Two different security mechanisms are provided to secure bank accounts: Bank Account Maintenance security and Bank Account Access security. At a high level, Bank Account Maintenance security secures the creation and update of bank account data, whereas Bank Account Access security secures user access of the bank accounts.
In Bank Account Maintenance security setup, you can assign one or more legal entities to each role (responsibility). In the creation flow, the Bank Account Owner LOV will display only the legal entities that are assigned to your role in this security setup. In the update flow, users can only query the bank accounts whose owner is assigned to your role.
Note: When a user is assigned to multiple roles with multiple Bank Account Maintenance Security setups, all security rules are defined for the user even though the user may access the application through only one particular role.
Bank Account Maintenance Security is implemented using the UMX data security model. A setup wizard called Cash Management Security Wizard facilitates the setup procedure. See: Cash Management Security Wizard.
The Bank Account Access security rule feature is built on top of Bank Account Access Setup and Cash Management Security Profiles. Bank Account Access setup provides a list of organizations that have access to a given bank account; whereas Cash Management Security Profiles provides a list of organizations an application user has access to. If there is at least one common organization between Bank Account Access setup and Cash Management Security Profile then users will be granted access to the bank account. For example, if bank account 101 has account access setup with operating unit OU1, and if user OPERATIONS has access to OU1 in the profile, then the user can view and use bank account 101.
Bank Account Access setup defines the uses (Payables, Receivables, Payroll, and Treasury) of bank accounts and organizations that have access for each use. One or more operating units can be assigned to Payables or Receivables Use. Only one legal entity can be assigned for Treasury Use. The legal entity that is assigned to Treasury use is always the same as bank account owner. Lastly, one or more business groups can be assigned for Payroll Use.
Cash Management Security Profiles provides a list of organizations (OU/LE/BG) that the user has access to based on following four security rules: Bank Account Use security, Treasury security, MOAC security and Payroll security.
Bank Account Use security grants users the access to one or more legal entities. Bank Account Use security setup is required to reconcile cashflows in bank statement reconciliation. Bank statement line can be reconciled to a cashflow only if access to the cashflow LE is granted when setting up Bank Account Use security.
Bank Account Use security setup is also required if the user does not have MOAC, Payroll or Treasury security set up, but wants to include bank accounts in Cash Forecasting, Cash Positioning, and Cash Pools. Only those bank accounts whose owner LE is registered in Bank Account Use security will be able to access these features.
Bank Account Use security is implemented using the UMX data security model. A setup wizard called Cash Management Security Wizard facilitates the setup procedure. See: Cash Management Security Wizard.
Treasury security defined in Oracle Treasury provides a list of legal entities that Treasury users have access to.
MOAC security provides a list of operating units that a given user has access to.
Payroll security returns a business groups that a given user has access to based on the PER_BUSINESS_GROUP_ID profile option.
Users can create, update or view bank statements as long as the user has access to the statement's bank account based on bank account access security. However, in order to reconcile transactions a user must have the transaction's organization defined in MOAC, Payroll, Treasury or Bank Account Use security.
Bank Account Access security is applied to these features to restrict the bank accounts that the user has access to.
In Bank Account Transfer security setup, you can assign one or more legal entities to each role (responsibility). In Bank Account Transfers, the source and destination bank account LOVs will list only those bank accounts whose owners are assigned to your role in Bank Account Transfer security setup.
The Bank Account Maintenance Security is implemented using the UMX data security model.
Using the Cash Management Security wizard, an administrator can assign multiple legal entities to a role or roles to set up the following three securities:
Bank Account Maintenance security - control bank account creation and updates
Bank Account Use security - control bank account access
Bank Account Fund Transfers security - control bank account transfers
Navigate to User Management > Roles & Role Inheritance page
Enter your role/responsibility name
Click Go.
Select the role/responsibility and click Update.
In the Update Role page, click Security Wizard.
Click Run to execute the Cash Management Security wizard.
Add Legal Entity: To add additional legal entities you like to assign to role.
Use: Select to assign the legal entity to Bank Account Use security.
Maintenance: Select to assign the legal entity to Bank Account Maintenance security.
Bank Account Transfers: Select to assign the legal entity to Bank Account Transfers security.
Click Apply to save the change or Cancel to remove the changes.