Beruflich Dokumente
Kultur Dokumente
Oracles E-Business Suite User Management and Security (UMX) is composed of two elements: Core Security and Administrative Features. Core Security includes Oracle's Function and Data Security models, as well as Role Based Access Control (RBAC). Administrative Features build upon Core Security and include Delegated Administration, Provisioning Services (Registration Processes), and Self Service and Approvals. Release 12 includes security wizards that work within the Delegated Administration element. Figure 1 shows the UMX layers described in Chapter 2, Access Control with Oracle User Management in the Oracle Applications System Administrators Guide Security. To assist administrators in granting permissions to roles, users can invoke specialized function and data security wizards from the Role Administration screens in Oracle User Management.
Figure1UserManagementandSecurity(UMX)Layers
Figure2FromtheUserManagementresponsibility,chooseRoles&RoleInheritance
Copyright2008TruTek
OR search by clicking on the plus (+) signs in the Role Inheritance Hierarchy part of the screen
Figure3
Onceyouqueryforarole,youcanthenexpandandopenaroleforupdate:
Copyright2008TruTek
Figure4IfyouenterSearchcriteria,thescreenchangestoshowRolesthatmatchtheSearchcriteria,andyou canthenclickontheUpdatePencilforaRole
Copyright2008TruTek
Figure5RatherthanenteringSearchcriteriainthetoppartofFigure3,weexpandedRolesinthebottompart, achievingthesameresults,thoughthescreenslookalittledifferent.
Copyright2008TruTek
Figure6Howeveryouchosetogethere,younowhaveascreenthatshowstheSecurityWizardsbutton.Click onthatbuttontoseetheavailablewizardsforthisRole After launching the wizard by clicking the Security Wizard button, you can use the wizard to set up the data security policies associated with a role. After completing the wizard, the user is returned to the Create/Update Role screen. Oracle Release 12 comes with two security wizards, the CE UMX Security wizard and the User Management: Security Administration Setup wizard. We access the wizards by selecting the Run Wizard icon:
Figure7
Copyright2008TruTek
Figure8TheBankAccountSecurityManagementscreen Adding a Legal Entity in this screen by clicking on the Add Legal Entities button will give the selected role access to all the bank accounts within this legal entity. After adding a legal entity, choose grants that you want to assign to this role on the bank accounts of this legal entity.
Copyright2008TruTek
Figure9TheUserManagement:Roles&RoleInheritance>SecurityWizardsscreen User Administration User Administration privileges are defined for administrators that assign/revoke user accounts and roles. Select the set of users that administrators (assigned the role above) should be able to manage. This Role enables you to determine the set of users that can be managed by administrators to whom the role is assigned. The administrator can assign or revoke user accounts and roles for the users you specify here. The All User Administration Privileges Permission allows a user to: Query Person Details Reset Password Create, Inactivate, Reactivate User Account Edit Person Details Organization Administration Organization Administration privileges are defined for administrators that assign/revoke user accounts and roles. Select the external organization relationships that administrators (assigned the role above) can view in the system. This tab enables you to determine the external organizations that can be viewed in Oracle User Management by administrators to whom your role is assigned. The Organization Privilege View All Organizations allows users access to all organizations (parties of type "ORGANIZATION") stored in TCA. Role Administration The Role Administration tab is used to define privileges for administrators that assign/revoke user accounts and roles. Here you can select what roles administrators (assigned the role above) can assign or revoke from the users defined in the User Administration tap. This tab enables you to determine
Copyright2008TruTek
which roles the administrator can assign to or revoke from the set of users specified in the User Administration section.
Conclusion
In the future, more modules will ship with seeded security wizards. Users will have the ability to create their own wizards to manage their function/data security grants. However, keep in mind that the data security grants created using UMX have to be honored by the appropriate modules user interfaces. This won't happen unless Oracles Product Teams support this feature. Therefore, it is recommended that before you create your own security wizards, you should check with the relevant Oracle Product Teams on whether they support this feature or not.
Copyright2008TruTek