Cash Management Security

Page 1 of 8

Cash Management Security

Objectives

Describe Cash Management security Create security profiles Create security grants for legal entities

Cash Management Security

Page 2 of 8

MOAC and Cash Management

With MOAC you can:

Determine which organizations can access a bank account in which applications. Reconcile bank statements across multiple operating units.

Oracle Cash Management leverages Oracle Applications' multiple organization access control (MOAC) feature. MOAC lets you define multiple organizations and the relationships among them in a single installation of Oracle Applications. These organizations can be ledgers, business groups, legal entities, operating units, or inventory organizations. If you implement MOAC, then in Cash Management you can:

Determine who can access a bank account by defining which legal entity owns the account and which users have access to that legal entity. Reconcile bank statements across multiple OUs from a single responsibility.

MOAC uses the following profile options: MO: Security Profile MO: Default Operating Unit MO: Operating Unit

Cash Management Security

Page 3 of 8

Multiple Organizations Access Control Setup Set Profile Options

Profile Value Description Controls the list of operating units that a responsibility or user can access Controls which operating unit will default when accessing an application page R11i profile option maintained for those products and customers not leveraging MOAC

MO: Security Profile

MO: Default Operating Unit

MO: Operating Unit

(N) System Administrator > Profile > System

MO: Security Profile controls the list of operating units that a responsibility or user can access. You must create a security profile in Oracle HRMS that lists the operating units you want to grant access to. Then you assign that security profile to the MO: Security Profile option. If you set this profile option at the responsibility level, then all users using that responsibility will have access to only the operating units listed in the security profile. If you set this profile option at the user level, then the user will have access to only the operating units in this security profile no matter what responsibility they use. MO: Default Operating Unit is an optional profile option and allows you to specify the default operating unit to be shown when you open different subledger application pages. Because users can access multiple operating units, you may want to set up a default one instead of forcing users to constantly have to choose one. Use this profile option to set the operating unit context for your users. With User Preferences, you can also specify a default operating unit at the user level. MO: Operating Unit profile option provides backwards compatibility and supports products that do not use MOAC. If you specify a security profile for the MO: Security Profile, then those products that use MOAC will ignore the MO: Operating Unit profile option.

For more information on multiple organization setup, see: Oracle Applications Multiple Organizations Implementation Guide.

Cash Management Security

Page 4 of 8

Cash Management Security Model

Cash Management security uses three types of security rules to control how bank accounts are used in application: Bank Account Maintenance: the privilege to create and maintain bank accounts is based on the legal entities a user can access. Bank Account Access: the ability to access a bank account is based on Bank Account Access Setup and Cash Management Security Profiles. Bank Account Transfer: the privilege to create, update, and view bank account transfers is based on the legal entities that a user can access.
In Cash Management, you can control which users have access to your bank accounts and cash management activities by creating security rules. Security rules prevent unauthorized users from creating or updating bank accounts, viewing bank statements, reconciling bank statements, and transferring funds. The two different types of security rules are:

Bank Account Maintenance Security rules determine who can create and update bank accounts based on the legal entities the user can access. Bank Account Access Security rules use a combination of information from Bank Account Access Setup and Cash Management Security Profiles to determine who can access bank accounts and the type of activities they can perform for the bank account. Bank Account Transfer Security rules determine who can create, update, and view bank account transfers based on the legal entities that the user can access.

Bank Account Maintenance Security

Users can create and update bank accounts only for the legal entities they can access.
User Role with access to LE 1 LE 2 LE 3 Security Grant for Maintenance

Bank Account Maintenance Security rules grant the privilege to create and update bank accounts. By identifying the legal entities available for a role (responsibility), granting the role access to maintain bank accounts, and assigning roles to users, you can control which users can perform bank account maintenance. For example, Pat Stock is a cash manager in your company and can access the Cash Manager responsibility. The Cash Manager responsibility has access to the LE1, LE2, and LE3 legal entities. Access to maintain bank accounts has been granted to this responsibility only for LE2. Therefore Pat can create a bank account for only LE2. If you want Pat Stock to be able to create bank

Cash Management Security

Page 5 of 8

accounts for the LE1 and LE3 legal entities, then you must grant access for maintenance to the Cash Manager responsibility for LE1 and LE3. To update a bank account, Pat can only query and find bank accounts whose owner (legal entity) is registered for the Cash Manager responsibility. Pat can update banks accounts for LE1, LE2, and LE3. To set up maintenance security, use the CE UMX Security Wizard available under the User Management (UMX) responsibility. The wizard helps you quickly define the legal entities available for a role. To launch the wizard, log in as System Administrator, then in the User Management responsibility, go to Roles & Role Inheritance. Note: If a user is assigned to multiple roles and those roles have bank account maintenance grants to multiple legal entities, then the user will view all legal entities in Cash Management regardless of which responsibility he or she uses to access the application.

Bank Account Access Security

Security Rule Set Up Account Access Bank Account 555 Owner: LE 1 Use Org Payables: Receivables: Payroll: Treasury: OU 1 OU 2 BG 1 LE 1 CE Acct Use: MOAC: Payroll: Treasury: LE 1 OU 1, OU 3 BG 2 None Set Up Security Profiles User: Pat Stock

Bank Account Access Security Bank account access security rules are created by combining bank account access information with security profiles created for Cash Management users.

Bank account access setup defines which organizations can use a bank account. Security profiles provide a list of organizations that a user can access.

Access is granted to a user when an organization is defined in both areas. A user must have access to the organization that uses the bank account in order to be able to access that bank account. In this example, user Pat Stock has access to Bank Account 555 because LE 1 is common to both the account use access and the security profiles. Pat can perform cash positioning, cash forecasting, and cash pool activities; and reconcile cashflow lines for the bank statement. Pat can also reconcile Payables transaction lines for the bank statement because OU 1 is identified as an organization that uses this bank account for Payables activities and because Pat has MOAC security rights to OU 1. She cannot however reconcile any bank statement lines for Payroll, Receivables, or Treasury.

Cash Management Security

Page 6 of 8

Cash Management Security Profiles and Reconciling Bank Statements

Able to reconcile: MOAC Security CE Bank Account Use Security Payroll Security Treasury Security AP and AR transactions lines by organization

Cashflow transactions by legal entity

Payroll transactions by business groups

Treasury transactions for default legal entity

Cash Management Security Profiles identify the organizations (operating units, legal entities, and business groups) that a user can access. These security profiles provide transaction level security and determine which transactions a user can reconcile against bank statement lines. To be able to reconcile transactions, a user must have the organization that owns the transaction defined in the related security profile

MOAC security: Payables and Receivables transactions CE Bank Account Use security: Cashflow transactions from Cash Management Payroll security Payroll transactions for business group defined in HR: Business Group profile option Treasury security: Treasury transactions for default legal entity

Cash Management Security Components

Use Create/View/Reconcile CE Cashflow Transactions Maintenance Create/Update Accounts Bank Transfers Create Bank Account Transfers

UMX Security Wizard:

Bank Account Setup:

Bank Owner - LE Organization Use LE, OU, BG

Security Profiles:

MOAC AR, AP Treasury Payroll Bank Account Use CE Cashflow Transactions

Set up security for access to Cash Management activities by using components from different applications. The specific steps required to secure access to your bank accounts depend on the

Cash Management Security

Page 7 of 8

type of access you want to secure, the applications that you use for your business, and your organization structure.

Use the CE UMX Security Wizard to grant a role (responsibility) the ability to perform bank account activities in the following areas:

Use: view bank statements, reconcile cashflow transactions, forecasting, cash positioning, and cash pools Maintenance: create and update bank accounts

work with cash

Bank Account Transfers: transfers funds from and to internal bank accounts.

When creating bank accounts, specify the legal entity that owns the account and the organizations that the account is used for (Payables, Receivables, Treasury, Payroll). Create security profiles to define the list of organizations that a user can access. Set up security profiles in the following applications as needed:

MOAC: to define the list of operating units a user can access for Payables and Receivables and be able to reconcile AP and AR bank statement lines. Cash Management: to define the list of organizations a user can access to reconcile cashflow transactions. This security profile also allows users to access bank accounts for cash forecasting, cash positioning, and cash pools if no other security profiles are set up. Treasury: to define the legal entity that the Treasury user can access and be able to reconcile Treasury bank statement lines. Payroll: to define the business groups a user can access and be able to reconcile payroll transactions.

Setting Up Security

MOAC and Security Profiles Define Security Profile Assign OUs

User Management Access UMX Security Wizard Create Bank Account Security Grants for Legal Entities Set up Treasury and Payroll parameters

Run Security List Maintenance

Assign Security Profile to responsibility or user

Cash Management Create Bank Accounts

To set up security to control access to your bank accounts, you need to complete the following steps. These steps are a general guideline to the components that affect bank account security but may be performed at various stages during implementation of your system. Once the setup is in place, it will be referenced to verify access every time a user attempts to create a bank account, reconcile a bank statement or perform any other actions in Cash Management.

Define business groups. Create users, assign responsibilities, and set HR profile options including HR: Business Group.

Cash Management Security

Page 8 of 8

Define legal entities and accounting setups. Define operating units and run replicate seed program. Define security profiles: For Multi-Org access, select operating units for your security profile. The security profile is then assigned to the responsibility or user which will give the responsibility or user access to these operating units. Set Cash Management profile options: MO: Security Profile, MO: Default Operating Unit, and MO:Operating Unit (if needed). Set up UMX security: Use the CE UMX Security Wizard and create security grants for legal entities for specific roles (responsibilities). Set up system parameters for Cash Management, Treasury (if using), Payroll (if using) and other applications as needed. Create bank accounts

Creating Bank Account Security Grants

CE UMX Security Wizard Role: Cash Manager Bank Account Grants Legal Entity Vision Operations Vision Corporation Use Maintenance Bank Account Transfers

(N) User Management > Roles & Role Inheritance > Search > (I) Update > Security Wizards > CE UMX Security Wizard > (I) Run Wizard CE UMX Security Wizard Use the CE UMX Security Wizard to grant users access to bank accounts. In the wizard, you identify which legal entities a role (responsibility) can access. Then a Cash Management user with that role will have access to all bank accounts for the legal entities belonging to the role. You can further limit access to only perform certain activities for the bank accounts associated with each legal entity.

Use: Users can view bank accounts to perform activities related to Cash Positioning, Cash Forecasting, and Cash Pools. They can also reconcile bank statement lines for cashflow transactions. Maintenance: Users can create and update bank accounts Bank Account Transfers: Users can transfer funds to and from bank accounts.

In this example, any user with the Cash Manager role has the security grants to use, maintain, and transfer funds for all bank accounts that belong to the Vision Operations legal entity. For Vision Corporation legal entity, users can only use the bank accounts in Cash Management functions.