NoetixViews for Oracle General Ledger
NoetixViews for Oracle General Ledger provides some special features not available in other views. This section describes the additional considerations involved with the General Ledger views. These considerations involve the extra data security on the General Ledger views and the views of archived data.
General Ledger Data Security
Data security, the ability to restrict access to data, is handled in Noetix views for Oracle
General Ledger in three ways:
Assigning roles to a query user.
Assigning Accounting Flexfield security rules to a query user.
Assigning accounts to a budget organization
Roles
Each ledger/set of books in General Ledger has its own set of views and each set is associated with a role. A role prefix is assigned to each of these sets of views belonging to a specific role. These role prefixes are assigned during view generation.
This is a security feature, since each user can be restricted to accessing data only within certain ledger/set of books. This is done by assigning roles to users. When you assign roles, even the Noetix System Administration User must have the General Ledger role assigned to access General Ledger data.
The concept of a role is an Oracle Database feature. The Noetix query users that are granted a role automatically have access to all the views assigned to that role. Roles are assigned to Noetix query users after generation. For more information about assigning roles to Noetix query users, see Manage Access to Data Based on Roles.
Accounting Flexfield Security Rules
The second level of security in NoetixViews is based on Accounting Flexfield security rules. NoetixViews uses the flexfield security rules in the same manner in which the concept of flexfield security rules is implemented in Oracle E-Business Suite. For more information about flexfield security rules, see Oracle documentation.
To use this security method to prevent access to particular accounts for specific Noetix query users, first define the flexfield security rules in the Oracle E-Business Suite Object Library. These rules allow you to specify ranges of values to be included or excluded for individual Accounting Flexfield segments. You can set up any number of these rules. Although Oracle E-Business Suite allows defining security rules on any flexfield, NoetixViews uses only rules defined for the Accounting Flexfield.
After you have defined the flexfield security rules and generated the views, the next step is to assign security rules to Noetix query users. When you set up Noetix query users, first assign them the appropriate roles, and then assign the appropriate General Ledger security rules. This can be done using the Security Manager dialog box. For more information about assigning security rules, see Manage Access to Data Based on Security Rules.
When the views are generated, the generation procedure copies references to the flexfield security rules into the views. If you add a flexfield security rule in Oracle E-Business Suite to a new segment of the Accounting Flexfield or create a ledger/set of books, the views must be regenerated before they incorporate the changes.
With any change or addition to flexfield security rules in Oracle E-Business Suite, you should review and update users’ access to General Ledger data in NoetixViews.
When views are run in the query tool, they dynamically check the flexfield security rules that have been assigned to the user running the query. This ensures that if flexfield security rules are changed for the user in Noetix Views Administrator (NoetixViews Administrator), the effect is immediate. There is no need to regenerate views when the flexfield security rules are changed.
Budget Organizations
The third type of data security is associated with General Ledger budget organizations. This security is intended to be used to limit managers to a view of only the ledger/set of books data for which they have budget authority. This can be accomplished by letting managers have access only to precanned queries that are limited to their budget organization.
The creation of budget organizations and the assignment of ranges of accounts to them is a standard General Ledger feature. Refer to Oracle documentation for more information.
The GL Org Balances, GL Org Budgets, and GL Org Budget To Actuals views determine, while running, which accounts are authorized for a given budget organization. No special generation steps are necessary to make these views work.
Archived Data
General Ledger has a feature that archives balances and journal entries. This procedure copies a previous year’s data to special archive tables. A separate procedure can purge the data from these archive tables. The archived views look at this archived data.
If the data in the archive tables has been copied to tape and then purged, it needs to be restored to these tables before it can be queried. With the archived views, the data does not have to be re-integrated with the standard balances and journal entry tables before it can be queried.
Important: If you have migrated your Oracle E-Business Suite instance from version 11.5.10.2 to Release 12, you must regenerate the GL Archived Balances and GL Archived Je Lines views after the first time you purge your archived data. Otherwise, these views will return an error when run. You do not need to regenerate these views after running the purge process subsequently.
About Access to Accounting Data
Note: In this section, the Oracle Database User, Oracle E-Business Suite Authenticated User, and Oracle
E-Business Suite Responsibility type Noetix query users are referred as Type U, Type A, and Type R respectively.
Security rules defined on the Accounting Flexfield control access to accounting data in Oracle E-Business Suite. In NoetixViews, these rules are enforced by individual Noetix views for Oracle General Ledger that supports the Accounting Flexfield. These views return accounting information, such as the actual, budget, summary, and parent balances and journal entry lines.
The following security modes are available on the Security Rules tab of the NoetixViews Administrator Security Manager to control a Noetix query user’s access to accounting data:
No Rows: Prevents a Noetix query user from accessing any rows from the Noetix views that enforce flexfield security rules. This security mode is the default for the Type U and Type R query users for all forms of the views. For Type A query users, this option is the default for only the standard and Cross Operations Extension (XOP) forms of the views.
All Rows: Allows a Noetix query user to access all the rows from the Noetix views that enforce flexfield security rules.
-
Effective Responsibility: Allows a Noetix query user to access rows from the Noetix views that enforce flexfield security rules based on the rules associated with the user’s effective responsibility. Rows are also filtered by the ledger/set of books associated with the responsibility. This security mode is available for only the Type A and Type R Noetix query users and is the default.
Note: In Noetix WebQuery (NWQ) and Oracle Discoverer, the effective responsibility is the responsibility that the users select at the time of log on. In other Business Intelligence (BI) tools, such as Oracle Business Intelligence (Oracle BI), IBM Cognos Business Intelligence (Cognos BI), and SAP BusinessObjects, the effective responsibility of the users is the responsibility of the Oracle E-Business Suite user to which a user is mapped in NoetixViews.
All Responsibilities: Allows a Noetix query user to access rows from the Noetix views that enforce flexfield security rules based on the rules and ledgers/sets of books associated with all the responsibilities assigned to the user. This option is available for only the Type A query users and the global form of the Noetix views.
Per Ledger/Per Set of Books: Allows customizing a Noetix query user’s access to the accounting data corresponding to a specific ledger/set of books. This security mode is available for all type of query users and for all forms of the views.
Assign Rules: Allows you to assign the flexfield security rules associated with a selected ledger/set of books through the Add GL Security Rules dialog box when the Per Ledger (for Oracle E-Business Suite Release 12 and later) or Per Set of Books (for Oracle E-Business Suite versions prior to Release 12) security mode is assigned to a Noetix query user.
For the purpose of applying the security settings corresponding to the Effective Responsibility and All Responsibilities options to the Noetix query users, the responsibilities assigned to the query users in Oracle
E-Business Suite are divided into the financial and nonfinancial categories. The financial responsibilities include responsibilities for the Oracle modules that process accounting data, such as General Ledger, Oracle Payables, Oracle Receivables, Oracle Assets, Oracle Purchasing, Oracle Order Management, Oracle Inventory, Oracle Projects, and Oracle Work in Process. The nonfinancial responsibilities include responsibilities for the Oracle modules such as Oracle Human Resources, Oracle Advanced Benefits, and Oracle Quality. The Effective Responsibility and All Responsibilities options apply security settings to Noetix query users differently for the financial and nonfinancial responsibilities.
One of the following conditions is used for applying the flexfield security rules settings corresponding to the Effective Responsibility option to Noetix query users:
A financial responsibility and it has no flexfield security rules assigned to it. When this responsibility is assigned to a Noetix query user, the user will have access to all the rows for the ledgers/sets of books associated with the responsibility.
A financial responsibility and it has flexfield security rules assigned to it. When this responsibility is assigned to a Noetix query user, the rules will be enforced. Rows are also filtered based on the ledgers/sets of books associated with the responsibility.
A nonfinancial responsibility and it has no flexfield security rules assigned to it. When this responsibility is assigned to a Noetix query user, the user will have no access to rows from views that enforce flexfield security rules.
A nonfinancial responsibility and it has flexfield security rules assigned to it. When this responsibility is assigned to a Noetix query user, the rules will be enforced. Rows are also filtered based on the ledgers/sets of books associated with the responsibility.
One of the following conditions is used for applying the flexfield security rules settings corresponding to the All Responsibilities option to Noetix query users:
A single financial or a single nonfinancial responsibility that has flexfield security rules assigned to it. When this responsibility is assigned to a Noetix query user, the rows will be filtered based on the flexfield security rules and ledgers/sets of books assigned to the responsibility.
A single financial responsibility that has no flexfield security rules assigned to it. When this responsibility is assigned to a Noetix query user, the user will have access to all the rows corresponding to the ledgers/sets of books associated with the responsibility.
A single nonfinancial responsibility that has no flexfield security rules assigned to it. When this responsibility is assigned to a Noetix query user, the user will have no access to the rows from the views that enforce flexfield security rules.
One financial responsibility with flexfield security rules assigned to it and a nonfinancial responsibility with no flexfield security rules. When these responsibilities are assigned to a Noetix query user, the rows will be filtered based on the ledgers/sets of books and the flexfield security rules assigned to the financial responsibility.
One financial responsibility with no flexfield security rules assigned to it and a nonfinancial responsibility with flexfield security rules assigned to it. When these responsibilities are assigned to a Noetix query user, the flexfield security rules settings of the financial responsibility will take precedence over the nonfinancial responsibility. Therefore, the user will have access to all the rows corresponding to the ledgers/sets of books assigned to the financial responsibility.
One financial responsibility and a nonfinancial responsibility with flexfield security rules assigned to both responsibilities. When these responsibilities are assigned to a Noetix query user, rows corresponding to the ledgers/sets of books are filtered based on the flexfield security rules assigned to both responsibilities.
Flexfield security rules are mainly enforced on General Ledger views that return accounting data. However, any Noetix view that includes the Accounting Flexfield can be configured to enforce flexfield security rules by modifying the properties of the view and running the generation process. If you want to include Noetix views corresponding to other Oracle modules, contact insightsoftwareSupport. By default, the following views enforce flexfield security rules in NoetixViews:
GL All Balances
GL All Budgets
GL All Encumb Je Lines
GL All Je Lines
GL AP Inv Je Line Details
GL Archived Balances
GL Archived Je Lines
GL Balances
GL Budget To Actuals
GL Budgets
GL Encumbrance Balances
GL Foreign Balances
GL Foreign Je Lines
GL Foreign Summaries
GL Funds Available
GL Je AP Inv Dist Details
GL Je AP Pmt Dist Details
GL Je SLA AP Inv Dist
GL Je SLA AP Pmt Dist
GL Je SLA AR Adj Dist
GL Je SLA AR Misc Rcpt Dist
GL Je SLA AR Std Rcpt Dist
GL Je SLA AR Tran Dist
GL Je Tran AR Adj Dist
GL Je Tran AR Misc Dist
GL Je Tran AR Pymt Dist
GL Je Tran AR Tran Dist
GL Journal Entry Lines
GL Org Balances
GL Org Budget To Actuals
GL Org Budgets
GL Parent Budget To Actuals
GL Parent Child Budgets
GL Rollup Account Balances
GL Rollup Account Budgets
GL Rollup Parent Balances
GL Rollup Parent Budgets
GL Stat Balances
GL Stat Budget To Actuals
GL Stat Budgets
GL Summary Balances
GL Summary Budget To Actuals
GL Summary Budgets
For information about how to assign flexfield security rules, see Manage Access to Data Based on Security Rules in “Noetix Query User Management.”
Configure Default Flexfield Security Rules Settings
Note: In this section, the Oracle Database User, Oracle E-Business Suite Authenticated User, and Oracle E-Business Suite Authenticated Responsibility type Noetix query users are referred as Type U, Type A, and Type R, respectively.
When Noetix query users are created, they are assigned the default flexfield security rules settings. The Noetix administrator has the option to modify a query user’s settings after the user is created. This option is supported only in the global form of the Noetix views. The available default settings are Effective Responsibility, All Responsibilities, and All Rows. By default, for Type A and Type R query users, the Effective Responsibility option is set as the default flexfield security rule setting. For Type U query users, the All Rows option is set as the default flexfield security rule setting and cannot be changed. When the default flexfield security rule setting is changed, the new setting is assigned to the newly created query users of Type A and Type R. The Noetix administrator is also provided with an option to apply the new setting to existing query users.
To configure the default flexfield security rules settings
On the Noetix Query User Maintenance tab of the Security Manager dialog box, select the users of the Oracle E-Business Suite Authenticated User (Type A) type for whom you want to configure the default flexfield security rules settings. If you are creating the Noetix query users for the first time, skip this step, and go to step 2.
-
Click Set Defaults. The Default Security Rule Settings dialog box appears.
Under EBS Users, select the appropriate default security mode. The options are Effective Responsibility, All Responsibilities, and All Rows. For information about the security modes, see About Access to Accounting Data.
Under Do you want to apply the default to existing users?, select one of the following options:
No, apply only to new users: Click this option to apply the default flexfield security settings to only the selected users who are to be created as new Noetix query users. If you have clicked this option, go to step Click OK. If you are applying the new default security rules settings to new and existing users, a message appears indicating that you are about to change the default security rules for the existing users..
Yes, apply to new and existing users: Click this option to apply the default flexfield security settings to both the selected users who are to be created as new Noetix query users and existing Noetix query users. If you have clicked this option, go to step 5.
Under How do you want to change the existing users?, select one of the following options:
Update only users that have the previous default: Click this option if the previous default flexfield security rules settings of the existing Noetix query users need to be modified to the latest.
Update only users that have no custom security rules: Click this option if you do not want to apply default flexfield security rules for the Noetix query users for whom custom flexfield security rules are assigned.
Update all users to the new default: Click this option if you want to apply the default flexfield security rules to all the Noetix query users.
Click OK. If you are applying the new default security rules settings to new and existing users, a message appears indicating that you are about to change the default security rules for the existing users.
-
Click Yes if you want to apply the new default security rules setting to the existing users. Click No if you want to return to the Default Security Rules Settings dialog box.
If you click Yes, the views that return results based on the security rules setting will now start returning results based on the new default security rules setting. Also, any custom security rules settings that were applied to query users should be reapplied after the new default security rules setting is applied.
Click OK on the Security Manager dialog box to save the changes to the database.