To Restrict the Access To Only Accounting Hub And Allow Access To specific Sub Ledger(AP,AR)

Users would like to secure Fusion Accounting Hub by subledger. For example if there is an external application that feeds payroll data into Fusion Accounting Hub with employee information it would best if users could access Accounts Payables , Accounts Receivables but not the payroll information in the transaction

It is possible to restrict user access by subledger application via the below steps.

Please note that is not possible to create the permissions so users can view the GL journal, drill into the subledger journal but not drill into the transaction. If the users do not have the privilege to view/manage suledger transaction, then the user cannot drill down to the transaction. For Fusion Accounting Hub Cloud subledgers, user who can view the subledger journals will be able to view the transaction data until the transaction data is purged. There is no separate privilege to control access.

To restrict user access by subledger application, please follow the below steps -

1. Create a custom role in Security Console by copying the General Accounting Manager role: Select Copy top role and inherited roles copy options
2. Edit the custom role
3. Navigate to Data Security Policies (DSP's) train stop and edit the policies defined for Subledger Application Data Resources (filter on Policy Name column by 'Subledger')
4. Update policies defined for Subledger Source Transaction database resource as follows
• Database Resource: Subledger Source Transaction
• Data Set: Select by instance set
• Condition Name: Access Subledger Source Transactions for a Ledger
• Parameter1: enter the application ID, for example, 200 is the application ID for Payables
• Actions: Manage Subledger Source
5. Update policies defined for Subledger Application database resource as follows
• Database Resource: Subledger Application
• Data Set: Select by instance set
• Condition Name: Subledger Application Instance Set
• Parameter1: enter the application ID, for example, 200 is the application ID for Payables
• Actions: Manage Subledger Application Data
6. Assign this new role to a user.
7. Save and Close.
8. Edit the below two inherited roles by removing two DSPs that are noted above (Subledger Source Transaction and Subledger Application) DSPs.
• Financial Analyst Custom
• General Accountant Custom

1. Set up the data access set for the user with the new custom role above in the Manage Data Access Set for User. For example, set up the 'Ledger', 'Business Unit', 'Data Access Set' context value for the user and the new role.