Oracle Cloud Procurement leverages robust row-level security mechanisms to ensure users can view and manage only those requisitions and purchasing documents relevant to their authorised procurement Business Units (BUs). This security model plays a vital role in enforcing governance, maintaining data confidentiality, and supporting compliance across procurement operations.
Buyer Access and Procurement BU Security
Row-level security (RLS) for Procurement is often implemented through the PO_AGENT_ACCESSES table, which defines which Procurement BUs and actions a buyer has access to. Each record in this table represents an agent’s (buyer’s) permissible operations, such as managing requisitions against specific Procurement BUs.
The RLS logic validates user access dynamically at runtime using session-based functions like HRC_SESSION_UTIL.get_user_personid , ensuring that only authorised individuals, based on their buyer setup and BU assignment, can access or act upon procurement data.
This security model supports flexible access configurations, such as:
Restricting visibility of requisitions to specific Procurement BUs.
Allowing buyers to view or manage requisitions assigned directly to them.
Respecting “View” or “Full” access permissions based on role responsibilities.
By embedding these security predicates in BI Publisher reports or data models, organisations can prevent unauthorised requisition exposure across BUs and maintain strong data segregation boundaries.
Example Row Level Security Predicate
The following SQL predicate can be incorporated into BI Publisher data models to enforce buyer-level and BU-based access controls on procurement reporting queries:
AND (
EXISTS (
SELECT 'user has valid access to prc bu'
FROM po_agent_accesses PoAgentAccess
WHERE PoAgentAccess.agent_id = HRC_SESSION_UTIL.get_user_personid
AND PoAgentAccess.prc_bu_id = ReqLines.prc_bu_id --From main query
AND PoAgentAccess.access_action_code = 'MANAGE_REQUISITIONS'
AND PoAgentAccess.active_flag = 'Y'
AND PoAgentAccess.allowed_flag = 'Y'
AND (
PoAgentAccess.access_others_level_code IN ('VIEW','FULL')
OR ReqLines.assigned_buyer_id = HRC_SESSION_UTIL.get_user_personid --From main query
)
)
)
This predicate ensures that:
-
Data is returned only for requisition lines belonging to Procurement Business Units for which the logged-in user has valid “Manage Requisitions” access.
-
Buyers can see lines assigned directly to them, even if their broader BU access is limited.
-
Only users with active, allowed access and the correct access level (VIEW or FULL) see relevant report results.
Enforcing Secure and Granular Procurement Reporting
When combined with Oracle’s role-based security and access governance framework, this row-level predicate ensures Procurement reports reflect each buyer’s authorised data scope. It provides a fine-grained access model that supports decentralised procurement operations while maintaining enterprise-level control.
Embedding RLS logic directly within data models enhances security consistency across analytic tools and BI Publisher outputs, ensuring sensitive procurement data never extends beyond its intended audience.
Need some assistance?
Ready to bring clarity to customer, supplier and employee communications? With BI Publisher, we specialise in customising customer, supplier, and employee-facing documents such as invoices, purchase orders, payslips, and statements to meet your exact branding, compliance, and operational needs. From layout design to data logic enhancements, we help you deliver clear, consistent, and impactful outputs across your organization. Contact us today to discover how our expertise in BI Publisher can streamline your document processes and elevate your business communications.
