August Maintenance Pack for 23C
This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:
| Date | Module | Feature | Notes |
|---|---|---|---|
| 02 AUG 2023 | Created initial document. |
HAVE AN IDEA?
We’re here and we’re listening. If you have a suggestion on how to make our cloud services even better then go ahead and tell us. There are several ways to submit your ideas, for example, through the Ideas Lab on Oracle Customer Connect. Wherever you see this icon after the feature name it means we delivered one of your ideas.
GIVE US FEEDBACK
We welcome your comments and suggestions to improve the content. Please send us your feedback at oracle_fusion_applications_help_ww_grp@oracle.com.
DISCLAIMER
The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.
This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.
Column Definitions:
Report = New or modified, Oracle-delivered, ready to run reports.
UI or Process-Based: Small Scale = These UI or process-based features are typically comprised of minor field, validation, or program changes. Therefore, the potential impact to users is minimal.
UI or Process-Based: Larger Scale* = These UI or process-based features have more complex designs. Therefore, the potential impact to users is higher.
Features Delivered Disabled = Action is needed BEFORE these features can be used by END USERS. These features are delivered disabled and you choose if and when to enable them. For example, a) new or expanded BI subject areas need to first be incorporated into reports, b) Integration is required to utilize new web services, or c) features must be assigned to user roles before they can be accessed.
| Ready for Use by End Users Reports plus Small Scale UI or Process-Based new features will have minimal user impact after an update. Therefore, customer acceptance testing should focus on the Larger Scale UI or Process-Based* new features. |
Customer Must Take Action before Use by End Users Not disruptive as action is required to make these features ready to use. As you selectively choose to leverage, you set your test and roll out timing. |
|||||
|---|---|---|---|---|---|---|
| Feature |
Report |
UI or |
UI or |
|
||
Email from Address Based on User Messaging Service
For email messages sent by Risk Management, the sender email domain is the one set as the default in the User Messaging Service (UMS).
Users who filter out external emails won't exclude valid communications.
Steps to Enable
You don't need to do anything to enable this feature.
This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:
| Date | Module | Feature | Notes |
|---|---|---|---|
| 16 JUN 2023 |
Created initial document. |
HAVE AN IDEA?
We’re here and we’re listening. If you have a suggestion on how to make our cloud services even better then go ahead and tell us. There are several ways to submit your ideas, for example, through the Ideas Lab on Oracle Customer Connect. Wherever you see this icon after the feature name it means we delivered one of your ideas.
GIVE US FEEDBACK
We welcome your comments and suggestions to improve the content. Please send us your feedback at oracle_fusion_applications_help_ww_grp@oracle.com.
DISCLAIMER
The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.
This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.
Column Definitions:
Report = New or modified, Oracle-delivered, ready to run reports.
UI or Process-Based: Small Scale = These UI or process-based features are typically comprised of minor field, validation, or program changes. Therefore, the potential impact to users is minimal.
UI or Process-Based: Larger Scale* = These UI or process-based features have more complex designs. Therefore, the potential impact to users is higher.
Features Delivered Disabled = Action is needed BEFORE these features can be used by END USERS. These features are delivered disabled and you choose if and when to enable them. For example, a) new or expanded BI subject areas need to first be incorporated into reports, b) Integration is required to utilize new web services, or c) features must be assigned to user roles before they can be accessed.
| Ready for Use by End Users Reports plus Small Scale UI or Process-Based new features will have minimal user impact after an update. Therefore, customer acceptance testing should focus on the Larger Scale UI or Process-Based* new features. |
Customer Must Take Action before Use by End Users Not disruptive as action is required to make these features ready to use. As you selectively choose to leverage, you set your test and roll out timing. |
|||||
|---|---|---|---|---|---|---|
| Feature |
Report |
UI or |
UI or |
|
||
New Attribute Distinguishes Predefined Jobs from Custom Jobs |
||||||
Transactional Business Intelligence for Risk Management
New Perspectives in Advanced Controls Analyses
Advanced Controls has perspectives associated to two objects: controls and results. Previously, you could report only on perspectives associated to the results. In the Risk Management Cloud - Advanced Access Controls Real Time subject area and in the Risk Management Cloud - Advanced Financial Controls Real Time subject area, the Advanced Control Details folder has been enhanced to include two additional perspectives assigned to the control object. You can now report on these perspectives:
- Control Perspective
- Control Result Assignment Perspective
New Domains Added to Advanced Control Details
The addition of Control Perspective and Control Result Assignment perspectives provides insight regarding the hierarchical categorization assignment for the defined control and the results that have been generated.
Steps to Enable
You don't need to do anything to enable this feature.
New Attribute Distinguishes Predefined Jobs from Custom Jobs
In the Scheduling page of the Setup and Administration work area, a new Source attribute tells whether each job was predefined by Oracle or created by the customer. All predefined jobs are identified by the Source value of Oracle.
Job Schedule Page
This feature makes it easier to identify which jobs were provided by Oracle, for which there is related documentation, and which jobs are created by the customer.
Steps to Enable
You don't need to do anything to enable this feature.
Financial Reporting Compliance
Financial Reporting Compliance
Search Enabled for Survey Participant Lists
As you create and manage a survey, you can search for eligible survey participants. In addition within the Participants section the Name, Email, and Response Status support sort.
Example of an Initiated Survey
Enhanced Creation of Survey Questions
The definition of question text now allows the same text to be used across multiple questions. For ease of use the description of the question should be used to clarify the difference between the question text.
Completion of a Survey
In the event a survey participant enters more than 1,000 characters, the application will render an error message.
Search function enables users to search for assigned participants in the survey. The column sort enables the user to arrange the participants in a descending or ascending order to enhance the management of the assigned participants. The ability to create multiple survey questions with the same question text enables you to support new question responses; it's recommended that you add descriptions to differentiate between questions with same text.
Steps to Enable
You don't need to do anything to enable this feature.
Improvements to Import Error Messages
Oracle has enhanced the error messages returned by the Data Migration import feature, specifically for the following areas:
- Perspective hierarchies
- Mapping control records to a risk record
- Risk models
Enhancing error messages provides clarity for the end user to correct issues within the import template.
Steps to Enable
You don't need to do anything to enable this feature.
Changes Are Made to Business Objects
This release includes label changes, attribute additions, and a relationship change to business objects.
New Business Object Attributes
The following business objects have been updated with new attributes.
| Business Object | New Attributes |
|---|---|
| Audit - General Payables Options |
|
| Audit - Item Attachments |
|
| Audit - Person Allocated Checklist |
|
| Audit - Person Allocated Checklist Tasks |
|
Attribute Name Changes
Business object attributes correspond to various business areas. In an effort to align the attribute labels shown in the Advanced Financial Controls business objects to labels defined in the corresponding application pages, some are updated.
| Business Object | Old Attribute Names | New Attribute Names |
|---|---|---|
| Audit - Document Delivery Preferences |
|
|
Business Object Name Changes
When existing business objects are renamed, it has no impact to your existing models and controls. Renamed objects include:
- Audit - Sales Lead Contacts to Audit - Sales Lead Contact
- Audit - Sales Lead Products to Audit - Sales Lead Product
- Audit - Sales Lead Resources to Audit - Sales Lead Resource
- Audit - Sales Lead Territories to Audit - Sales Lead Territory
Business Object Relationship Changes
An existing relationship direction between Purchasing Contracts and Payables Invoice was reversed. Now the relationship path is Payables Invoice to Purchasing Contracts to improve performance and data accuracy. These objects are used in model 30008 and there is no direct impact.
Updates to business objects provide additional attribute criteria for your controls, and those updated for audit maintain alignment to Manage Audit Policies data source.
Steps to Enable
When you use business objects that introduce new attributes, you must run the Transaction Data Source Synchronization job. Business objects with attribute changes require that the data synchronization job be run in order to return the related values. Depending upon the number of business objects you are using across models and controls, the data synchronization job may take a little longer than usual.
Tips And Considerations
For renamed attributes, you don't need to do anything to models or controls that reference these names. Just be aware they have changed.
New and Revised Models in Content Library
Advanced Financial Controls has nine new models added to the content library, and four existing models have been revised. When you have access, you will be able to select the Import action on the Models tab and select them from the Content Library.
NEW MODELS
For new models, the following table provides information on the content library, library type, model name and business objects associated to the model.
| Content Library | Library Type | Model Name | Business Objects |
|---|---|---|---|
| Enterprise Resource Planning Library | Advanced Transaction Controls | 40014: Requisitions and Suppliers Managed by the Same User | Requisition Supplier Business Operating Unit |
| Enterprise Resource Planning Library |
Advanced Transaction Controls |
40015: Purchase Orders and Requisitions Managed by the Same User |
Requisition Purchase Order Supplier Business Operating Unit |
| Enterprise Resource Planning Library |
Advanced Transaction Controls |
40016: Payables Invoices and Requisitions Managed by the Same User |
Requisition Payables Invoice Supplier Business Operating Unit |
| Enterprise Resource Planning Library |
Advanced Transaction Controls |
40017: Payments and Requisitions Managed by the Same User |
Requisition Payment Supplier Business Operating Unit |
| Enterprise Resource Planning Library |
Advanced Transaction Controls |
40018: Expense Report Approved and Created by the Same User |
Expense Report Approvals Expense Report Information Person Business Operating Unit |
| Enterprise Resource Planning Library |
Advanced Audit Controls |
60020: Updates to General Payables Options for Invoice Matching |
Audit - General Payables Options |
| Enterprise Resource Planning Library |
Advanced Audit Controls |
60021: Updates to Receiving Parameters |
Audit - RcvParametersAuditVO |
| Enterprise Resource Planning Library |
Advanced Audit Controls |
60022: Updates to Invoice Tolerances |
Audit - Invoice Tolerances |
| Enterprise Resource Planning Library |
Advanced Audit Controls |
60023: Updates to Supplier Site Invoicing Controls |
Audit - Supplier Sites |
UPDATED MODELS
Updates were made to four transaction models. Two of these models are found in the Enterprise Resource Planning Library, while the other two are in the Human Capital Management Library.
Accounts Payable Model
30007: Payables Invoices for Debarred Suppliers
- The model’s name and description are updated to reflect some of the changes. The model now analyzes all invoices, not just those that are unpaid, and invoices where the supplier and procurement business unit may contain debarred items or categories.
- The model no longer requires the user-defined object called Debarred Suppliers. Purchasing Approved Supplier and Business Operating Unit objects were incrementally added to the model.
- Three filters define the model logic. First is a date filter for most recent three months, second to ignore canceled invoices, and the last filter for suppliers with a debarred status.
- Additions were made to selected Result Display attributes to provide more contextual information. They include those for business unit Name, and supplier-related attributes Number, Enabled Status, and Inactive Date.
Accounts Receivable Model
40007: Receivables Invoices and Receivables Standard Receipts Managed by the Same User
- The filter that analyzes invoice line details was moved from the third filter position to the second.
Human Capital Management Models
50005: Salary and Personal Payment Method Managed by Same User
- The existing filter on person types was replaced with one that identifies valid person assignment types.
- A new filter was added to return the person’s current record.
- Result Display attribute additions were made to include contextual information on the person’s job assignment. These include Assignment Number, Assignment Type, Assignment Status, and Person Number.
50007: Employees with Similar Names
- The filter logic in this model is significantly updated to identify active employees with similar names. In general, some of these changes include:
- The Employee Job Assignment object was added to filter on a person’s current and primary job assignment.
- Considers those who are either employees or contingent workers that have an active or suspended status.
- Terminated employees are ignored.
- Person name is available with their current effective records.
- A similar percentage of 95 is applied to the person’s name.
- Result Display attribute additions were made to include contextual information on the person’s job assignment. Some of these include Assignment Name, Assignment Number, Assignment Type, Assignment Status, and System Person Type.
Five new models support analysis of separation-of-duty transactions. Four use the Requisition object for the first time, and analyze related transactions created or modified by the same user (models 40014 - 400017). Model 40018 identifies users who approve and create the same expense report. The four new audit models track changes to your invoice-related configurations. Finally, updates to existing content are made periodically, based on changes, input, or recommendations by experts.
Steps to Enable
No advance setup is required for you to import models in Advanced Controls. However, a Risk Management administrator must set the Transaction and Audit Performance Configuration date options under the Advanced Controls Configuration tab under Risk Management > Setup and Administration. The two created-as-of-date options are required, one for transactions and the other for audit events. These settings improve performance by eliminating older data from data-synchronization jobs. When these created-as-of-date options already exist, you should periodically review and change them to return only current data.
Tips And Considerations
Before using new model content, evaluate available models that match requirements for your organization under the Import action for models. The Import from Content Library page is organized by product area and model types. Once you identify models appropriate for you, import, review, and modify them in your test environment. Importing all available models is not recommended. In some cases, you may have already imported the model in a previous update. Or, some may source data from products or audit configurations you have not enabled. Moreover, models may contain user-defined or imported business objects that create data set controls or objects, respectively.
NOTE: There is no way to revise an existing control with new business objects, filters, or the attributes displayed. Uptake of any delivered-model revisions starts by importing and reviewing them as a model. If an existing model uses the same name as the model you import, you will need to rename the revised model during import.
Revised Models in Content Library
Oracle has made changes to two entitlements that are used by delivered-content models for Financials. If you're using any of the affected models, consider making the same changes.
Updated Entitlement: Enter Journals
The following two privileges have been removed from the Enter Journals entitlement:
- Check Funds XCC_CHECK_FUNDS
- Reserve Funds XCC_RESERVE_FUNDS
These privileges were removed for two reasons:
-
They apply to Journal Entry only if budgetary control is turned on. Many customers don't have budgetary control turned on, and so the models returned irrelevant results. (This is because the privileges are in the Employee role for purposes unrelated to journal entry.)
-
Check Funds by itself isn't sufficient to enter a journal. One must have Enter Journal and Check Funds. The same is true for Reserve Funds.
The removal of these privileges affects the following 32 models. If your company uses controls deployed from any of these models, but doesn't have budgetary control enabled, consider removing the privileges from the Enter Journals entitlement. But if your company uses any of these controls and has budgetary control enabled, consider modifying the models and redeploying the controls.
- 10015: Maintain Project Accounting Transactions, Reporting and Enter Journals
- 10016: Maintain Project Accounting for General Ledger and Enter Journals
- 5241: Enter Accounts Receivables Invoice and Enter Journals
- 6750: Enter Journals and Approve Payables Invoices
- 6770: Enter Journals and Assets Depreciation
- 6780: Enter Journals and Assets Workbench
- 6790: Enter Journals and Capitalizing Assets
- 6800: Enter Journals and Create Payables Invoices
- 6810: Enter Journals and Create Payments
- 6820: Enter Journals and Create Purchase Orders
- 6840: Enter Journals and Enter Customer Receipts
- 6860: Enter Journals and Physical Inventory
- 6870: Enter Journals and Post Journal Entry
- 6871: Enter Journals and Manage Financial Applications Workflow Rules
- 6880: Enter Journals and Release Sales Order
- 6890: Enter Journals and Remittances
- 6900: Enter Journals and Set Up Assets
- 6911: Enter Journals and Set Up General Ledger Chart of Accounts
- 6912: Enter Journals and Set Up General Ledger Currencies
- 6913: Enter Journals and Set Up General Ledger Daily Rates
- 6914: Enter Journals and Manage Accounting Data Security
- 6915: Enter Journals and Set Up General Ledger Sets
- 6916: Enter Journals and Set Up General Ledger Options
- 6917: Enter Journals and Set Up General Ledger Statistical Units of Measure
- 6918: Enter Journals and Manage Accounting Period Statuses for General Ledger
- 6919: Enter Journals and Define Accounting Calendars
- 6920: Enter Journals and Manage Journal Approval Rules
- 6921: Enter Journals and Set Up General Ledgers
- 6922: Enter Journals and Manage General Ledger Balances Cube
- 6925: Enter Journals and Post Journal Entry and Manage Accounting Period Statuses for General Ledger
- 6926: Enter Journals and Post Journal Entry and Manage Journal Sources
- 6927: Enter Journals and Post Journal Entry and Setup General Ledgers
Updated Entitlement: Manage Accounting Period Statuses for General Ledger
Previously, the Manage Accounting Period Statuses for General Ledger entitlement included the following user-defined access points (UDAPs):
- General Accounting Manager > Period Close Management > Manage General Ledger Accounting Period Status > Manage Accounting Period Status
- General Accounting Manager > Period Close Management > Manage General Ledger Accounting Period Status > Run Open Period Program
- General Accounting Manager > Period Close Management > Manage General Ledger Accounting Period Status > Run Close Period Program
- General Accounting Manager > Period Close Management > Manage General Ledger Accounting Period Status > Run Gapless Close Program
- General Accounting Manager > Period Close Management > Manage General Ledger Accounting Period Status > Run Permanently Close Program
These UDAPs have been removed and replaced with the following stand-alone privileges:
- Manage General Ledger Accounting Period Status (ORA_GL_MANAGE_GENERAL_LEDGER_ACCOUNTING_PERIOD_STATUS_AGGR)
- Run Open Period Program
- Run Close Period Program
- Run Gapless Close Program
- Run Permanently Close Program
Manage General Ledger Accounting Period Status is an aggregate privilege and has only one privilege, Manage Accounting Period Status. Therefore the "Run" privileges would never be found in the UDAP paths above, and no incidents would ever have been identified for those paths.
Since Manage Accounting Period Status is the only privilege found in the Manage General Ledger Accounting Period Status aggregate privilege, there's no reason to include the first UDAP either. The stand-alone privileges on their own are considered sensitive. Consider also that the "Run" privileges can be run from ESS and aren't dependent on the aggregate privilege.
The models affected by these replacements are:
- 6918: Enter Journals and Manage Accounting Period Statuses for General Ledger
- 6925: Enter Journals and Post Journal Entry and Manage Accounting Period Statuses for General Ledger
- 7551: Post Journal Entry and Manage Accounting Period Statuses for General Ledger
The content library is continually reviewed by experts in relevant business areas to provide the most accurate and comprehensive SoD and sensitive access control definitions. Consider uptaking these entitlement changes based on your business requirements.
Steps to Enable
As a rule, when you import a model that uses entitlements, you import the entitlements automatically. But if an earlier version of an entitlement exists in your target environment, the content-import job cannot replace it with a newer version. So:
- If an entitlement has been revised, but you have not yet imported any of the models that use it, you can import one of these models now. The import operation includes the new entitlement along with the model.
- If an entitlement has been revised, and you imported a model that uses it during an earlier update, you also imported the earlier version of that entitlement. To use the new version, your only option is to edit your existing entitlement to incorporate its revisions.
Data-Security Values in Advanced Access Requests
As part of a role request, you can define data records to which the role will provide access. In the past, you would select a "security context" and a "security value" for that context. For example, you might select a specific business unit to enable a user to create or work with records concerning that unit only. Now, you can select any number of values for a context, in this example any number of business units for the Business Unit context.
To support this, the request form has changed to a side-panel format. Once you've selected a role for assignment, you can pick a single security context. You can then select one, multiple, or all values appropriate for that context.
Role and Data Security Request Selection
When requesting access, selecting one, more, or all values for a data security context is now easier.
Steps to Enable
You don't need to do anything to enable this feature.
Tips And Considerations
If you want to select most, but not all of the available values, you can use the select all option and then deselect those values you don't want to include in the request.
Additional Information in Advanced Access Request Reports
Users of Advanced Access Requests can export request records to an Excel spreadsheet. These exports now include information related to requester comments, data-security context, and rejected requests.
Access Request Report
The report is now more complete with regards to the information about the request as well as coverage in the event the request was rejected.
Steps to Enable
You don't need to do anything to enable this feature.
Usability Updates in Advanced Access Requests
Usability updates to Advanced Access Requests include the following:
- Open requests for inactive or removed users are automatically revoked.
- The record for each request displays a status "badge." It's updated to show when the request is being analyzed for separation-of-duties conflicts.
- When users must act on access requests, Advanced Access Requests can now send notifications as well as email alerts. Notifications are available from the Notifications icon in the global header.
Access Request Notification
The objective of these various updates is to automate processes where the end user shouldn't be involved and to provide more real-time information about request status.
Steps to Enable
You don't need to do anything to enable this feature.
Manual Removals in Advanced Access Requests
Security administrators can now use the Advanced Access Requests feature of Advanced Controls to submit users' role assignments to be removed. They can track information about removal requests, such as what roles were removed from which users, and by whom.
Because this feature is designed for security administrators, the navigation to the feature is through the Access Request Approvals. There is a new in-line navigation for Manual Access Removals.
Initial Manual Access Removal
The security administrator can initiate an access removal by selecting the Remove Access button. From there the administrator can select the user and provide the rationale for the role removal. Once the user is selected, all the roles currently assigned to the user are displayed. In addition, if there is currently data access defined via Manage Data Access for Users, this information is available to be viewed.
One or more roles can be selected for removal.
Role Removal
Once the Update button has been selected, the role and all related Manage Data Access records are immediately removed from the user. The removal activity is added to the Remove Access page for future reference if necessary.
The benefit of this new feature is to provide a single place for security administrators who use Advance Access Requests to also manage the removal of roles when they are no longer needed or appropriate for the user to have.
Steps to Enable
You don't need to do anything to enable this feature.
Access Requirements
The related privileges for the manual removals have been included in the seeded Access Request Security Administrator job role.
If you have been using Advanced Access Requests and created custom roles related to this feature set, you will want to consider the following information related to security. To gain access to this feature, the security administrator will need to add these security privileges to the related custom job role that has been assigned to the security administrators responsible for approving access requests and removing access from users.
- Perform Manual Access Removals (GTG_PERFORM_MANUAL_ACCESS_REMOVALS_PRIV)
- View Access Removals (GTG_VIEW_ACCESS_REMOVALS_PRIV)
IMPORTANT Actions and Considerations
ADVANCED FINANCIAL CONTROLS
Action required: If you analyze transactions with Advanced Controls, perform these steps:
- Determine whether you have models, UDOs, or controls that use the object Journal Entry Expanded.
- If you do, replace them with models, UDOs, and controls that use the object Journal Entry. Here's how:
- If you have models that use Journal Entry Expanded:
- Take note of the settings in each model: the business objects used, the logic and filter settings, and the result attributes.
- Either delete those models or edit them and remove Journal Entry Expanded (if you like you can replace it with Journal Entry).
- If you have UDOs or controls that use Journal Entry Expanded: Inactivate them.
- Build and test models that use Journal Entry (and UDOs if needed). Deploy your new models as controls and make sure they generate the desired incidents.
- Optional: Purge incidents generated by inactivated controls and results generated by inactivated UDOs. Then delete the controls and UDOs.
- If you have models that use Journal Entry Expanded:
IMPORTANT: Be sure to complete those steps by quarterly update 23C. For greater details and questions, go to the Action required if you analyze transactions with Advanced Controls posting on Oracle Customer Connect for Risk Management and Compliance.