Securing General Ledger BI Publisher Reports Utilising Data Access Set and Segment Security
Oracle Cloud ERP provides flexible and granular tools for securing General Ledger (GL) data, ensuring users only access ledgers and accounts relevant to their roles. Two primary mechanisms enable this, Data Access Sets and Segment Value Security. Both play a vital role in safeguarding financial data across reporting and BI Publisher outputs.
Data Access Sets
Data Access Sets define which ledger or balancing segment values a user can view or report on. Administrators assign these sets to job roles using the Manage Data Access for Users screen. The assignments are stored in the FUN_USER_ROLE_DATA_ASGMNTS table, which can be referenced in BI Publisher data models to dynamically restrict report output.
Segment Value Security
While Data Access Sets control access at the ledger or company level, Segment Value Security works at the value set level, securing specific segment values within a chart of accounts. Segment Value Security rules can restrict access to detail or parent account values during data entry, reporting, and inquiry.
For example, a user with access to only one company segment (like “UKENTITY”) will not see data for another (like “USENTITY”) even if both exist in the same ledger. BI Publisher queries should use parameters based on user-specific data access sets, ensuring compliance and avoiding data leakage across business units.
By combining Data Access Sets and Segment Value Security, Oracle Cloud ERP enables fine-grained financial control, ensuring that every BI Publisher report, inquiry, or dashboard aligns with each user’s authorised data scope. This layered approach strengthens compliance while maintaining flexibility for global financial reporting.
Query Utilising Data Access Sets and Segment Value Security on the Balancing Segment
SELECT Ledger.name AS LedgerName
, JrnlLine.accounted_dr AS AccountedDr
, JrnlLine.accounted_cr AS AccountedVr
, JrnlLine.description AS JrnlLineDescription
, GLCodeCombination.segment1 AS Balancing
, GLCodeCombination.segment2 AS CostCentre
, GLCodeCombination.segment3 AS Account
FROM GL_JE_LINES JrnlLine
, GL_LEDGERS Ledger
, GL_CODE_COMBINATIONS GLCodeCombination
WHERE JrnlLine.code_combination_id = GLCodeCombination.code_combination_id
AND JrnlLine.ledger_id = Ledger.ledger_id
AND (JrnlLine.ledger_id, GLCodeCombination.segment1) IN
(
SELECT AccessSetAsgnmnts.ledger_id, DECODE(AccessSet.security_segment_code, 'F', GLCodeCombination.segment1, AccessSetAsgnmnts.segment_value)
FROM gl_access_sets AccessSet
, gl_access_set_assignments AccessSetAsgnmnts
WHERE AccessSetAsgnmnts.access_set_id = AccessSet.access_set_id
AND AccessSet.access_set_id IN
(
SELECT DISTINCT AccessSet.access_set_id
FROM gl_access_sets AccessSet
, fusion.fun_user_role_data_asgnmnts RoleAsgnmnts
, per_users Users
WHERE AccessSet.access_set_id = RoleAsgnmnts.access_set_id
AND RoleAsgnmnts.user_guid = Users.user_guid
AND RoleAsgnmnts.user_guid = FND_GLOBAL.USER_GUID --logged in user
)
)
Need some assistance?
Securing financial data in Oracle Cloud ERP isn’t just about compliance, it’s about protecting the integrity, confidentiality, and trust that underpin your entire organisation’s reporting structure. Ensuring that only the right individuals have access to the right data is essential to maintaining a secure and efficient financial ecosystem. Contact us today to discover how our expertise in BI Publisher can streamline your reporting processes.


