My Oracle Support Banner

EAP:One can Bypass Department Chartfield Security on Payment Requests using Accounting Tags. (Doc ID 2802918.1)

Last updated on AUGUST 27, 2021

Applies to:

PeopleSoft Enterprise FIN Payables - Version 9.2 and later
Information in this document applies to any platform.

Symptoms

One can bypass Department Chartfield security on Payment Requests when using Accounting Tags.

Replication Steps:
1. Navigate to: “Setup FSCM > Common Definitions > Design Chartfields > Accounting Tags”
2. Create a new tag named “ITC_DEPT_11000”.

3. Navigate to: “Setup FSCM > Security > Chartfield Security > Secure Chartfield Options” and establish department security as per below.

4. Navigate to: “PeopleTools > Security > Permissions & Roles > Roles” and create the below

5. Navigate to: “Setup FSCM > Security > Chartfield Security > Maintain Security Rules >
Define Security Rules” and create a new rule named “DEPT_11000” as per below.

6. Navigate to “PeopleTools > Security > User Profiles > User Profiles” and assign this Role to VP1

7. Navigate to: “Setup FSCM > Security > Chartfield Security > Maintain Security Rules >
Assign Rule to Role” and configure and “Build” it

8. Logged in as VP1.
9. Click on the “Payment Request Center” tile.
10. Enter the Summary information.
11. Select a Supplier.
12. Enter line information. Select Accounting Tag “DEPTS”. This has departments that VP1 should not have access to. Do not click on the Accounting Details icon, just click “Next"
13. Submit. This generated Payment Request “##########”
14. Execute SQL to see the Payment Request  distribution data. 
Select * from PS_PR_DIST WHERE REQUEST_ID =’##########’
One will see one is able to generate a Payment Request for department that are restricted. This should not be allowed.

ChartField Security rules are not being adhered to and allow an employee to submit a Payment Request for the department they are not authorized to use.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.