1 / 52

E-Business Suite User Management SIG – User Access Requests and Approvals

Learn about user access requests and approvals, delegated administration, and key updates in Oracle E-Business Suite User Management. Presented by Oracle Ace Susan Behn.

lfarrar
Download Presentation

E-Business Suite User Management SIG – User Access Requests and Approvals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-Business Suite User Management SIG – User Access Requests and Approvals 10424 Susan Behn, Infosemantics

  2. About the Speaker • Oracle Ace • Over 20 years E-Business Suite development and support • Member-Oracle Proactive Support Customer Advisory Board • Chair-Oracle E-Business Suite User Management SIG • Chair-Texas-Louisiana Oracle User Group TLOAUG • Treasurer – Dallas Oracle Users Group – DOUG • Board Member – Customizations and Extensions SIG • Over 100 presentations on E-Business Suite • Co-author for multiple books on E-Business Suite • The ABCs of Workflow for E-Business Suite Release 11i • Release 12 and The Release 12 Primer – Shining a Light on the Release 12 World.  

  3. Agenda • SIG Announcements • New Features not covered at Collaborate16 • User Access Requests and Approvals • Delegated Administration • TIPS • References

  4. EBS User Management SIG • Board Members • Susan Behn – Chair • Sridhar Rangaswamy - Vice Chair • Assist chair with meeting planning and overall direction of the SIG • Karen Brownfield - Oracle ATG Group Liaison • Function as a channel for recommended enhancements and influence the future development direction of the Oracle applications Upgrade process and procedures • Present feedback from the user community to Oracle Corporation • Updates posted to web site at http://ebsumx.oaug.org/

  5. Key changes not covered at Collaborate16 • 12.1.x • New roles for diagnostics • 12.2 • Proxy Auditing • 12.2.6 • Setup Wizard for Flexfields Value Set Security • Oracle E-Business Suite Forms in Read-Only Mode on the Responsibility or User Level • New OAF forms • User Registration • Responsibility Registration • Key and Descriptive Flexfield Setup

  6. Help  Examine (Update and Read-only)

  7. Diagnostics in 12.1 via grants/roles • Sample Seeded Permission Sets

  8. Read-Only Diagnostics in 12.1 via grants/roles • Create Role • Role Code = FND_DIAGNOSTICS_DEVELOPER • After saving, “UMX|” will be added to code • Click “Save, then the “Create Grant” button 2. Click Save, not Apply 1. UMX| added by Oracle 3. After saving, Create Grant

  9. Read-Only Diagnostics in 12.1 via grants/roles • Create the Grant • The Grantee is the Role just created • Select Permission Set from list in slide 15

  10. Read-Only Diagnostics in 12.1 via grants/roles • Add new Role to desired Responsibility hierarchy • This example will give the System Administrator responsibility access to diagnostics • Click “View in Hierarchy”, then the + to add a role

  11. Read-Only Diagnostics in 12.1 via grants/roles • Find the role just created and quick select

  12. Read-Only Diagnostics in 12.1 via grants/roles • Updated view of hierarchy with added role

  13. Diagnostics in 12.1 via grants/roles • More Information • System Administrator’s Guide – 12.1, Appendix F • Not in 12.2 Guide • https://download.oracle.com/docs/cd/B53825_06/current/acrobat/121sacg.pdf • MOS Note 1223753.1 – Why Can’t Users Enable Forms Trace in 12.1.3 • MOS Note 2011837.1 – Create and Assign a Role Which Gives users Read Only Access to Diagnostics

  14. Proxy Auditing

  15. Tracking approvals by proxy user • Audit control - Actions are tracked to show delegate is acting on behalf of delegator • 12.2 Patch 21463185; MOS note 2045841.1 • Records the proxy user who did an approval – but the values are stored in wf_comments • Oracle Support Document 738230.1 (How to Verify who Owns and Approves a Notification when Using the Worklist Access Functionality?) • select notification_id, from_user, to_user, proxy_rolefrom wf_comments • This table is purged when the workflow purge occurs so you may want to run a daily report before any workflow purges to find any approvals where these fields are populated or not the same • Proxy Auditing • The Proxy Auditing feature provides a consolidated report for auditors to evaluate the transactions of proxy users or any other user on a specific data object. Administrators and delegators can run this report to see the transactions that were executed by the proxy user on their behalf.

  16. New in 12.2.6

  17. Read-only Responsibility or OU in 12.2.6 • Oracle E-Business Suite Forms in Read-Only Mode on the Responsibility, Organization or User Level • Create a grant using the “EBS Read Only” permission set in Role-Based Access Control • No object name on grant • Only for Forms-based applications – not OAF forms • Documented in EBS Security Guide

  18. Flexfield Value Set Security Wizard in 12.2.6 • Documented in EBS Flexfields Guide • User Management Roles and Responsibilities • Create or edit exiting responsibility or role • Select the “Security Wizards” button and run “Flexfield Value Sets: Security Administration Setup” wizard • Select the “Create Grants” button and create “typical” grant with name, description, assignee, etc… • See Slide on Next page which shows grant • Select the appropriate privileges (insert, update, view, etc…) • In the "Authorize Value Sets by” field, choose the level where security is being established (i.e. value set, segment, descriptive or key flexfield, key flexfield structure, etc…) • Based on the value in "Authorize Value Sets by”, select the specific value set, key flexfield structure, etc…

  19. Flexfield Value Set Security Wizard Example Security level - value set, segment, descriptive or key flexfield, key flexfield structure, etc…) Security level – Specific value

  20. User Access Requests and Approvals

  21. Registration Process – Additional Access • User Management  Registration Processes • Click the Create Registration Process Button

  22. Registration Process – Additional Access • Select the role or responsibility eligible for requesting access • Choose Additional Access (Self Service) for the type • Click next

  23. Registration Process – Additional Access • Set Notifications to User Management: Additional Access Notification workflow start • Click Next

  24. Registration Process • Choose who is allowed to request access • Click Submit

  25. Access Request • In one of the eligible responsibilities, click the gear icon and choose Access Requests • Click the Request Access button

  26. Access Request • Click the radio button for Security Administration and then click the Select Category button, click next • Choose the role for the access request, click next

  27. Access Request • Enter the justification, click next • Click Submit

  28. Access Request • User now has Help  Examine

  29. Registration Process – User Registration • Example – Self Service Account Creation Create pages to ask all the required questions Business event which raises a workflow for approval and identify verification notification Event to invoke custom business logic AME transaction type to manage approvals

  30. Registration Process – User Registration

  31. Delegated Administration Allow help desk users to change passwords for other users

  32. Allow User to Change Passwords • Functional DeveloperHomePermission sets • Search for Basic User AdministratrationPrivileges • Click on the Duplicate button

  33. Allow User to Change Passwords • Change the Name, Code and Description and click Apply • Click the + icon to add the permissions to Query and Reset Password

  34. Allow User to Change Passwords • A permission set becomes a menu • Go to System AdministratorApplicationMenu • Query the permission set just created • Uncheck all the grant check boxes so the grants created asthe Functional Administrator will be used • Request to recompile menus is automatically submitted

  35. Allow User to Change Passwords • Create a custom responsibility • System AdministratorSecurityResponsibilityDefine • Set the menu to 'User Management -Top Level menu‘

  36. Allow User to Change Passwords • Create a role in User Management • Remember not to enter UMX| at the beginning of the role code • It is automatically added

  37. Allow User to Change Passwords • Create a grant by using the grant button on the Create Role page which automatically populates the grantee with the role name just created Leave the object blank

  38. Allow User to Change Passwords • Permission set = User Maintenance UI’s • Then click Next, then Finish

  39. Allow User to Change Passwords • Query the role just created • Click the pencil to update

  40. Allow User to Change Passwords • Click the Security Wizards button • Click the icon to run the User Management wizard

  41. Allow User to Change Passwords • Click the Add More Rows button • Choose “All People” for the Users and the Permission set created earlier • Save your changes

  42. Allow User to Change Passwords • Query the role you created • Then click the View In Hierarchy Icon

  43. Allow User to Change Passwords • Click the Add Node Icon

  44. Allow User to Change Passwords • Find the responsibility created earlier and select

  45. Allow User to Change Passwords • This adds the responsibility to the role • Granting the role inherits the responsibility Responsibility – Code starts with FND_RESP Role – code starts with UMX

  46. Allow User to Change Passwords • Add the role to a specific user in User Management • That user now has responsibility to change passwords

  47. Tips & Miscellaneous Items

  48. Migrate UMX Roles (afrole.lct) • Download • FNDLOAD username/pwd@TWO_TASK 0 Y DOWNLOAD $FND_TOP/patch/115/import/afrole.lctumxroles.ldt WF_ROLE ORIG_SYSTEM=UMX% • NOTE: To include information about the users who have been assigned the roles appendINCLUDE_USER_ROLES='Y‘ • Upload • FNDLOAD username/pwd@TWO_TASK 0 Y UPLOAD $FND_TOP/patch/115/import/afrole.lctumxroles.ldt

  49. References • My Oracle Support ID: 1537100.1 - Function Security and Role-Based Access Control (RBAC) in Oracle E-Business Suite • Oracle Support Document 1302189.1 (R12.1 / R12.2 : Oracle E-Business Suite Releases 12.1 and 12.2 Release Content Documents) can be found at: https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=140193472321919&id=1302189.1&_afrWindowMode=0&_adf.ctrl-state=9u8r00vzb_422 • The document "Oracle User Management Developer's Guide" for Release 12 can be found here.  • Oracle E-Business Suite Security Guide Release 12.2

  50. Other presentations to review • Earlier Collaborate Presentations to Download • Get Precious Time Back: Let Others Manage Simple User Maintenance via Delegated Administration

More Related