Payables & Cash Management

Get Involved. Join the Conversation.

Topic

    Ramesh Radhakrishnan
    Supplier Portal- Custom role for supplier to prevent...Answered
    Topic posted January 30, 2019 by Ramesh RadhakrishnanBlack Diamond: 60,000+ Points, last edited February 6, 2019, tagged Financials, Payables, Public Sector, Security, Setup 
    104 Views, 7 Comments
    Title:
    Supplier Portal- Custom role for supplier to prevent submitting invoices
    Content:

    We would like to create a custom role for certain suppliers to prevent submitting invoices via Supplier portal. I see that the seeded role "Supplier Accounts Receivable Specialist " needs to be copied and modified to achieve this. I need to know what are the priveleges that needs to be removed. Should this be removed in the Role Hierarchy or the Function security policies?

    Is there any document to setup the custom role?

    Version:
    R13-18C

    Best Comment

    Felix Beaudoin

    Hey Ramesh!
    I would remove the Role Hierarchy first because after looking at that role mentioned above, there is no specific function for entering Invoices in the Supplier Portal. It is really just part of the Role Hierarchy.
    The Role I found to remove was this one: Self Service Payables Invoice Entry

    Did you find something different in the Function Security Policies?

    Let me know, thanks!
    Regards,
    Felix

    Comment

     

    • Felix Beaudoin

      Hey Ramesh!
      I would remove the Role Hierarchy first because after looking at that role mentioned above, there is no specific function for entering Invoices in the Supplier Portal. It is really just part of the Role Hierarchy.
      The Role I found to remove was this one: Self Service Payables Invoice Entry

      Did you find something different in the Function Security Policies?

      Let me know, thanks!
      Regards,
      Felix

    • Ramesh Radhakrishnan

      Hi Piyush,

      Thanks for confirming. I was looking to exclude the below from the role hierarchy

      Self Service Payables Invoice Entry Duty which includes a policy -"Enter Unmatched Payables Invoice as Supplier "

      Thanks

      Ramesh

      • Felix Beaudoin

        That works as well. The only concern I have is that if you do not remove the Role Hierarchy, the task name will still be available for them to view. They just won't be able to create an invoice because you removed the Function Policy.

    • Amy Chan

      Hi,

      I have similar requirement from users, so I copy "Supplier Accounts Receivable Specialist" to a new role with Copy options "Copy top role" or "Copy top role and inherited roles", which one I need to select and what are the difference?

      Also I was implemented Oracle on-premise eBIS so I am new to oracle cloud just five months. I understand "Function Security Policies" but get lost on "Data Security Policies" and "Role Hierarchy". I have read the implementation guide but still know how to make use of this. Please give me an example when creating a new custom role.

      Much appreciated.

       

      • Felix Beaudoin

        Hey Amy!
        The new Cloud security console is indeed quite confusing at first. The real advantage though is that it is truly flexible and let's the implementers have full control over what an end-user can have access to. If am not mistaken, when you copy a new role, "Copy Top Role" is to provide access to the key roles of the seeded configuration. So say Receivables Specialist, they can create invoices, receipts, etc. "Copy top role and inherited roles" will copy those roles and also all the other components that are inherited with that purpose. Such as accounting or any other function which impacts other areas in finance. We typically always "Copy top role and inherited roles" and then remove what they do not need.

        As for Function and Data policies, you can view them like this (Receivables Specialist again):
        - Function -> Create Invoices, Receipts, etc.
        - Data -> Have access to all Business Units, Ledgers, etc OR assigned to a specific SetId.

        Basically, the data policies let's you customize the roles such that it will not have access to all BUs, LEs, etc. in the system.

        Hope this helps!
        Regards,
        Felix