A Quick Look at Oracles New User Management Security Wizards (UMX) in Release 12

Oracles E-Business Suite User Management and Security (UMX) is composed of two elements: Core Security and Administrative Features. Core Security includes Oracle's Function and Data Security models, as well as Role Based Access Control (RBAC). Administrative Features build upon Core Security and include Delegated Administration, Provisioning Services (Registration Processes), and Self Service and Approvals. Release 12 includes security wizards that work within the Delegated Administration element. Figure 1 shows the UMX layers described in Chapter 2, Access Control with Oracle User Management in the Oracle Applications System Administrators Guide Security. To assist administrators in granting permissions to roles, users can invoke specialized function and data security wizards from the Role Administration screens in Oracle User Management.

Security Wizards are part of Delegated Administration

Figure1UserManagementandSecurity(UMX)Layers

Oracle Security Wizards in Release 12

The Security Wizard form is an HTML-based page that lists the security wizards available to a user who is running the User Management responsibility:

Choose Roles & Role Inheritance

Figure2FromtheUserManagementresponsibility,chooseRoles&RoleInheritance

Copyright2008TruTek

YoucanSearchforarolefromtheRolesandRoleInheritancescreen.InFigure3,wesearchedforType Roles&ResponsibilitiesandCategorySecurityAdministration(whenweselectedtheType,the CategoryboxappearedinFigure3):

Enter search criteria and then select Go

OR search by clicking on the plus (+) signs in the Role Inheritance Hierarchy part of the screen

Figure3

Onceyouqueryforarole,youcanthenexpandandopenaroleforupdate:

Copyright2008TruTek

Click on the Update Pencil for a Role

Figure4IfyouenterSearchcriteria,thescreenchangestoshowRolesthatmatchtheSearchcriteria,andyou canthenclickontheUpdatePencilforaRole

Copyright2008TruTek


Figure5RatherthanenteringSearchcriteriainthetoppartofFigure3,weexpandedRolesinthebottompart, achievingthesameresults,thoughthescreenslookalittledifferent.

Copyright2008TruTek

Figure6Howeveryouchosetogethere,younowhaveascreenthatshowstheSecurityWizardsbutton.Click onthatbuttontoseetheavailablewizardsforthisRole After launching the wizard by clicking the Security Wizard button, you can use the wizard to set up the data security policies associated with a role. After completing the wizard, the user is returned to the Create/Update Role screen. Oracle Release 12 comes with two security wizards, the CE UMX Security wizard and the User Management: Security Administration Setup wizard. We access the wizards by selecting the Run Wizard icon:

Figure7

Copyright2008TruTek

CE UMX Security wizard

This wizard allows the user to view the bank accounts for the selected legal entity in Cash Positioning, Cash Forecasting and Cashflows, as well as reconcile cashflows for the selected legal entity.

LegalEntity Use MaintenanceAllowstheusertocreateandupdatebankaccountsfortheselectedlegalentity. BankAccountTransfersAllowstheusertotransferfundsfromandtothebankaccountsforthe selectedlegalentity.

Figure8TheBankAccountSecurityManagementscreen Adding a Legal Entity in this screen by clicking on the Add Legal Entities button will give the selected role access to all the bank accounts within this legal entity. After adding a legal entity, choose grants that you want to assign to this role on the bank accounts of this legal entity.

User Management: Security Administration Setup wizard

The User Management: Security Administration Setup wizard is a security function that defines the administration privileges for administrators that assign/revoke user accounts and roles. This wizard has 3 sub-tabs: User Administration, Organization Administration, and Role Administration.

Copyright2008TruTek

Figure9TheUserManagement:Roles&RoleInheritance>SecurityWizardsscreen User Administration User Administration privileges are defined for administrators that assign/revoke user accounts and roles. Select the set of users that administrators (assigned the role above) should be able to manage. This Role enables you to determine the set of users that can be managed by administrators to whom the role is assigned. The administrator can assign or revoke user accounts and roles for the users you specify here. The All User Administration Privileges Permission allows a user to: Query Person Details Reset Password Create, Inactivate, Reactivate User Account Edit Person Details Organization Administration Organization Administration privileges are defined for administrators that assign/revoke user accounts and roles. Select the external organization relationships that administrators (assigned the role above) can view in the system. This tab enables you to determine the external organizations that can be viewed in Oracle User Management by administrators to whom your role is assigned. The Organization Privilege View All Organizations allows users access to all organizations (parties of type "ORGANIZATION") stored in TCA. Role Administration The Role Administration tab is used to define privileges for administrators that assign/revoke user accounts and roles. Here you can select what roles administrators (assigned the role above) can assign or revoke from the users defined in the User Administration tap. This tab enables you to determine

Copyright2008TruTek

which roles the administrator can assign to or revoke from the set of users specified in the User Administration section.

Conclusion
In the future, more modules will ship with seeded security wizards. Users will have the ability to create their own wizards to manage their function/data security grants. However, keep in mind that the data security grants created using UMX have to be honored by the appropriate modules user interfaces. This won't happen unless Oracles Product Teams support this feature. Therefore, it is recommended that before you create your own security wizards, you should check with the relevant Oracle Product Teams on whether they support this feature or not.

Copyright2008TruTek