Delivered security rules

Predefined security rules are delivered with the application as part of security classes associated to all pertinent business classes. When you configure security groups, these delivered security rules are made available. You can also use these rules as templates to create custom security classes with conditional rules. Delivered security rules define these application behaviors:

  • When creating records, selection lists for a field include only data elements to which the user has access. For example, if the creation form includes a field for a finance dimension, the list only displays summary dimensions to which the user has access.
  • When a record is saved, an error is displayed if a value has been specified that the user can not access. For example, if the user types the name of a project to which they do not have access, an error is displayed when they try to save the record.
  • If a direct inquiry is made, for example, a display of global ledger totals, only records with accessible values are displayed. If a record includes a value to which the user does not have access, an accounting entity, for example, that record is not displayed.
    Note: If a record includes a field that is not required and is applicable to a security group, that record is displayed if the field is blank. For example, if a user does not have access to finance dimension 1, global ledger totals still displays records where that finance dimension is blank.

Security rules are defined for all major business classes for all modules. In addition, for business classes that have global ledger company, accounting entity, finance dimension, accounting unit, chart account, project, cash code, or business group as a field, security rules are defined for these modules:

  • Global Ledger
  • Payables
  • Asset Management
  • Receivables
  • Cash Management

For complete details about out-of-the-box security rules delivered in security classes, run the Securable Object Policy report for the desired business class.

See the Configuration Console User Guide Cloud Edition.

Caution: 
If an actor context record is not defined for a security group or business group security, all records display for the associated business class. This is also true if an actor context record is defined but has no values. You must link an actor to a security group of each applicable security group type in order to secure data.