EAP: User can Bypass Department Chartfield Security on Payment Requests using Accounting Tags.
(Doc ID 2802918.1)
Last updated on FEBRUARY 19, 2023
Applies to:PeopleSoft Enterprise FIN Payables - Version 9.2 to 9.2 [Release 9]
Information in this document applies to any platform.
User can bypass Department Chartfield security on Payment Requests when using Accounting Tags.
1. Navigate to: “Setup FSCM > Common Definitions > Design Chartfields > Accounting Tags”
2. Create a new tag named “XYZ_DEPT_11000”.
3. Navigate to: “Setup FSCM > Security > Chartfield Security > Secure Chartfield Options” and establish department security.
4. Navigate to: “PeopleTools > Security > Permissions & Roles > Roles” and create
5. Navigate to: “Setup FSCM > Security > Chartfield Security > Maintain Security Rules >
Define Security Rules” and create a new rule named “DEPT_11000” .
6. Navigate to “PeopleTools > Security > User Profiles > User Profiles” and assign this Role to VP1
7. Navigate to: “Setup FSCM > Security > Chartfield Security > Maintain Security Rules >
Assign Rule to Role” and configure and “Build” it
8. Logged in as VP1.
9. Click on the “Payment Request Center” tile.
10. Enter the Summary information.
11. Select a Supplier.
12. Enter line information. Select Accounting Tag “DEPTS”. This has departments that VP1 should not have access to. Do not click on the Accounting Details icon, just click “Next"
13. Submit. This generated Payment Request “##########”
14. Execute SQL to see the Payment Request distribution data.
Select * from PS_PR_DIST WHERE REQUEST_ID =’##########’
One will see one is able to generate a Payment Request for department that are restricted. This should not be allowed.
ChartField Security rules are not being adhered to and allow an employee to submit a Payment Request for the department they are not authorized to use.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document