reconciliation of a
Loan subledger application only.

Here is how you can use data security policies to address such requirements.

PROPOSED SOLUTION

Create a custom role to allow granting a user with General Accounting Manager responsibilities only for accounting of the
Loan subledger application.

Step 1. Use BI Publisher to query the application ID for your subledger application, e.g. like this:

select application_id from xla_subledgers_tl where application_name = 'Loan'

Step 2. Navigate to the Security Console, search for the General Accounting Manager job role and create a copy. Select the Copy
top role and inherited roles option.

1
Step 3. Name the copy as Loan Accounting Manager.

Step 4. From the Data Security Policies train stop search for Subledger Application policies (filter on Policy Name: Subledger).

Step 5. Edit data security policies for the Subledger Source Transaction data resource as follows:

 Condition Name: Access Subledger Source Transactions for a Ledger

 Parameter1: the application ID from step 1

Oracle Enterprise Resource Planning Cloud

2 Advanced Cloud Experts
Step 6. Edit data security policies for the Subledger Application data resource as follows:
 Parameter1: the application ID from step 1

Step 7. Complete the role copy, check status in the Administration tab.

Step 8. Assign the Loan Accounting Manager custom role to a user.

Step 9. Create data access for the user from the Manage Data Access for Users task in Setup and Maintenance for the new role
and required data access set context values.

Oracle Enterprise Resource Planning Cloud

3 Advanced Cloud Experts
Step 10. Edit any inherited roles that are granting access to the Subledger Application and the Subledger Source Transaction
data security policies. You need to either apply the same changes as described in steps 6 and 7 above or remove the data security
policies from those roles.

In our example, this involves editing the Financial Analyst Custom and the General Accountant Custom roles. Actual role
names may be different though depending on copied role name preferences configured in the Security Console Administration tab:

Tip: Use the User and Role Access Audit Report to identify any inherited roles granting access to Subledger data security
policies. You may need to run the Import User and Role Application Security Data process first.

Oracle Enterprise Resource Planning Cloud

4 Advanced Cloud Experts
Step 11. Log in with the user from step 8 and verify that access is restricted to the subledger application from step 1 only.

 Review subledger journal entries:

 Create accounting:

RESOURCES

Some relevant help topics on the Oracle Help Center (with links to 19D content) include:

 Securing ERP: Custom Roles

 Implementing Accounting Hub: Secure Accounting Transformations

 Implementing Subledger Accounting: Security for Subledger Accounting

CONNECT W ITH US
Call +1.800.ORACLE1 or visit oracle.com.
Outside North America, find your local office at oracle.com/contact.

blogs.oracle.com/oracle facebook.com/oracle twitter.com/oracle

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are
subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed
orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any
liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be
reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or
registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of
Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
Advanced Cloud Experts
December 2019 Oracle Enterprise Resource Planning Cloud
5 Advanced Cloud Experts