Professional Documents
Culture Documents
EBS Application Module Security
EBS Application Module Security
EBS Application Module Security
1. HRMS Security
In HRMS there are two major Securities concept
Standard
Standard HRMS Security is a simple security used within a single legislation and a single business
group. In this model, typically a Security Profile is created for each distinct group of employees
and it is assigned to a responsibility.Its very simple.
For enabling Standard HRMS Security, Security Profile screen (US Super HRMS Manager ->
Security -> Profile) can be used to create a Security Profile.
In Security Groups Enabled Security a single responsibility can be assigned to more than one
business group and so users can access records from multiple business groups. In this model,
multiple security profiles can be assigned to a single responsibility.
Typical example you can understand in this way : an HR Manager and Assistant HR Manager can
use the same responsibility, but will be able to view different data.
For Security Groups Enabled Security, use Global Security Profiles window.
2. Multi Organization Access Control (MOAC)
This means Role based access to Operating Units.
Single installation of EBS can support different types of organizations and this feature is ability to
access multiple organizations from a single responsibility, which is avaiable in majority of Oracle
application modules.
Typical example of MOAC may be similar to senario listed here:
Enter Purchase Orders in one organization and receive goods into any other
organization.
Internal Requisitions from one organization and ship from another organization,
with Intercompany invoicing.
Now, Im going to explain how to define a security profile. Using Oracle HRMS, you can define your
security profile using two forms: The Security Profile form or the Global Security Profile form that
is shown here. Both forms look almost identical.
The Security Profile Form allows you to select operating units from only one Business Group. The
Global Security profile Form allows you to select operating units from multiple Business Groups.
The decision on which form to use is really up to you and depends on your HR implementation and
how you want to partition data. All you need to do is enter a name, and select the Security Type
called Secure organizations by organization hierarchy and/or organization list. This allows you to
assign multiple OUs. When assigning operating units, first select classification Operating Unit, and
then select the organization or Operating Unit name. You can assign as many operating units as
you want.
Assign organization (Operating Units, Ledger Entities and Business Groups) and bank account use
to a Role.
Navigation: User Management ( R) -> Roles & Role Inheritance -> Security Wizards -> CE UMX
Security wizard.
Bank Account Access Setup => Bank Account Access setup defines organizations
that can use existing bank account
2.
Cash Management Security Profiles => Cash Management Security Profiles provide
a list of organizations where an user has access to.
4. Purchasing Security
Purchasing documents can have 4 levels of security:
Private: Only the document owner and subsequent approvers can access the
document.
Hierarchy: Document owner, team members, approvers and others in the security
hierarchy higher than document owner.
5.iSupplier Security
If you have created custom responsibilities that will be assigned to supplier users,securing
attributes must be included in your custom responsibility definition.
There are three securing attributes that can be used to control access. These attributes are all
seeded with the pre-defined Oracle iSupplier Portal responsibilities that are released with the
product:
You can enable them from Navigation: System Administrator ( R) -> Security -> Responsibility ->
Define.
Navigation: Fixed Assets Manager ( R) -> Setup -> Security -> Organization ->
Description -> Query Asset Organization -> Select Asset
It is a very straight forward Form that you can assign which Inventory Organization(s) available to
a responsibility. The Rule behind this Form is that once a responsibility is used, the default is that
this responsibility does not allow to access all Inv. Org., unless you explicitly assign it. The good
side is that this setting is effective immediately; no need to submit what-is-the-name-again
process, setup all-look-like-the-same profile options
10. Manufacturing Organization Access
Manufacturing organizations can be assigned to responsibilities with manufacturing screens,
thereby restricting the access to only those organizations.
your Navigation is: Advanced Planning Administrator ( R) -> Admin -> Organization Security.
11. Shipping Grants & Warehouse Access
Shipping roles can enable or disable access to individual functions within Shipping.
Navigation: Order Management ( R) -> Setup -> Shipping -> Grants and Role Definitions ->
Define Roles.
Then you can assocaite shipping roles then can be assigned to individual users.
Navigation: Order Management ( R) -> Setup -> Shipping -> Grants and Role Definitions ->
Grants.
12. Order Holds
In Order Management, when further processing has to be prevented on an order, a hold can be
placed and released later.
Navigation: Order Management ( R) -> Setup -> Orders -> Holds.
Create entity sets (a set consists of grouped pricing entities) and assign
access privileges to the entire set. The Entity Set function is available only
with license to Advanced Pricing.
Setting default rules for security access for new pricing entities.
Take a Note , before turning on pricing security, you must create privileges for existing pricing
entities.
Navigate (N) Oracle Pricing Administrator Setup --> Security --> Privileges
Hope this post will surly help you in address some of security and audit need for Clients/Customer.