Creating data level security

Before this enhancement, security was created manually on the Global Ledger Security Setup page for each finance dimension. Security groups can also be automatically created for each actor that is an approver in the responsibility matrix setup.

Note: See the fact sheet for this topic: Go to Sample Templates and select Cross Dimensional Responsibility Matrix - Data Level Security.

Use this procedure, including the listed prerequisite steps, to automatically generate data level security.

  1. Enable and set up the responsibility matrix.

    See Enabling the responsibility matrix.

    See Creating the responsibility matrix.

  2. Verify that the security groups exist in the finance enterprise group (FEG). See the Security groups topics in the User and Security Setup guide.
  3. Verify that the actor is assigned to at least one security group, otherwise, the actor will have access to all finance dimensions.
  4. Verify that the approver in the responsibility matrix can approve a finance dimension that is not defined in an existing security group.

    See screen examples in the above-referenced factsheet.

  5. On the FEG Options tab, select the Responsibility Matrix Security check box.
  6. Click Save.
  7. Click OK when prompted, to create security groups from the responsibility matrix.
  8. Select Actions > Rebuild Responsibility Matrix Security.

    We recommend that you rebuild security for the responsibility matrix daily or weekly when these conditions are met:

    • Employees are added to existing finance teams or positions
    • Changes are made to employee positions or finance teams
    • Updates to a finance structure on a responsibility matrix approval
    • Approval levels are created, updated, or deleted, the security groups in the matrix are updated, or the new security groups are created, or both.

    Similar to other actions, this action can be run immediately or scheduled to run later.

    Note: When new security groups are created from the responsibility matrix, existing security groups can be orphaned. An orphaned security is one without an approver.

    A yellow triangle icon indicates that a security group is orphaned and can be deleted manually.