New Feature - Data Access Sets
One of the new features in General Ledger is Data Access Sets. This feature plays a very important role in having a Secured Data Access to the user or one can called it as RBAC (Role Based Access Control).
In previous versions, access to data by users has been restricted only by excluding the menus and functions of the responsibility and then that responsibility is assigned to the particular users who are eligible. This job is carried out by a system administrator or a consultant having system administrator responsibility. This functionality stays as such in Rel 12 also.
Apart from the above, in Rel 12, General Ledger has also contributed a new feature towards securing data.
A Ledger created in General Ledger Module is accessed by various modules using different responsibilities, if one decided to exclude menus for all such responsibilities it will be a time consuming process, instead one can create a security by creating an Data Access Set for a ledger in General Ledger itself, which will apply to all responsibilities using that particular ledger. However, a setting is required for each such responsibilities, that is you have to attach the respective Data Access Set to the respective Responsibility by using GL: Data Access Set profile option. This setting can be done only from system administrator responsibility.
Note: One Responsibility can have only one data access set assigned.
Now let us see what are the types of security that one can have for a ledger or ledger set.
1) Full Ledger 2) Balancing Segment Value 3) Management Segment Value
1) Full Ledger - Full ledger access means having full read and write access to the ledger and all of its balancing segment values or management segment values.
2) BSV - If you assign specific balancing segment values to legal entities and ledgers, you will only be able to use those balancing segment values during transaction processing and journal entry.
3) MSV - When securing management segment values for a ledger, take note of the management segment values you used when you assigned the default accounts to the ledger, such as the retained earnings account and the cumulative translation adjustment account.
The privileges available for all the three Data Access sets are :
Read Only: Allows users to view data in ledgers and balancing or management
Read and Write: Allows users to view and enter data in ledgers and balancing or
management segment values.
If you closely observe the BSV and MSV data access types it is more or less similar to a security rule that is defined in General Ledger module. And one more thing, BSV and MSV type Data Access sets also considers Security Rules.
For Eg: Assume that you have blocked a Segment value 01 for your company segment,
whereas you have included segment value 01 in the Data Access set, in which case, the
user will not have access to the segment value 01.
Will confuse you guys more with my other posts shortly !!
1. SELECT *--distinct access_privilege_code
FROM gl_access_set_ledgers gas
FROM apps.fnd_profile_options_tl prol,
(SELECT 10001 level_id,
SELECT 10002 level_id,
FROM apps.fnd_application_vl app
SELECT 10003 level_id,
FROM apps.fnd_responsibility_vl resp
SELECT 10004 level_id,
FROM applsys.fnd_user usr) lev
WHERE -1 = -1
--AND prol.user_profile_option_name LIKE 'xxx' --Profile??
AND prol.language = 'US'
AND prol.profile_option_name = pro.profile_option_name
AND pro.profile_option_name = 'GL_ACCESS_SET_ID'
-- AND lev.level_name = 'xx'
-- AND lev.level_value = 52388
-- AND lev.level_type ='Site' -- Site, App, Resp, User
AND pro.profile_option_id = prv.profile_option_id(+)
AND prv.level_id = lev.level_id(+)
AND prv.level_value = lev.level_value(+)
AND prv.profile_option_value = '1055'
ORDER BY pro.profile_option_name,