Secuity : Oracle Application Module Security with R12 | OracleApps Epicenter

OracleApps Epicenter

Odyssey of an OracleApps Consultant

Home

About The Epicenter

Resources

SEARCH

Contact

Secuity : Oracle Application Module

Security with R12
Powered Search

Posted on August 28th, 2011 by Sanjit Anand |

Feature Topic

Print This Post |

Email This Post

Have you tried OracleappsHub in
ipad/iphone/smart Phone? Don't wait. try it
today

Grab Free Copy

Get Updates!
Subscribe to the
OracleAppsHub to
receive notifications
when there are new
posts:

Enter your email address

sign up

Categories
11i
Advance Collection
AOL
API Integration
Basic Accounting
Beginner
Beyond Apps
Blogroll

This post is more on revisiting EBS Application Module Security.

1. HRMS Security
In HRMS there are two major Securities concept
Standard
Security Groups Enabled
Standard HRMS Security is a simple security used within
a single legislation and a single business group. In this
model, typically a Security Profile is created for each

Conversion
Depot Repair
EBS Suite
EDI
Emerging
Technologies
Finance
Functional
Fusion
Fusion Application
General Interest
HRMS
Hyperion
Implementations
Integration
InterCompany
JumpStart

Search
Powered Search

distinct group of employees and it is assigned to a

responsibility.Its very simple.
For enabling Standard HRMS Security, Security Profile
screen (US Super HRMS Manager -> Security -> Profile)
can be used to create a Security Profile.
In Security Groups Enabled Security a single
responsibility can be assigned to more than one business
group and so users can access records from multiple
business groups. In this model, multiple security profiles
can be assigned to a single responsibility.

Cash Management
Centrestage

Search

Typical example you can understand in this way : an HR

Manager and Assistant HR Manager can use the same
responsibility, but will be able to view different data.
For Security Groups Enabled Security, use Global Security
Profiles window.
2. Multi Organization Access Control (MOAC)
This means Role based access to Operating Units.
Single installation of EBS can support different types of
organizations and this feature is ability to access multiple
organizations from a single responsibility, which is avaiable
in majority of Oracle application modules.
Typical example of MOAC may be similar to senario listed
here:

Recent Posts
Oracle Advanced
Procurement
What is
Oracle/Hyperion
Financial Data
Quality Management
(FDM)?
What is
Oracle/Hyperion
Financial Data
Quality Management
(FDM)?
Oracle Cloud
Oracle Mobile
iProcurement for
Oracle E-Business
Suite

Blogroll
David Haimes
Floyd Teter
Steven Chan

file:///D|/...en%20attente/Secuity%20%20%20Oracle%20Application%20Module%20Security%20with%20R12%20_%20OracleApps%20Epicenter.htm[04/01/2016 10:06:26]

Secuity : Oracle Application Module Security with R12 | OracleApps Epicenter

MDM
Methodology/Process
Misc
News
OPM
Oracle Application
Oracle Asset
Oracle Cloud *
Oracle Credit
Management
Oracle Diagnostics
Oracle E-Business
Tax
Oracle eAM

Limit users to their relevant organizations through

security profiles.
Assign inventory organizations to inventory users.
Enter Purchase Orders in one organization and
receive goods into any other organization.
Internal Requisitions from one organization and ship
from another organization, with Intercompany
invoicing.
Now, Im going to explain how to define a security profile.
Using Oracle HRMS, you can define your security profile
using two forms: The Security Profile form or the Global
Security Profile form that is shown here. Both forms look
almost identical.

Oracle Footprint
Oracle General
Ledger
Oracle ICM
Oracle Legal Entity
Configurator
Oracle Manufacturing
Oracle Order
Management
Oracle Payable
Oracle Payment
Module
Oracle Pricing
Oracle Product
Oracle Property
Manager

The Security Profile Form allows you to select operating

units from only one Business Group. The Global Security
profile Form allows you to select operating units from
multiple Business Groups.
The decision on which form to use is really up to you and
depends on your HR implementation and how you want to
partition data. All you need to do is enter a name, and
select the Security Type called Secure organizations by
organization hierarchy and/or organization list. This allows
you to assign multiple OUs. When assigning operating

Tim Dexter
Trioragroup Blog

Total Page View

News & Views
EMC revamps
XtremIO software,
rolls out 40TB XBrick ZDNet
Floating solutions
mydigitalfc.com
Oracle Aims to
Leverage Cloud to
Overtake SAP as Top
Apps Seller eWeek
Oracle's Two CEOs
Say They'll Win The
Cloud And A Rival
Buying Salesforce
Forbes

User Onlines
429 Users

units, first select classification Operating Unit, and then

select the organization or Operating Unit name. You can
assign as many operating units as you want.

Oracle Purchasing
Oracle Receivable
Oracle TCA
Oracle Treasury
Personalizations
R12
Release12
Security
SEPA
Service Contracts
Subledger
Accounting
Technical
Tool
Uncategorized
Web ADI
XBRL

Archives
January 2015
December 2014
October 2014
August 2014
July 2014
May 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013

file:///D|/...en%20attente/Secuity%20%20%20Oracle%20Application%20Module%20Security%20with%20R12%20_%20OracleApps%20Epicenter.htm[04/01/2016 10:06:26]

Secuity : Oracle Application Module Security with R12 | OracleApps Epicenter

August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010

3 Bank Account Security

Bank Account Maintenance security secures the creation
and update of bank accounts, whereas Bank Account
Access security secures the use of bank accounts.
Bank Account Maintenance Security, which secures the
creation and update of bank accounts, grants user the
access to one or more legal entities. Users can create and
update the bank accounts whose owner legal entity is
registered in the Bank Account Maintenance Security.
Users can create Bank accounts for which the list of legal
entities in Bank Account Owner LOV will be restricted by
this security. Users can query and update only those bank
accounts whose owner is registered in this security.
The security setup is done in a wizard called Bank
Account Security Management.
Define bank account use and link organization for every
account.
Navigation: Cash management Superuser (R) -> Setup ->
Banks -> Bank Accounts -> Click Account Access (T).

June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008

file:///D|/...en%20attente/Secuity%20%20%20Oracle%20Application%20Module%20Security%20with%20R12%20_%20OracleApps%20Epicenter.htm[04/01/2016 10:06:26]

Secuity : Oracle Application Module Security with R12 | OracleApps Epicenter

November 2008
October 2008
September 2008
August 2008
July 2008

Assign organization (Operating Units, Ledger Entities and

Business Groups) and bank account use to a Role.

June 2008
April 2008

Navigation: User Management ( R) -> Roles & Role

Inheritance -> Security Wizards -> CE UMX Security

March 2008

wizard.

May 2008

February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
October 2006
August 2006

Links
Metalink
Oracle
Oracle Integration
Repository

Disclaimer
Disclaimer

Meta:
RSS
Comments RSS
Valid XHTML
eMail

Bank Account Access security rule is composed of 2 parts :

1. Bank Account Access Setup => Bank Account
Access setup defines organizations that can use
existing bank account
2. Cash Management Security Profiles => Cash
Management Security Profiles provide a list of
organizations where an user has access to.
4. Purchasing Security
Purchasing documents can have 4 levels of security:
Public: Any user may access these documents.
Private: Only the document owner and subsequent
approvers can access the document.
Purchasing: Document owner, subsequent
approvers and users listed as buyers can access.
Hierarchy: Document owner, team members,
approvers and others in the security hierarchy
higher than document owner.

file:///D|/...en%20attente/Secuity%20%20%20Oracle%20Application%20Module%20Security%20with%20R12%20_%20OracleApps%20Epicenter.htm[04/01/2016 10:06:26]

Secuity : Oracle Application Module Security with R12 | OracleApps Epicenter

Ad

5.iSupplier Security
If you have created custom responsibilities that will be
assigned to supplier users,securing attributes must be
included in your custom responsibility definition.
There are three securing attributes that can be used to
control access. These attributes are all seeded with the
pre-defined Oracle iSupplier Portal responsibilities that are
released with the product:
ICX_SUPPLIER_ORG_ID - Identifier for the supplier.
ICX_SUPPLIER_SITE_ID - Identifier for the supplier
site.
ICX_SUPPLIER_CONTACT_ID - Identifier for the
supplier contact
You can enable them from Navigation: System
Administrator ( R) -> Security -> Responsibility -> Define.

6.Flexfield Security Rules

file:///D|/...en%20attente/Secuity%20%20%20Oracle%20Application%20Module%20Security%20with%20R12%20_%20OracleApps%20Epicenter.htm[04/01/2016 10:06:26]

Secuity : Oracle Application Module Security with R12 | OracleApps Epicenter

Flexfield Value Security gives you the capability to restrict
the set of values a user can use during data entry. With
easy-to-define security rules and responsibility level
control, you can quickly set up data entry security on your
flexfield segments and report parameters.
Flexfield Value Security lets you determine who can use
flexfield segment values and report parameter values.
Based on your responsibility and access rules that you
define, Flexfield Value Security limits what values you can
enter in flexfield pop-up windows and report parameters.
Security rules for the Accounting Flexfield also restrict
query access to segment values in the Account Inquiry,
Funds Available, and Summary Account Inquiry windows.
In these windows, you cannot query up any combination
that contains a secure value. However in all other forms,
you will be able to query up a value even if it is restricted
to the user.
In order to use, you just need to define Security Rules
window to define value security rules for ranges of flexfield
and report parameter values.
Navigation: Application -> Validation -> Security ->
Define.
Use Assign Security Rules window to assign the flexfield
security rules to an application responsibility.
Navigation: Application -> Validation -> Security ->
Assign.
7.Fixed Assets Security
You can manage your Asset Book Security, as mention in
one of previous post.This Functionality you can understood
as:
Secure access to each depreciation book / Ledger
Create a flexible hierarchy of asset organizations
Associate a responsibility with one or more
depreciation books
Asset Book Security allows multiple asset books/registers
to be manage/administered independently
Fixed Assets responsibility can be secured by linking a
Fixed Asset Book / Ledger, by executing the following
steps:
Link an Asset organization to the Fixed Asset Set of
Book/Ledger.
Establish an Organization hierarchy for the asset
organization.
Navigation: Fixed Assets Manager ( R) -> Setup ->
Security -> Organization -> Description -> Query
Asset Organization -> Select Asset
Organization -> Click Others -> Assign FA Book.
8. Oracle Projects Security
Oracle Projects provides several integrated security
mechanisms to help you define user access to
organization, project, and resource information, as well as

file:///D|/...en%20attente/Secuity%20%20%20Oracle%20Application%20Module%20Security%20with%20R12%20_%20OracleApps%20Epicenter.htm[04/01/2016 10:06:26]

Secuity : Oracle Application Module Security with R12 | OracleApps Epicenter

a variety of Oracle Projects functions. These mechanisms
are all based on function security, which is the foundation
of Oracle Applications security.
Using these integrated security mechanisms, you can
define Oracle Projects security at the following levels:
Responsibility level, across projects.
Project level, using project roles.
Organization level, using predefined organization
authority roles.
9. Inventory Organization Access
Inventory organizations can be assigned to responsibilities
with inventory screens, thereby restricting the access to
only those inventory organizations.
Navigation: Inventory ( R) -> Setup -> Organizations ->
Organization Access.

It is a very straight forward Form that you can assign

which Inventory Organization(s) available to a
responsibility. The Rule behind this Form is that once a
responsibility is used, the default is that this responsibility
does not allow to access all Inv. Org., unless you explicitly
assign it. The good side is that this setting is effective
immediately; no need to submit what-is-the-name-again
process, setup all-look-like-the-same profile options
10. Manufacturing Organization Access
Manufacturing organizations can be assigned to
responsibilities with manufacturing screens, thereby
restricting the access to only those organizations.
your Navigation is: Advanced Planning Administrator ( R) > Admin -> Organization Security.
11. Shipping Grants & Warehouse Access
Shipping roles can enable or disable access to individual
functions within Shipping.
Navigation: Order Management ( R) -> Setup -> Shipping
-> Grants and Role Definitions -> Define Roles.

file:///D|/...en%20attente/Secuity%20%20%20Oracle%20Application%20Module%20Security%20with%20R12%20_%20OracleApps%20Epicenter.htm[04/01/2016 10:06:26]

Secuity : Oracle Application Module Security with R12 | OracleApps Epicenter

Then you can assocaite shipping roles then can be

assigned to individual users.
Navigation: Order Management ( R) -> Setup -> Shipping
-> Grants and Role Definitions -> Grants.
12. Order Holds
In Order Management, when further processing has to be
prevented on an order, a hold can be placed and released
later.
Navigation: Order Management ( R) -> Setup -> Orders > Holds.

13. Advance pricing

Pricing security enables you to restrict pricing activities
such as updating and viewing pricing entities to users who
are granted specific access privileges. Pricing entities
include price lists, pricing agreements, and modifiers.
Pricing security can be set up and maintained in the HTML

file:///D|/...en%20attente/Secuity%20%20%20Oracle%20Application%20Module%20Security%20with%20R12%20_%20OracleApps%20Epicenter.htm[04/01/2016 10:06:26]

Secuity : Oracle Application Module Security with R12 | OracleApps Epicenter

user interface by a user who is assigned the Oracle Pricing
Administrator responsibility. The Oracle Pricing
Administrator has the authorization to access and update
all pricing entities for all functional users.
With pricing security, you can implement a higher level of
control by:
Assigning pricing entities to operating units: A
pricing entity can be assigned ownership to a
specific operating unit. You can restrict usage to one
operating unit or by all operating units.
Assigning privileges that control which grantee
(Global, Operating Unit, Responsibility, or User
level) can view or maintain the specified entity: You
can use security privileges to control user's access
to pricing entities in the following ways:
Grant view-only or maintain access privileges
to functional users at the Global, Operating
Unit, Responsibility, or User level.
Assign or reassign Operating Unit ownership
to price lists and modifiers and control which
operating units can use them for pricing
transactions.
Create entity sets (a set consists of grouped
pricing entities) and assign access privileges
to the entire set. The Entity Set function is
available only with license to Advanced
Pricing.
Setting default rules for security access for new
pricing entities.
Take a Note , before turning on pricing security, you must
create privileges for existing pricing entities.
Navigate (N) Oracle Pricing Administrator Setup -->
Security --> Privileges

Hope this post will surly help you in address some of

security and audit need for Clients/Customer.
Suggested Reading
Understanding Security in : Oracle Financials and
Manufacturing

file:///D|/...en%20attente/Secuity%20%20%20Oracle%20Application%20Module%20Security%20with%20R12%20_%20OracleApps%20Epicenter.htm[04/01/2016 10:06:26]

Secuity : Oracle Application Module Security with R12 | OracleApps Epicenter

Know the Security by Book in Fixed Asset
Secuity : Oracle Internal Controls Manager
Related Posts
1. Understanding Security in : Oracle Financials and
Manufacturing
2. R12 : Management Reporting Security
3. Know the Security by Book in Fixed Asset
4. Oracle Fixed Asset:Security by Book
5. Oracle Pricing Module A Note
Posted in Security | No Comments

Email This Post |

Print This

Post
Have you tried OracleappsHub in
ipad/iphone/smart Phone? Don't wait. try it
today

Leave a Comment
Name

Mail (will not be published)

Website

Please note: Comment moderation is enabled and

may delay your comment. There is no need to
resubmit your comment.
Submit Comment

All content present on this website is property of OracleappsHub.com and subject to international copyright laws.
2006-2011 Copyright OracleApps Epicenter.All Rights reserved.

file:///D|/...en%20attente/Secuity%20%20%20Oracle%20Application%20Module%20Security%20with%20R12%20_%20OracleApps%20Epicenter.htm[04/01/2016 10:06:26]