Introduction/ Issue:
Cash Management data security is NOT partitioned by Business Unit, therefore its security policies allow access to all BUs.
Why we need to do
We noticed that when we add “Cash Manager” Role role to a specific user, the user get full access to all organization in the Account Payable modules whiteout any security. We need to remove the below custom role and user can view only their data access BU.
1) Bank Statement and Reconciliation Custom
2) Cash Positioning and Forecasting Management Custom
Steps to create custom Cash Manager role are list below, detailed screenshots are available in the below:
- Navigate to Tools > Security Console
- Copy Seeded Cash Manager Role with “Copy top role and inherited roles”
- Do not make any changes to the custom role, Click Submit and Close
- Review the Job/Duty Roles assigned under new Cash Management Custom role.
We need to make changes to below 2 roles. - Now search for the role, ‘Bank Statement and Reconciliation Custom’ and Edit
- Navigate to Data Security Policies and Remove the Policies below which give access to all Business units:
Privilege: Manage Payables Invoice
Privilege: View Receivables Activities
- Save and close
Bank Statement and Reconciliation Custom
Navigate to Security Console à Roles à Bank Statement and Reconciliation Custom
Save and close.
- Perform same steps, 5-7 for Cash Positioning and Forecasting Management Custom Role
Cash Positioning and Forecasting Management Custom
Navigate to Security Console à Roles à Cash Positioning and Forecasting Management Custom
Save and close
- Now Assign this role to the User along with any other subledger related role. Remove the seeded Cash Manager role if assigned to the user.
- Navigate to Manage Data Access for Users and Assign the Business Unit for both these Roles
- Save and close.
- Now Login with this user and this user should have only one BU access in the AP or other subledger application pages.
Now assign the custom role to user along with Any Payables Role.
Navigate to Manage Data Access for Users and Assign the Business Unit for both these Roles.
Save and close. Please wait for 15-20 Min till the Roles Sync process is completed
Now Login with this user and this user should have only Assigned BU access.
Conclusion
After removed the privilege access from data security policy. User can view only their own BU, which is assigned in the data access set.