How to apply segment value security in FDI?

User_BB57H · Sep 9, 2025 8:56AM

Hi,

Where segment value security is enabled in the chart of accounts, what is the best approach to mirror this within FDI? We have users who are restricted on cost centre segments within all business functions and we want to replicate this access to reports ran in FDI.

Thanks,

Adam

RVohra · Oct 15, 2025 1:09AM

You might want to use Oracle Fusion’s Access Control Framework (ACF) and Data Roles

The Access Control Framework (ACF) governs data security in Fusion Applications including segment value security.
Assign users to Data Roles that restrict access to particular cost center segments.
FDI can consume these roles and ACF context via security predicates or user attribute mappings to filter data accordingly.

Hope it helps!

Victor H · Oct 17, 2025 6:18PM

You will need custom security contexts:

https://blogs.oracle.com/analytics/post/implementing-custom-security-context-in-oracle-fusion-data-intelligence-fdi

FDI can automatically bring security assignments from Fusion but only for a predefined subset that includes Business units, ledgers, asset books.

This subset does not include GL segments, this leaves you with 2 options:

1 - Custom security using session variables, init blocks and ADW tables: Configuring Custom Data Security in Fusion Analytics Warehouse in Nine Steps

2- Using the recent Custom Security Context feature (first link)

Option #2 is easier to maintain. However, you would also require a manual effort to bring the user-to-cost-center relationships, you could use the autosync tables to upload them into FDI:
https://docs.oracle.com/en/cloud/saas/analytics/25r3/fawag/update-security-assignments-automatically.html

RMJ-kpmg · Feb 11, 2026 10:56PM

https://community.oracle.com/products/oracleanalytics/discussion/comment/71667#Comment_71667

Option 1 does not appear to be available in the latest FDI releases. The +Data Security Step is removed, and CSC does not give the ability to apply filter logic to specific objects (i.e. referencing a variable or adw lookup table).

While CSC appears easier to setup and maintain, it seems limited/not applicable for cases like securing on ranges or conditional logic.

Victor H · Feb 18, 2026 3:03PM

https://community.oracle.com/products/oracleanalytics/discussion/comment/74658#Comment_74658

@RMJ-kpmg What release are you using?
I can see the +Data Security Step in 25R4

RMJ-kpmg · Feb 18, 2026 10:50PM

https://community.oracle.com/products/oracleanalytics/discussion/comment/74848#Comment_74848

Hi Victor. I'm on 25.R4.P5

Per the December '25 release notes:

"The Configurable Security Context capability replaces the data security configuration step for semantic model data security. See Define and Assign Custom Security Contexts. Existing users can make a service request to re-enable the legacy advanced security assignments for their new instances. When you use bundles to share and deploy the application artifacts, make sure the source and target systems use the same type of advanced security configuration."

Mohammed Rafi · Feb 19, 2026 1:46PM

In Fusion (GL, Payables, etc.), Segment Value Security is enforced in the application layer via data roles and security rules tied to the COA segment.

But in Oracle Fusion Data Intelligence (FDI):

Data is extracted into a warehouse
Security is not dynamically evaluated against Fusion SVS policies
Reports run on semantic models, not live GL security logic

So unless you replicate the security logic, users will see unrestricted cost centres in analytics.

Mohammed Rafi · Feb 19, 2026 1:47PM

Best Practice Approach (Enterprise-Recommended)

Row-Level Data Security (RLS) Using Data Security Tables

This is the cleanest and most scalable way to mirror cost centre segment security.

Architecture Pattern:

Extract user → cost centre access mapping from Fusion
(via data roles / segment value security rules)
Store that mapping in a security table in FDI
Apply row-level data filters in the semantic model (OAC layer)

This mimics SVS behaviour across all reports consistently.