How To Configure Access To Request Output Of Specific Responsibility [ID 555524.1]
修改时间28-DEC-2009类型HOWTO状态PUBLISHED
In this Document
Applies to:
Oracle User Management - Version: 11.5
Oracle Application Object Library - Version: 12.0
Information in this document applies to any platform.
Goal
Configure User Management functionality to control access to request output ran by the same role / responsibility.
This replaces the obsolete profile option "Concurrent: Request Access Level" for Release 12.
Solution
1. As the SYSAMIN user with “Functional Developer” responsibility, update object "Concurrent Requests"
Search for FND_CONCURRENT_REQUESTS
Click on Concurrent Requests
Click on Object Instance Sets tab
Click on Create Instance Set button
- Enter Name, Code and Description for new instance set
- Enter the following for predicate:
&TABLE_ALIAS.request_id in ( (select cr.request_id from fnd_concurrent_requests cr, fnd_responsibility_vl r, fnd_application ap, fnd_concurrent_programs cp where cr.responsibility_id = r.responsibility_id and r.responsibility_name = &GRANT_ALIAS.PARAMETER1 and cr.responsibility_application_id = ap.application_id and cr.concurrent_program_id = cp.concurrent_program_id and cp.request_set_flag = 'N' and ap.application_short_name = &GRANT_ALIAS.PARAMETER2) union (select cr.request_id from fnd_concurrent_requests cr, fnd_responsibility_vl r, fnd_application ap, fnd_request_sets rs, fnd_concurrent_programs cp where cr.responsibility_id = r.responsibility_id and r.responsibility_name = &GRANT_ALIAS.PARAMETER1 and cr.concurrent_program_id = cp.concurrent_program_id and cr.argument2 = to_char(rs.request_set_id) and cp.request_set_flag = 'Y' and cr.responsibility_application_id = ap.application_id and ap.application_short_name = &GRANT_ALIAS.PARAMETER2) )
2. As the SYSADMIN user with “User Management” responsibility, in the Roles and Role Inheritance tab, Create a Role and then create a Grant for the Role.
A role needs to be created and grants given for the Instance Set.
Enter Name and Description for the new Grant.
For the Data Security Object enter “Concurrent Requests”.
Click Next and provide the Data Content Type of “Instance Set”.
For Instance Set choose instance set created in step #1.
Click Next and provide the following parameters:
• Parameter 1 is the Responsibility name whose requests need to be seen.
• Parameter 2 is the application short name.
• The permission Set is “Request Operations”.
Click Next then Finish to complete this process.
Select the role Category from the LOV.
Finally click Save and Apply to start using this grant.
3. As the SYSADMIN user with "System Administrator" responsibility, to create a Request Security Group of allowed programs,
navigate to Security > Responsibility > Request and verify/add the programs that can be run and viewed.
For the responsibility, navigate to Security > Responsibility > Define and
in the Request group block, add/confirm the request security group just validated/created.
4. Create another Grant for Programs in the Request Security Group.
Enter Name and a Description for the new Grant.
For the Data Security Object enter “Concurrent Programs”.
Click Next and provide the Data Content Type of “Instance Set”.
For Instance Set choose "Programs that can be accessed".
Click Next provide the following parameters:
• Parameter 1 is the Request Security Group name.
• Parameter 2 is the Short Name for the associated application (FND).
• The permission Set is “Request Operations”.
Click Next then Finish to complete this process.
Select the role Category from the LOV.
Finally click Save and Apply to start using this grant.
5. Create another Grant for Request Sets in the Request Security Group.
Enter Name and a Description for the new Grant.
For the Data Security Object enter “Request Sets”.
Click Next and provide the Data Content Type of “Instance Set”.
For Instance Set choose “Request sets that can be accessed”.
Click Next provide the following parameters:
• Parameter 1 is the Request Security Group name.
• Parameter 2 is the Short Name for the associated application.
• The permission Set is “Request Operations”.
Click Next then Finish to complete this process.
Select the role Category from the LOV.
Finally click Save and Apply to start using this grant.
NOTE: There should now be 3 new Grants created under the Role. One will be for viewing requests, the others will be for submitting concurrent programs and request sets.
To make use of the new grants you will need to [A] assign it directly to the user or [B] as an inheritance for a role they already have.
[A] Under Users
Query the User Name you want to add the new role to.
Click on the Update icon.
Click Assign Roles button and find the new role.
Save and Apply to activate the new role.
[B] Under Roles & Role Inheritance
Search for the role that you want to inherit the new grants.
Click on "View in Hierarchy"
Add Node (Click Focus to see sub values in the Category the role was added to)
Select Focus Name for your just modified role.
Save and Apply to activate the new role.
The view functionality currently only works from the View > Request menu item in the Forms Tool Bar.
References
- AUTOMATE PROCESS TO CREATE A ROLE ALLOWING ACCESS TO CONCURRENT REQUEST OUTPUT
相关的
产品
Oracle E-Business Suite > Applications Technology > Application Object Library > Oracle User Management
Oracle E-Business Suite > Applications Technology > Application Object Library > Oracle Application Object Library
关键字
FND_REQUEST_SETS; FND_APPLICATION; FND_RESPONSIBILITY_VL; REQUEST SET; REQUEST GROUPS; VIEW REQUESTS; ASSIGN ROLES; SECURITY GROUPS但是无法增加功能开发的职责,郁闷