By Swathi Ambati, HEXstream solutions engineering manager

Financial data security isn’t just an IT concern; it’s a core finance and governance requirement. As organizations grow across legal entities, business units and regions, controlling who sees which financial data is essential for accuracy, compliance and accountability.

Oracle Fusion Data Intelligence (FDI) centralizes operational and financial data, enabling analytics while enforcing robust, enterprise-grade security. But fully understanding how this security works and when to customize it is critical for organizations with complex reporting needs. Lets explore...

How Oracle FDI security works

FDI secures analytics in two ways:

1.       Content access (controlled by application/duty roles) decides which dashboards or reports a user can open.

1. Data access (controlled by data roles and security assignments) decides which financial data the user can see in those reports.

These controls rely on application roles, data roles, security assignments and semantic-model mappings. Security rules are applied dynamically at runtime, ensuring users only see the data they’re authorized to access.

Example: Alice is a finance manager for USA Corp. She opens the Profit & Loss dashboard and sees only USA Corp’s financial data. Europe data is automatically hidden.

Key components of FDI security

Below, I’ve summarized the key components of FDI security. For a more detailed explanation of Oracle Fusion and FDI security concepts, you can also refer to my colleague’s blog.

1. Application roles

Define who can access analytics and which subject areas they can use.

• Prebuilt roles exist, but custom roles are often required for unique business scenarios.
• Example: Finance manager can open General Ledger dashboards but may need additional data roles to restrict data visibility.

2. Security contexts and assignments

Determine which data values users can access, such as ledgers, business units or balancing segments.

• Example: Assign Alice only Legal Entity = USA_Corp. Reports automatically filter to show only permitted rows.

3. Semantic-model security configuration

Semantic-model security mapping links role‑based security assignments to semantic-model attributes so that FDI automatically applies the corresponding data filters at query time, ensuring users only see the data they are authorized to access.

4. Row-level data enforcement

Applies security dynamically at runtime, ensuring unauthorized data is never visible.

Why custom security may be needed

While prebuilt roles handle many scenarios, organizations often require fine-grained, custom controls such as:

• Restricting data by balancing segment or cost center
• Limiting visibility by business unit or hierarchy
• Enforcing compliance or audit-specific rules

Example scenarios:

• Alice should only see US Corp., and within that only the East Division balancing segment.
• A business unit manager can see all cost centers within their unit.
• A CFO can view consolidated data across all legal entities.

Custom security ensures that each user sees exactly the data they are authorized for, while maintaining centralized, consistent and audit-ready controls. Custom security uses configurable security contexts, allowing centralized, consistent and audit-ready controls while respecting organizational policies.

Benefits of centralized and custom security

• No report maintenance: Security updates automatically apply to all dashboards
• Consistent enforcement: One rule applies across dashboards, KPIs and exports
• Scalable: Works across ledgers, legal entities, COA segments and hierarchies
• Audit-ready: Centralized enforcement supports governance and compliance
• Future-proof: Easily extendable to other COA attributes like cost center or natural account

Example in practice: Bob has access to the same dashboard as Alice but sees only Europe GmbH data, without creating separate dashboards or manual filters.

Conclusion

Oracle FDI’s security framework ensures enterprise-grade, COA-based data protection that is reliable, scalable and aligned with best practices by combining:

• Application roles
• Security contexts and assignments
• Semantic-model extension
• Row-level enforcement

Organizations can implement precise financial-data security, whether standard or complex, ensuring that the right people see the right data at the right time (without constant dashboard maintenance).

Balancing segments are just one example, but they demonstrate how COA-based security in FDI empowers finance teams with trustworthy, compliant and scalable analytics.

Data security is more critical than ever. Also critical is choosing the right approach for your custom security. We at HEXstream are ready to effectively design and implement your security.

CLICK HERE TO CONTACT US.