flexfield value set security and new proxy user features in 12.2
TRANSCRIPT
Flexfield Value Set Security and New Proxy User Features in 122
Revised July 2015
Susan Behn
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
2
Agenda
Understanding User Management Principles
User Management Layers
Role Based Access Control Overview
Building Blocks for User Management
Modeling Security Policy Basic Example
Flexfield Value Set Security
Proxy User Access
References
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
3
User Management Layers
Core security ndash levels 1 ndash 2 is accomplished through AOL or with grants and permissions
Core security ndash level 3 is required for some apps
Administrative features ndash levels 4 ndash 6 are optional
6 User access requests with AME
Approval Processes
5 Registration processes
4 Administer functionsdata for
specific groups
3 Grant access to roles that
include functiondata security
2 What data can a user see
1 What can a user do
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
4
Role Based Access Control
RBAC ndash The RBAC standard supports the mapping of user access control based upon a userrsquos role in the organization rather than their unique identity
Roles ndash a grouping of all the responsibilities lower level permissions (functions) permission sets and data security rules that a user requires to perform a specific task
Role Categories ndash Organize roles into groups
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
5
Components by Responsibility
System Administrator Responsibility
Manage responsibilities and menus Create users
User Management ndash Layers 3 and up
Functional Administrator Responsibility
Function Security Layer
Functional Developer Responsibility
Data Security Layer
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
6
User Management Building Blocks
Objects
Define data to be secured ndash a table or view
Stored in FND_OBJECTS FND_OBJECTS_TL
Object Instance Sets
The ldquoWHERErdquo clause for an object
Stored in FND_OBJECT_INSTANCE_SETS FND_OBJECT_INSTANCE_SETS_TL
Managed in Functional Developer Responsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
7
User Management Building Blocks
Permissions ndash 2 types ndash function and data
Function Security Permissions ndash control access to abstract functions
Examples Executable function is access to User Management Roles amp
Role Inheritance Form
Abstract functions are defined as role permissions
Create Role ndash Assign Role
Manage Role ndash Revoke Role
Data Security Permissions ndash control access to objects
Data limited by where clause
Stored in FND_FORM_FUNCTIONS FND_FORM_FUNCTIONS_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
8
User Management Building Blocks
Permission Sets
Grouping of permissions
Example All User Administration Privileges
A permission set can contain other permission sets
Stored in FND_MENUS FND_MENUS_TL FND_MENU_ENTRIES FND_MENU_ENTRIES_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
9
User Management Building Blocks
Grants
Provide permissions for actions on a specified object
Attach function permissions and data permissions (data security polices) to grantee
Grantee
Who gets the grant
A role or group
A specific user
All Users
Data Security Policy
Grant that includes both an object and permission set
Stored in FND_GRANTS
STACKING UP THE BUILDING BLOCKS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
11
Modeling Security Policies
Step 1 ndash Assign access to user management to appropriate users
Step 2 ndash Identify or create permissionspermission sets that group functions (function security)
Step 3 ndash Identify or create product seeded objects object instance sets (data security)
Step 4 ndash Identify seeded grants create grants
Step 5 ndash Assign role
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
2
Agenda
Understanding User Management Principles
User Management Layers
Role Based Access Control Overview
Building Blocks for User Management
Modeling Security Policy Basic Example
Flexfield Value Set Security
Proxy User Access
References
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
3
User Management Layers
Core security ndash levels 1 ndash 2 is accomplished through AOL or with grants and permissions
Core security ndash level 3 is required for some apps
Administrative features ndash levels 4 ndash 6 are optional
6 User access requests with AME
Approval Processes
5 Registration processes
4 Administer functionsdata for
specific groups
3 Grant access to roles that
include functiondata security
2 What data can a user see
1 What can a user do
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
4
Role Based Access Control
RBAC ndash The RBAC standard supports the mapping of user access control based upon a userrsquos role in the organization rather than their unique identity
Roles ndash a grouping of all the responsibilities lower level permissions (functions) permission sets and data security rules that a user requires to perform a specific task
Role Categories ndash Organize roles into groups
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
5
Components by Responsibility
System Administrator Responsibility
Manage responsibilities and menus Create users
User Management ndash Layers 3 and up
Functional Administrator Responsibility
Function Security Layer
Functional Developer Responsibility
Data Security Layer
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
6
User Management Building Blocks
Objects
Define data to be secured ndash a table or view
Stored in FND_OBJECTS FND_OBJECTS_TL
Object Instance Sets
The ldquoWHERErdquo clause for an object
Stored in FND_OBJECT_INSTANCE_SETS FND_OBJECT_INSTANCE_SETS_TL
Managed in Functional Developer Responsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
7
User Management Building Blocks
Permissions ndash 2 types ndash function and data
Function Security Permissions ndash control access to abstract functions
Examples Executable function is access to User Management Roles amp
Role Inheritance Form
Abstract functions are defined as role permissions
Create Role ndash Assign Role
Manage Role ndash Revoke Role
Data Security Permissions ndash control access to objects
Data limited by where clause
Stored in FND_FORM_FUNCTIONS FND_FORM_FUNCTIONS_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
8
User Management Building Blocks
Permission Sets
Grouping of permissions
Example All User Administration Privileges
A permission set can contain other permission sets
Stored in FND_MENUS FND_MENUS_TL FND_MENU_ENTRIES FND_MENU_ENTRIES_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
9
User Management Building Blocks
Grants
Provide permissions for actions on a specified object
Attach function permissions and data permissions (data security polices) to grantee
Grantee
Who gets the grant
A role or group
A specific user
All Users
Data Security Policy
Grant that includes both an object and permission set
Stored in FND_GRANTS
STACKING UP THE BUILDING BLOCKS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
11
Modeling Security Policies
Step 1 ndash Assign access to user management to appropriate users
Step 2 ndash Identify or create permissionspermission sets that group functions (function security)
Step 3 ndash Identify or create product seeded objects object instance sets (data security)
Step 4 ndash Identify seeded grants create grants
Step 5 ndash Assign role
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
3
User Management Layers
Core security ndash levels 1 ndash 2 is accomplished through AOL or with grants and permissions
Core security ndash level 3 is required for some apps
Administrative features ndash levels 4 ndash 6 are optional
6 User access requests with AME
Approval Processes
5 Registration processes
4 Administer functionsdata for
specific groups
3 Grant access to roles that
include functiondata security
2 What data can a user see
1 What can a user do
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
4
Role Based Access Control
RBAC ndash The RBAC standard supports the mapping of user access control based upon a userrsquos role in the organization rather than their unique identity
Roles ndash a grouping of all the responsibilities lower level permissions (functions) permission sets and data security rules that a user requires to perform a specific task
Role Categories ndash Organize roles into groups
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
5
Components by Responsibility
System Administrator Responsibility
Manage responsibilities and menus Create users
User Management ndash Layers 3 and up
Functional Administrator Responsibility
Function Security Layer
Functional Developer Responsibility
Data Security Layer
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
6
User Management Building Blocks
Objects
Define data to be secured ndash a table or view
Stored in FND_OBJECTS FND_OBJECTS_TL
Object Instance Sets
The ldquoWHERErdquo clause for an object
Stored in FND_OBJECT_INSTANCE_SETS FND_OBJECT_INSTANCE_SETS_TL
Managed in Functional Developer Responsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
7
User Management Building Blocks
Permissions ndash 2 types ndash function and data
Function Security Permissions ndash control access to abstract functions
Examples Executable function is access to User Management Roles amp
Role Inheritance Form
Abstract functions are defined as role permissions
Create Role ndash Assign Role
Manage Role ndash Revoke Role
Data Security Permissions ndash control access to objects
Data limited by where clause
Stored in FND_FORM_FUNCTIONS FND_FORM_FUNCTIONS_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
8
User Management Building Blocks
Permission Sets
Grouping of permissions
Example All User Administration Privileges
A permission set can contain other permission sets
Stored in FND_MENUS FND_MENUS_TL FND_MENU_ENTRIES FND_MENU_ENTRIES_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
9
User Management Building Blocks
Grants
Provide permissions for actions on a specified object
Attach function permissions and data permissions (data security polices) to grantee
Grantee
Who gets the grant
A role or group
A specific user
All Users
Data Security Policy
Grant that includes both an object and permission set
Stored in FND_GRANTS
STACKING UP THE BUILDING BLOCKS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
11
Modeling Security Policies
Step 1 ndash Assign access to user management to appropriate users
Step 2 ndash Identify or create permissionspermission sets that group functions (function security)
Step 3 ndash Identify or create product seeded objects object instance sets (data security)
Step 4 ndash Identify seeded grants create grants
Step 5 ndash Assign role
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
4
Role Based Access Control
RBAC ndash The RBAC standard supports the mapping of user access control based upon a userrsquos role in the organization rather than their unique identity
Roles ndash a grouping of all the responsibilities lower level permissions (functions) permission sets and data security rules that a user requires to perform a specific task
Role Categories ndash Organize roles into groups
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
5
Components by Responsibility
System Administrator Responsibility
Manage responsibilities and menus Create users
User Management ndash Layers 3 and up
Functional Administrator Responsibility
Function Security Layer
Functional Developer Responsibility
Data Security Layer
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
6
User Management Building Blocks
Objects
Define data to be secured ndash a table or view
Stored in FND_OBJECTS FND_OBJECTS_TL
Object Instance Sets
The ldquoWHERErdquo clause for an object
Stored in FND_OBJECT_INSTANCE_SETS FND_OBJECT_INSTANCE_SETS_TL
Managed in Functional Developer Responsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
7
User Management Building Blocks
Permissions ndash 2 types ndash function and data
Function Security Permissions ndash control access to abstract functions
Examples Executable function is access to User Management Roles amp
Role Inheritance Form
Abstract functions are defined as role permissions
Create Role ndash Assign Role
Manage Role ndash Revoke Role
Data Security Permissions ndash control access to objects
Data limited by where clause
Stored in FND_FORM_FUNCTIONS FND_FORM_FUNCTIONS_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
8
User Management Building Blocks
Permission Sets
Grouping of permissions
Example All User Administration Privileges
A permission set can contain other permission sets
Stored in FND_MENUS FND_MENUS_TL FND_MENU_ENTRIES FND_MENU_ENTRIES_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
9
User Management Building Blocks
Grants
Provide permissions for actions on a specified object
Attach function permissions and data permissions (data security polices) to grantee
Grantee
Who gets the grant
A role or group
A specific user
All Users
Data Security Policy
Grant that includes both an object and permission set
Stored in FND_GRANTS
STACKING UP THE BUILDING BLOCKS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
11
Modeling Security Policies
Step 1 ndash Assign access to user management to appropriate users
Step 2 ndash Identify or create permissionspermission sets that group functions (function security)
Step 3 ndash Identify or create product seeded objects object instance sets (data security)
Step 4 ndash Identify seeded grants create grants
Step 5 ndash Assign role
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
5
Components by Responsibility
System Administrator Responsibility
Manage responsibilities and menus Create users
User Management ndash Layers 3 and up
Functional Administrator Responsibility
Function Security Layer
Functional Developer Responsibility
Data Security Layer
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
6
User Management Building Blocks
Objects
Define data to be secured ndash a table or view
Stored in FND_OBJECTS FND_OBJECTS_TL
Object Instance Sets
The ldquoWHERErdquo clause for an object
Stored in FND_OBJECT_INSTANCE_SETS FND_OBJECT_INSTANCE_SETS_TL
Managed in Functional Developer Responsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
7
User Management Building Blocks
Permissions ndash 2 types ndash function and data
Function Security Permissions ndash control access to abstract functions
Examples Executable function is access to User Management Roles amp
Role Inheritance Form
Abstract functions are defined as role permissions
Create Role ndash Assign Role
Manage Role ndash Revoke Role
Data Security Permissions ndash control access to objects
Data limited by where clause
Stored in FND_FORM_FUNCTIONS FND_FORM_FUNCTIONS_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
8
User Management Building Blocks
Permission Sets
Grouping of permissions
Example All User Administration Privileges
A permission set can contain other permission sets
Stored in FND_MENUS FND_MENUS_TL FND_MENU_ENTRIES FND_MENU_ENTRIES_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
9
User Management Building Blocks
Grants
Provide permissions for actions on a specified object
Attach function permissions and data permissions (data security polices) to grantee
Grantee
Who gets the grant
A role or group
A specific user
All Users
Data Security Policy
Grant that includes both an object and permission set
Stored in FND_GRANTS
STACKING UP THE BUILDING BLOCKS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
11
Modeling Security Policies
Step 1 ndash Assign access to user management to appropriate users
Step 2 ndash Identify or create permissionspermission sets that group functions (function security)
Step 3 ndash Identify or create product seeded objects object instance sets (data security)
Step 4 ndash Identify seeded grants create grants
Step 5 ndash Assign role
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
6
User Management Building Blocks
Objects
Define data to be secured ndash a table or view
Stored in FND_OBJECTS FND_OBJECTS_TL
Object Instance Sets
The ldquoWHERErdquo clause for an object
Stored in FND_OBJECT_INSTANCE_SETS FND_OBJECT_INSTANCE_SETS_TL
Managed in Functional Developer Responsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
7
User Management Building Blocks
Permissions ndash 2 types ndash function and data
Function Security Permissions ndash control access to abstract functions
Examples Executable function is access to User Management Roles amp
Role Inheritance Form
Abstract functions are defined as role permissions
Create Role ndash Assign Role
Manage Role ndash Revoke Role
Data Security Permissions ndash control access to objects
Data limited by where clause
Stored in FND_FORM_FUNCTIONS FND_FORM_FUNCTIONS_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
8
User Management Building Blocks
Permission Sets
Grouping of permissions
Example All User Administration Privileges
A permission set can contain other permission sets
Stored in FND_MENUS FND_MENUS_TL FND_MENU_ENTRIES FND_MENU_ENTRIES_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
9
User Management Building Blocks
Grants
Provide permissions for actions on a specified object
Attach function permissions and data permissions (data security polices) to grantee
Grantee
Who gets the grant
A role or group
A specific user
All Users
Data Security Policy
Grant that includes both an object and permission set
Stored in FND_GRANTS
STACKING UP THE BUILDING BLOCKS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
11
Modeling Security Policies
Step 1 ndash Assign access to user management to appropriate users
Step 2 ndash Identify or create permissionspermission sets that group functions (function security)
Step 3 ndash Identify or create product seeded objects object instance sets (data security)
Step 4 ndash Identify seeded grants create grants
Step 5 ndash Assign role
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
7
User Management Building Blocks
Permissions ndash 2 types ndash function and data
Function Security Permissions ndash control access to abstract functions
Examples Executable function is access to User Management Roles amp
Role Inheritance Form
Abstract functions are defined as role permissions
Create Role ndash Assign Role
Manage Role ndash Revoke Role
Data Security Permissions ndash control access to objects
Data limited by where clause
Stored in FND_FORM_FUNCTIONS FND_FORM_FUNCTIONS_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
8
User Management Building Blocks
Permission Sets
Grouping of permissions
Example All User Administration Privileges
A permission set can contain other permission sets
Stored in FND_MENUS FND_MENUS_TL FND_MENU_ENTRIES FND_MENU_ENTRIES_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
9
User Management Building Blocks
Grants
Provide permissions for actions on a specified object
Attach function permissions and data permissions (data security polices) to grantee
Grantee
Who gets the grant
A role or group
A specific user
All Users
Data Security Policy
Grant that includes both an object and permission set
Stored in FND_GRANTS
STACKING UP THE BUILDING BLOCKS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
11
Modeling Security Policies
Step 1 ndash Assign access to user management to appropriate users
Step 2 ndash Identify or create permissionspermission sets that group functions (function security)
Step 3 ndash Identify or create product seeded objects object instance sets (data security)
Step 4 ndash Identify seeded grants create grants
Step 5 ndash Assign role
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
8
User Management Building Blocks
Permission Sets
Grouping of permissions
Example All User Administration Privileges
A permission set can contain other permission sets
Stored in FND_MENUS FND_MENUS_TL FND_MENU_ENTRIES FND_MENU_ENTRIES_TL
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
9
User Management Building Blocks
Grants
Provide permissions for actions on a specified object
Attach function permissions and data permissions (data security polices) to grantee
Grantee
Who gets the grant
A role or group
A specific user
All Users
Data Security Policy
Grant that includes both an object and permission set
Stored in FND_GRANTS
STACKING UP THE BUILDING BLOCKS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
11
Modeling Security Policies
Step 1 ndash Assign access to user management to appropriate users
Step 2 ndash Identify or create permissionspermission sets that group functions (function security)
Step 3 ndash Identify or create product seeded objects object instance sets (data security)
Step 4 ndash Identify seeded grants create grants
Step 5 ndash Assign role
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
9
User Management Building Blocks
Grants
Provide permissions for actions on a specified object
Attach function permissions and data permissions (data security polices) to grantee
Grantee
Who gets the grant
A role or group
A specific user
All Users
Data Security Policy
Grant that includes both an object and permission set
Stored in FND_GRANTS
STACKING UP THE BUILDING BLOCKS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
11
Modeling Security Policies
Step 1 ndash Assign access to user management to appropriate users
Step 2 ndash Identify or create permissionspermission sets that group functions (function security)
Step 3 ndash Identify or create product seeded objects object instance sets (data security)
Step 4 ndash Identify seeded grants create grants
Step 5 ndash Assign role
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
STACKING UP THE BUILDING BLOCKS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
11
Modeling Security Policies
Step 1 ndash Assign access to user management to appropriate users
Step 2 ndash Identify or create permissionspermission sets that group functions (function security)
Step 3 ndash Identify or create product seeded objects object instance sets (data security)
Step 4 ndash Identify seeded grants create grants
Step 5 ndash Assign role
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
11
Modeling Security Policies
Step 1 ndash Assign access to user management to appropriate users
Step 2 ndash Identify or create permissionspermission sets that group functions (function security)
Step 3 ndash Identify or create product seeded objects object instance sets (data security)
Step 4 ndash Identify seeded grants create grants
Step 5 ndash Assign role
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
12
Grant access to user management to appropriate user(s)
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
13
Managing Users ndash Step 1
By default only Sysadmin has access to User Management
Assign a user management role to the appropriate user
Click
pencil to
editSearch
for user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
14
Managing Users ndash Step 1
Click the ldquoAssign Rolesrdquo button to add a role
Click assign roles and
then click the apply
button
Click assign roles and
then click the apply
button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
15
Managing Users ndash Step 1
Search for the ldquoSecurity Administratorrdquo Role check the box and click select
Customer Administrator ndash manage users with party type = customer
Partner Administrator ndash manage users with party type = partner
Other seeded security roles
include Customer
Administrator and Partner
Administrator
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
16
Managing Users ndash Step 1
Enter a justification and click ldquoApplyrdquo
User Management
responsibility is inherited
by assigning this role
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
17
Managing Users ndash Step 1
System Administrator User Define
User Management is shown as an indirect responsibility
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
STEP 2IDENTIFY SEEDED
PERMISSIONSCREATE PERMISSIONS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
19
Permissions
To demonstrate function security Approvals Management will be used as the example
A user will be given access to perform all functions in approvals management
To gain familiarity with permissions available
Go to Functional Administrator Permissions to search for seeded permissions
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
20
Permissions
There are 16 permissions available for AME
Click the update button to examine the ldquoAME Action Createrdquo Permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
21
Permissions
This permission belongs to one permission set with the same name as the permission
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
22
Permission Set
In our example we want the user to have access to ALL functions the transaction type ldquoAP Invoice Approvalrdquo
Go to the permission set tab to see the permission set for all AME functions which is ldquoAME All Permission Setsrdquo
Note that this permission set includes other permission sets Other
Permission
sets
included in
set
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
STEP 3 SEEDED OBJECTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
24
Seeded Objects
To demonstrate data security Approvals Management will be used again as the example
A user will be given access to manage the approval process for the payables invoice approval
Go to Functional Developer Objects to search for available seeded objects
If an object is not available you can create objects
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
25
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Seeded Objects
Tip Query by
responsibility to get
familiar with what is
seeded
Click update to
view details but
avoid changing
seeded objects
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
26
Seeded Objects
Two columns are included which can be used to limit access
Note the Object
Instance Sets Tab
and Grants Tab
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
27
Seeded Objects
Click on the Object Instance Set tab for this object to view the where clause The predicate
allows the user to enter the parameters to select the application and transaction type in the grant
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
STEP 4IDENTIFY SEEDED GRANTS
CREATE GRANTS
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
29
Grants
Create the grant to allow sbehn to perform all AME function for the payables invoice approval transaction type
Click on grants tab
Notice this takes you to the same form as you see in the Functional Administrator responsibility
We are going to enter an object to establish a Data Security Policy
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
30
Grants
Enter name description grantee type grantee
Enter the object name
Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
31
Grants
Choose the context to limit rows
For this example choose instance set
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
32
Grants
We already determined there was an ldquoAME Transaction Typerdquo Instance Set
Chose this value and Click Next
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
33
Grants
Now enter the values for the parameters we saw earlier in the object instance set
The predicate is displayed for reference
Parameter 1 is the application
Parameter 2 is the AME transaction type
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
34
Grants
Scroll down and choose the functions the grantee will be allowed to execute for this group of data by selecting the permission set ldquoAME All Permission Setsrdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
35
Grants
The final page is a review page
Click finish and the confirmation page will appear
Now you have access to data and functions you can perform on that data
Click OK
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
36
Role Based Access Control
In step 1 we gave someone access to user management
In step 2 we identified the ldquoAME All Permission Setsrdquo to provide function security
In step 3 we identified the ldquoAME Transaction Typesrdquo object to provide data security
In step 4 we joined the function and data security together in a grant to allow SBEHN to perform all functions for AME for Payables Invoice Approvals
Buthellipthe user still doesnrsquot have access yet to the responsibility used to manage AME
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
STEP 5ASSIGN RESPONSIBILITIES
TO ROLES
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
38
Assign Roles
Assign AME roles to SBEHN the same way we assigned the ldquoSecurity Administratorrdquo role
Query the user and click the pencil
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
39
Assign Roles
Click the ldquoAssign Rolesrdquo button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
40
Seeded Roles
Choose the ldquoApprovals Management Administratorrdquo role and provide justification
Grants multiple roles shown in the hierarchy below and two responsibilities having a code starting with ldquoFND_RESPrdquo
ResponsibilityResponsibility
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
41
Seeded Roles
Below is a partial list of products with seeded roles This changes frequently
Approvals Management
Diagnostics
Learning Management
Territory Management
User Management
Integration Repository
iReceivables
iSetup
Integrated SOA Gateway (New)
To see whatrsquos new after patches look for roles in User Management responsibility or query WF_ALL_ROLES_VL
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
42
Flexfield SecurityRequired in 122
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
43
Flexfield Value Set Security ndash FNDFFMSV ndash122
Upon upgrade users will not have access to any records in this form
Many ways to get to this formhellipour example
GLSetupFinancialsFlexfieldsValidationValues
43
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
44
Function and Data Security
Must set up function security to define what the user can do in the form
Grant by flexfield report or value set
Grant to application user group
Must set up data security to define which values can be queried
Affects Independent and Dependent value sets
Affects what privileges users have in the Segment Values form
Note Even if you create a new value set you still wonrsquot be able to assign values to that set until security is set up
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
45
Patch for 1222
Apply this patch for 1222 (not needed for 1223)
Oracle Support Document 15892041 (Release 1222 Flexfield Value Set Security Documentation Update for Patch 17305947R12FNDC) can be found at httpssupportoraclecomepmosfacesDocumentDisplayid=15892041
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
46
Grant access to the data
Functional AdminstratorGrants
This example ndash General Ledger Vision Operations (USA) responsibility needs to see GL value sets for Vision Operations Accounting Flexfield
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
47
Data Security - Instance Set
Flexfield Value Set Security Object
Provide access to a specific Key Flexfield Structure by app id key flexfield code and structure number
In this case a specific accounting key flexfield
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
48
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
Other Instance Sets
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
49
Permission set for allowable actions
For this example I chose to allow insert or update for the accounting key flexfield
Seeded permission sets for flexfield security
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
50
Results
Now I have access to all the value sets for the accounting flexfield
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
GoldPartner
51
Proxy User Access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
52
Proxies
Proxy authority can be granted to another user for a specific time period
Cover vacationleave of absenceemergencies
Audit control - Actions are tracked to show delegate is acting on behalf of delegator
1224+ new features (Now backported to 121)
Limit responsibilities and workflow notifications granted to proxy user
Responsibility exclusions
Delegation policies
Grant proxy capabilities to all to selected users
Patch for 121 is 19804456
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
53
Grant Proxy Privileges to Individual ndash 121 and 1223
In order to delegate or receive authority users must have the ldquoManage Proxiesrdquo role
Query the users click the pencil to update click the ldquoAssign Rolesrdquo button and add the Manage Proxies role
Enter a justification and save
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
54
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges (Who can delegate)
Grant proxy privileges to all users
Choose the ldquoAll Usersrdquo radio button then click Apply
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
55
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Grant proxy privileges to selected users
Choose the ldquoUsers with Selected Roles or Responsibilitiesrdquo radio button then click the Add button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
56
Proxy Configuration ndash 1224+
User Management Proxy Configuration Privileges
Search and choose the responsibility or role
Note the code for responsibilities start with FND_Resp Roles start with UMX
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
57
Proxy Configuration ndash 1224+
User Management Proxy Configuration Exclusions (What can be delegated)
Identify responsibilities which can never be delegated
Click the Add Responsibility button and add any responsibility that should never be delegated
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
58
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies (Who can you delegate to)
By default you can delegate proxy access to any user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
59
Proxy Configuration ndash 1224+
User Management Proxy Configuration Policies
In 1224 you can add a pre-defined policy using the Add button or create your own using the Create and Add Policy button
In this example we will only allow a user to delegate only to their direct supervisor and peers of that supervisor
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
60
Proxy Configuration ndash 1224+
Click the add button Enter to see all seeded policies
Check the policy desired and click the select button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
61
Proxy Configuration ndash 1224+
Click on the trash can to remove the policy for All Users
Then click the Apply button
Remember you can also create a policy if the seeded policies do not meet your needs
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
62
Proxies ndash Prior to 1224
Once you have been granted the ldquoManage Proxiesrdquo rolehellipClick the preference button
There is now a new Manage Proxies function
The Add People Button will allow the user to designate a proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
63
Proxies ndash Prior to 1224
Add a user and apply
Now the operations user can act on my behalf
Set an End Date at this time if this is to cover a fixed vacation period or other leave of absence
The proxy user has access to all responsibilities and all notifications
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
64
Proxies ndash Prior to 1224
When the operations user is logged in a ldquoSwitch Userrdquo option will be available
Notice that the user is currently logged is as OPERATIONS
Click the Switch icon to switch users
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
65
Proxies ndash Prior to 1224
Now there is a ldquoReturn to Selfrdquo button
The user is logged in as Operations operating as Proxy for SBEHN
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
66
Proxies ndash Prior to 1224
Run the Page Access Tracking Data Migration concurrent program to populate the Proxy Report
There are no parameters
Then go back to Manage Proxies and click the Run Proxy Report Button
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
67
Proxies ndash Prior to 1224
The report shows all navigation completed by the proxy user
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
68
Proxies ndash 1224+
Click the settings gear then Manage Proxies
Note Clicking the settings gear then Preferences will show the Manage Proxies option on the left similar to earlier releases
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
69
Proxies ndash 1224+
The Manage Proxies page looks only slightly different in 1224
Click the Add Proxy button
In early releases this button is ldquoAdd Peoplerdquo
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
70
Proxies ndash 1224+
Choose the user name then choose the appropriate options for responsibility and workflow access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
71
Proxies ndash 1224+
To grant selected responsibility access click the ldquoSelected radiordquo button and all current responsibilities will appear
Move the desired responsibilities from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
72
Proxies ndash 1224+
To grant selected worklist access click the Selected radio button and all current workflow item types will appear
Move the desired item types from the available column to the selected column
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
73
Proxies ndash 1224+
A workflow notification is sent to the user who is granted proxy access
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
74
Proxies ndash 1224+
As the SBEHN user click the switch user icon
Then click the switch icon
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
75
Proxies ndash 1224+
Now logged in as SBEHN as Proxy for Operations
Only includes
responsibilities
granted
Only includes
item types
granted
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
76
Proxy User Training
Transfer of Information training
httpilearningoraclecomilearnenlearnerjspoffering_details_findjspclassid=1524577857
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
77
References
Oracle Applications System Administrators Guide - Security
See Oracle User Management Developer Guide
My Oracle Support ID 5535471 ndash Data Security Terminology
My Oracle Support ID 5532901 ndash Introduction to the Grants Security System and Data Security
E-Business Suite User Management SIG httpebsumxoaugorg
Release 1223 Oraclereg E-Business Suite Flexfields Guide Release 122 Part No E22963-07 has updated documentation
TOI Oracle E-Business Suite 122 Implement amp Use Oracle E-Business Suite - Flexfield Value Set Security httpoukcoraclecomstatic12opnlogint=checkuserco
okies7Cr=-17Cc=1362916480
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
78 GoldPartner
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
About Infosemantics
Established in 2001
Customer Focused
People First
Global
Shared Expertise
For more information go to our web site at wwwInfosemanticscom
R1213 R122 OBIEE public vision instances
Posted presentations on functional and technical topics
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You
GoldPartner
79
Copyright copy 2014 Infosemantics Inc All Rights Reserved Any other commercial product names herein are trademark registered trademarks or service marks of their respective owners
QuestionsComments
Susan Behn
SusanBehnInfosemanticscom
Thank You