7/29/2019 MOAC_R12

1/10

Oracle Apps R12 MOAC and its impactOracle R12 MOAC and its impact

Setup the Security Profile:1.Create a Security Profile in HRMS Responsibility

HRMS Manager>Security>ProfileIn this setup specify different Operating Units that you want to Access.

2.Run the Security List MaintenanceThis is a required step when you create a new Profile or modify existing one.

3.Setup the MO: Security Profile value to above created security profile.This "MO: Security Profile" Profile option has to be setup at the responsibility level.This will ensure thatResponsibility will have access to the data of all the Operating units under the Security Profile.

Important profile option

MO: Security Profile:

MO: Operating Unit:This comes from 11i and is still valid only its evaluated, if there is no value setup at MO:Security

Profile.

MO: Default Operating UnitIf the security profile is setup to access multiple operating units, this requires users to selectthe Operating Unit every time user access the Sub ledger pages. To avoid this the Default Operating Unit profile canbe setup.

How MOAC impacts the way we work in TOAD

11iTo set the Org id in TOAD1. Get the Org_id from HR_ORGANIZATION_UNITS

2. In toad execute the below codebegin

fnd_client_info.set_org_context(&org_id);end;

To set the responsibility context in TOAD1. Get the User id, Responsibility Id and Application id from Front end

Help>Diagnostic>Examine and select BLOCK as "$PROFILES$" and then get the respective IDS

2. Using the IDs execute the below code in TOAD

beginFND_GLOBAL.APPS_INITIALIZE(user_id in number,resp_id in number,resp_appl_id innumber);end;

R12:To set the Org id in TOAD1. Get the Org_id from HR_ORGANIZATION_UNITS

2. In toad execute the below code--Sets the 201 as single Org idexec MO_GLOBAL.SET_POLICY_CONTEXT('S',201);Pass a value "S" in case you want your current session to work against Single ORG_IDPass a value of "M" in case you want your current session to work against multiple ORG_ID's

To set the responsibility context and initiate MOAC in TOAD

7/29/2019 MOAC_R12

2/10

1. Get the User id, Responsibility Id and Application id from Front endHelp>Diagnostic>Examine and select BLOCK as "$PROFILES$" and then get the respective IDS

2. Using the IDs execute the below code in TOAD

a. exec FND_GLOBAL.INITIALIZEThis will set your responsibility id, user_id etc

b. call MO_GLOBAL.INIT('AR')This will read the MO profile option values for your responsibility/user, and will initialize theMulti Org Access.

MOAC for table accessIn 11i _ALL Tables where non Org specific and Org specific views were created on these tables.But in R12 its different concept

a. For the table AP_INVOICES_ALL a synonym AP_INVOICES_ALL is created in APPS.

b. Also another synonym AP_INVOICES is created which refers to AP_INOICES_ALL.

c. A Row Level security is applied to AP_INVOICES, using package functionMO_GLOBAL.ORG_SECURITY.

This can be double-checked by running SQL select * from all_policies whereobject_name='AP_INVOICES'

e. The effect of this policy is that,whenever you access AP_INVOICES, Oracle RLS willdynamically append WHERE CLAUSE similar to below

SELECT * FROM AP_INVOICESWHERE EXISTS (SELECT 1 FROM mo_glob_org_access_tmp oa WHERE oa.organization_id =org_id)

Multi Org Structure in R12: An Overview

What is a Multi Org Structure?

If an enterprise or a business wants to implement multiple organizations such as multiple Ledgers (Sets of Books),

or Legal Entities, or Business Groups within a single installation of Oracle Applications, then we can summarize that

the enterprise is planning to implement a multi org setup.

How About a Close to Real Life Case Study?

Before we dive into this topic, let us draw a multi org structure on a whiteboard. It would help to analyze a real

picture, as we pick at the concepts that go into designing a multi org structure.

7/29/2019 MOAC_R12

3/10

The above is the organization structure for Office Smart Solutions, which is a major office supplies retailer,

headquartered in Naperville, Illinois, USA. The organization operates in three countries the US, Canada and

India.

Office Smart has an organization structure with the following:

2 Business Groups one in the US, which controls the organization structure in North America, and one in India

3 Legal Entities one in the US, one in Canada, and one in India

3 Primary Ledgers one in the US, one in Canada, and one in India

3 Operating Units one in the US, one in Canada, and one in India

5 Inventory organizations two in the US, one in Canada, and two in India

Subinventories and locators exist beneath the inventory organizations, but they are not relevant for the sessionon multi org structures.

With this, let us step back and reflect

The way it was in 11i

In 11i, a user working with a specific responsibility, under a given operating unit, would need to switch

responsibilities, if she were to access a sales order that was created from a different operating unit. For this to

happen, the user had to be assigned a second responsibility that was linked to the second operating unit.

From an implementation perspective, this implied that each responsibility could be linked to one and only one

operating unit. Thus, if a user in Office Smart Canada, needed access to data in Office Smart US, then she would

need to be assigned a responsibility that was tied to the US Operating Unit Office Smart Operations.

Responsibilities were tied to operating units through the profile option MO: Operating Unit.

7/29/2019 MOAC_R12

4/10

What R12 brings to the table

Release 12 brought with it, the philosophy of Multi Org Access Control (MOAC).

Globalization is unstoppable. Regardless of geography, industry or income, companies are globalizing to gain new

customers and access new markets. Is this a good thing? Nearly two-thirds of the CEOs we surveyed are positive

about the impact that globalization will have on their organizations over the next three years.

Source: 9th Annual Global CEO Survey Globalization and Complexity; PwC 2006

With Release 12, Oracle Applications had to ensure that certain aspects of the applications were redesigned to

meet the inevitable advance of Globalization.

Organizational changes in R12

The Set of Books evolved into Ledgers and Ledger Sets. The philosophy of Multiple Organization Access Control

(MOAC) introduced in R12, ensured that the same user could perform multiple tasks across operating units without

changing responsibilities. The use of Security Profiles was extended beyond HR to make MOAC possible.

Organization Access Control in R12

In a multi org environment, securing the data in each organization becomes a key task and concern for

management and the implementation team. By creating custom responsibilities, management ensures thatemployees are given access to only those menus and functions that they need to perform their routine activities.

However, an addition layer of security needs to be designed to ensure that using those menus and forms given to

them, employees cannot trespass into an organization that they should not have access to.

As mentioned above, in 11i access to organizations was compartmentalized based on operating units. This ensured

data security, but at the expense of making it a little cumbersome for the user to switch between organizations

that belong to different operating units.

The Multi Org Access Control (MOAC) feature in R12 retains the data security aspect between organizations and

users. However, it also brings with it a certain degree of user friendliness in navigating between different operating

units.

How does R12 implement this change?

This series is designed to highlight all that it takes to implement a Multi Org Structure in Release 12.

R12: Setting up MOAC (Multi Org Access Control) in R12Prior to R12, end users use to toggle / switch / change responsibilities in order to do transactions (like invoice /payment processing in AP) in different operating unit. This is a very time consuming and inefficient way ofrecording transactions when you have 100s of operating units specially Internet based organizations who haveworld wide operations in almost all the countries.

To address this, a new feature in R12 has been introduced in which user can switch between operating unitswithin a responsibility something similar to "Change Organization" feature in inventory. Prior to R12, user wouldhave to switch responsibilities in order to enter transactions in respective operating units (tagged to theresponsibility).

To enable this feature, Oracle has provided MOAC (Multi Org Access Control) in R12 to achieve thisfunctionality.Most of the setup steps for this is similar to setting up of HR Security. So, if you know how to set HR securitythen setting MOAC is just a piece of cake.

Do the following setups as part of MOAC setup-

Step 1. Create Organization Hierarchy-Navigate to Human Resource responsibility > Define Organization Hierarchy

7/29/2019 MOAC_R12

5/10

Create an Organization Hierarchy as shown below. Here I have named it as "XXTech Vision". This is my Orghierarchy name.This has following heirarchy,

Organization name (This would show-up all Organizations in the current business group):Vision Corporation--Vision Services--Vision Leasing--Vision Utilities

Once you set this up, you can see how your hierarchy looks like in the Organization Diagrammer as shownbelow,

Step 2- Create HR Security Profile as shown below (Navigation - Human Resources responsibility > Security> Profile)Enter the values as shown in the below picture.

http://4.bp.blogspot.com/_8pJspyMbvw0/S5X6g62FJcI/AAAAAAAAACE/g58ES2v2EQw/s1600-h/diagrammer-1.jpghttp://1.bp.blogspot.com/_8pJspyMbvw0/S5X6UmOPofI/AAAAAAAAAB8/nLI6BkfogdA/s1600-h/Organization+Hierarchy-1.jpghttp://4.bp.blogspot.com/_8pJspyMbvw0/S5X6g62FJcI/AAAAAAAAACE/g58ES2v2EQw/s1600-h/diagrammer-1.jpghttp://1.bp.blogspot.com/_8pJspyMbvw0/S5X6UmOPofI/AAAAAAAAAB8/nLI6BkfogdA/s1600-h/Organization+Hierarchy-1.jpg

7/29/2019 MOAC_R12

6/10

Step 3- The final step of the setup is to attach the HR security profile just created to the "MO:SecurityProfile" profile for the responsibility to which you want to have the MOAC functionality as shown in the belowpicture,

Step 4- Run "Security List Maintenance" concurrent request,This process maintains the list of employees, organizations, positions, payrolls and applicants that securityprofile holders have access to. Schedule this request to run every night during quite hours if possible. If it is runwhen the users are logged in then users may experience unexpected results while doing transactions like

additional employees / OUs may become visible or previously visible employees may no longer be visible for abrief period of time. Once the process completes then everything would work normal. If it does not run due tosome reason then this can be manually run as shown in the picture,

Step 5- Test the setupNow navigate to "Payables Manager" responsibility > Invoices Workbench > Click on the LOV of OU > It wouldshow up all the organizations (setup as operating units that were part of the security profile >

http://4.bp.blogspot.com/_8pJspyMbvw0/S5X8DiPOJ8I/AAAAAAAAACs/-UYSjK1dBSk/s1600-h/security+list+maintenance.jpghttp://3.bp.blogspot.com/_8pJspyMbvw0/S5X6ynnxINI/AAAAAAAAACU/WviO5VHVVjs/s1600-h/MO-security+profile.jpghttp://1.bp.blogspot.com/_8pJspyMbvw0/S5X7bMct74I/AAAAAAAAACk/XYjZLBsv3C0/s1600-h/security+profile.jpghttp://4.bp.blogspot.com/_8pJspyMbvw0/S5X8DiPOJ8I/AAAAAAAAACs/-UYSjK1dBSk/s1600-h/security+list+maintenance.jpghttp://3.bp.blogspot.com/_8pJspyMbvw0/S5X6ynnxINI/AAAAAAAAACU/WviO5VHVVjs/s1600-h/MO-security+profile.jpghttp://1.bp.blogspot.com/_8pJspyMbvw0/S5X7bMct74I/AAAAAAAAACk/XYjZLBsv3C0/s1600-h/security+profile.jpghttp://4.bp.blogspot.com/_8pJspyMbvw0/S5X8DiPOJ8I/AAAAAAAAACs/-UYSjK1dBSk/s1600-h/security+list+maintenance.jpghttp://3.bp.blogspot.com/_8pJspyMbvw0/S5X6ynnxINI/AAAAAAAAACU/WviO5VHVVjs/s1600-h/MO-security+profile.jpghttp://1.bp.blogspot.com/_8pJspyMbvw0/S5X7bMct74I/AAAAAAAAACk/XYjZLBsv3C0/s1600-h/security+profile.jpg

7/29/2019 MOAC_R12

7/10

organization hierarchy as shown in the below picture,

Oracle apps MOAC setupThe Security Profiles form allows you to group together Operating Units

Define the security profile for the order management responsibility:

Navigate: HRMS Management responsibility:

1. HRMS Manager > Security > Profile

2. Verify that the security profile is defined for the OM responsibility.

3. If the security profile is not yet setup, enter it and attach the operating units

4. SAVE

http://1.bp.blogspot.com/-Cm09W5gWsco/T_uNTddlJxI/AAAAAAAACKk/bCCEgkFAjGA/s1600/1.pnghttp://3.bp.blogspot.com/_8pJspyMbvw0/S5X68pRhPZI/AAAAAAAAACc/eiIZzNRVYHo/s1600-h/invoice+workbench.jpghttp://1.bp.blogspot.com/-Cm09W5gWsco/T_uNTddlJxI/AAAAAAAACKk/bCCEgkFAjGA/s1600/1.pnghttp://3.bp.blogspot.com/_8pJspyMbvw0/S5X68pRhPZI/AAAAAAAAACc/eiIZzNRVYHo/s1600-h/invoice+workbench.jpg

7/29/2019 MOAC_R12

8/10

The Security List Maintenance concurrent program must be run each time you add or

change Security Profiles.

There are three Profile Options you need to be aware of related to Multi-Org that should be

set at the Responsibility Level.

The R12 profile option MO: Security Profile is always evaluated first.

The pre-R12 profile option MO: Operating Unit still works in R12. It is just a secondarypriority being evaluated after MO: Security Profile.

The R12 profile option MO: Default Operating Unit sets the default Operating Unit fortransactions when running under a Security Profile.

Many R12 applications modules do not work with MO: Security Profile set for a givenresponsibility.

http://1.bp.blogspot.com/-6EYGIGho4IU/T_uNitKxUCI/AAAAAAAACK0/GghjxHaOAzM/s1600/3.pnghttp://3.bp.blogspot.com/-OpYLhwfDK2w/T_uNUD8adhI/AAAAAAAACKs/RsselZz20hU/s1600/2.pnghttp://1.bp.blogspot.com/-6EYGIGho4IU/T_uNitKxUCI/AAAAAAAACK0/GghjxHaOAzM/s1600/3.pnghttp://3.bp.blogspot.com/-OpYLhwfDK2w/T_uNUD8adhI/AAAAAAAACKs/RsselZz20hU/s1600/2.png

7/29/2019 MOAC_R12

9/10

They must only use MO: Operating Unit.

Some even require all three Profile Options set.

Examples:

CRM Modules Certain GL Drill Down Functions

(Trial and error determination of setups, no clear direction)

Now check the operating unit field in the orders screen

Vision Operations defaults as the operating unit in the form per profile option setting for

OM: Default Operating Unitat responsibility level

http://2.bp.blogspot.com/-WImbis6rsO8/T_uNy6SGZiI/AAAAAAAACLE/tEXVGHWq1xo/s1600/5.pnghttp://2.bp.blogspot.com/-FuJCB24TIXk/T_uNpJ0mjEI/AAAAAAAACK8/wHqwFSnW9Jo/s1600/4.pnghttp://2.bp.blogspot.com/-WImbis6rsO8/T_uNy6SGZiI/AAAAAAAACLE/tEXVGHWq1xo/s1600/5.pnghttp://2.bp.blogspot.com/-FuJCB24TIXk/T_uNpJ0mjEI/AAAAAAAACK8/wHqwFSnW9Jo/s1600/4.png

7/29/2019 MOAC_R12

10/10

http://2.bp.blogspot.com/-b5mwHOQ4a7Q/T_uNzsxE1VI/AAAAAAAACLM/_AV7QhbjsFQ/s1600/6.png