Payables & Cash Management

Get Involved. Join the Conversation.


    Ayush Jain
    Is it possible to implement security by Primary balancing...
    Topic posted October 3, 2019 by Ayush Jain, tagged Financials, Payables, Security 
    26 Views, 2 Comments
    Is it possible to implement security by Primary balancing Segment Values in Payables rather than BU
    Enforcing secuirty on a custom role - AP Invoice inquiry where a user can only see invoices related to particular SITE (Primary Balancing Segment in COA)


    There is a requirement for AP and GL custom inquiry roles to view invoices and journals restricted only by SITE which is Primary Balancing Segment Value (PBSV) within COA, rather than Ledger or BU. Please see below for details and Org structure.

    • 1 Ledger (US)
    • 1 BU
    • COA - 6 segments (SITE-Account-CostCenter-Product-Interco-Future), There are 100 Sites or stations


    1. GL Inquiry role should be restricted to view journals by Site/Station/Account - This can be achieved through Security Segment Rules by enforcing condition on each site and tagging them to individual GL inquiry role per site. - Resolved
    2. However there are similar requirements on AP Invoice Inquiry role as well, is there a way to implement security to restrict viewing of invoice by SITE or Account value (which are segments of COA) in Payables. - Require Resolution

    Appreciate any feedback or insights.


    Oracle Cloud Application 19B (



    • Julien Dubouis

      Hi Ayush, 
      Unfortunately that's not possible. Visibility on subledgers is restricted by Business Unit. If you have one user per site, each should have his own business unit for the others to avoid seeing his entries.
      There is no way to control the visibility based on segment security rules, it only prevents from entering data against the restricted value. But you can still see the invoices created using this value, just not the resulting journals in GL.


      • Ayush Jain

        Hi Julien

        Appreciate the insights, Is there way around other than converting sites to BU.

        Can we restrict it using DFF. If the invoice header contains a Descriptive FlexField to store the site/location. Can we implement role data security policy to search only for invoices of the site to which the user belongs.