Oracle Fusion Applications R10

How to Create a Self-Service Receiving View Only Role

Contents
Self-Service Receiving View Only Role Overview ...................................................................................... 3
Create View Only Self-Service Receiving User .......................................................................................... 4
Create View Only Self-Service Receiving Enterprise/Job Role .................................................................. 4
Create View Only Self-Service Receiving Application/Duty Role .............................................................. 5
Create Self-Service Receiving Authorization Policy .................................................................................. 8
Create Data Security Grant on Application/Duty Role ............................................................................. 9
Assign View All Workers Security Profile to the Enterprise/Job Role ..................................................... 14
Self-Service Receiving View Only Role Overview
Fusion Applications are packaged with a seeded Role Based Access Control reference
implementation consisting of over 180 Roles that represent a wide variety of enterprise business
job functions. In certain cases, customers have within their organizations auditor roles that
assume oversight responsibilities over transactional systems and require View Only access to
various system transactions. The intent of this document is to describe how to setup a View Only
Role in Self-Service Receiving.

The default behavior in Self-Service Receiving enables users to access to the Receive Items and
Manage Receipts user interfaces. Users are able to receive, correct, and return self-service
receipts. The intent of this document is to outline the steps needed to create a view only role to
for users to view and monitor self-service receipts. The role will not provide the ability to receive
items or correct and return receipts. These actions will be prohibited.

After completing the steps outlined in this document, the Manage Receipts user interface will
appear as shown below. Users will be able to search for self-service receipts across
Requisitioning Business Units and Procurement Requesters. Additionally, the actions correct and
return receipts will be hidden. The user interface is shown below.
Create View Only Self-Service Receiving User

A new user should be created to view self-service receipts. When creating a new user it is
important that the user NOT be assigned the Employee abstract role. The reason for this is that
the Employee role by default inherits the Procurement Requester role. The Procurement
Requester role provides full access to Self-Service Receiving.

Note: The Employee abstract role should not be assigned to the newly created user.

The screen shot below depicts the roles assigned to the user. You will notice that the Employee
role is not assigned to the user.

Create View Only Self-Service Receiving Enterprise/Job Role

Create a view only enterprise/job role to view self-service receipts.

 Navigate to task ‘Provision Roles to Implementation Users’ in the Setup and

Maintenance Work Area
 Click the ‘Go to Task’ icon. This will open Oracle Identity Manager – Self Service
 Click the ‘Administration’ tab in the upper right-hand corner
 Click the ‘Create Role’ link
 Enter the Role Name and Role Display Name. For example, ‘SSP View All Receipts’
 Select Role Category Name ‘SCM – Job Roles’
 Click the ‘Save’ button
Create View Only Self-Service Receiving Application/Duty Role

Create a view only application/duty role to view self-service receipts.

 Navigate to task ‘Verify Data Role Generation’ in the Setup and Maintenance Work Area
 Click the ‘Go to Task’ icon. This will open Oracle Identity Manager – Self Service
 Click the ‘New’ link under Application Roles
 Enter the Role Name and Display Name
 Select Role Category ‘SCM_DUTY’
Click the ‘External Role Mapping’ tab and map the application/duty role to the enterprise/job
role.
Create Self-Service Receiving Authorization Policy

Create new authorization policy specific to self-service receiving. For example, SSP View All
Receipts.

Click the line ‘New’ under Authorization Policies

Enter the Display Name, Name, and Description for the authorization policy.

Click the plus icon to under the Principals region and select the application/duty role.

Assign the entitlements/privileges listed below to the newly created authorization policy.

Click the plus icon to search for entitlements/privileges. Search and select the targets listed
below.

 Monitor Self-Service Receiving Receipt Work Area

 Review Self-Service Receiving Receipt
 Review Receiving Transaction History
 Create Self-Service All Requisition Receiving Receipt
 Review Receiving Receipt Summary

Click the ‘Apply’ button when completed.

Create Data Security Grant on Application/Duty Role

Data security policies need to be created for objects ‘Business Unit’ and ‘Public Person’. The
data security policy on object ‘Business Unit’ is used to display all requisitioning business units
in the ‘Requisitioning BU’ LOV. The data security policy on object ‘Public Person’ is used to
display be all requesters in the ‘Requester’ LOV.

Click ‘Search’ under the heading Authorization Policies

Click the ‘Data Security’ tab and then click the ‘New’ icon to create a new data security policy
for object Business Unit.

Enter General Information.

 Enter Data Security Policy Name

 Select DB Resource ‘Business Unit’
 Select Module ‘Financials Common Module’
 Select Start Date
Enter Rule Details

 Select Row Set ‘All Values’

Select Available Action: Manage Requisition

Click the ‘Data Security’ tab and then click the ‘New’ icon to create a new data security policy
for object Public Person.

Enter General Information.

 Enter Data Security Policy Name

 Select DB Resource ‘Public Person’
 Select Module ‘Global Human Resources’
 Select Start Date
Enter Rule Details

 Select Row Set ‘Multiple Values’

 Select Condition ‘Access the public person for table PER_PERSONS for persons and
assignments in their person and assignment security profile’

Select Available Action: Choose Public Person

Assign View All Workers Security Profile to the Enterprise/Job Role

Assign view all workers security profile to the enterprise/job role that you created.

 Login to the home page and select Setup and Maintenance from Navigator menu
 Enter “Manage Data Role and Security Profile” in Task Name and search
 From the search results, select the row and click on Go to Task icon. This will open the Manage
Data Roles and Security Profiles UI
 Enter the enterprise/job role in Role field and click the ‘Search’ button

 Select Organization Security Profile ‘View All Organizations’

 Select Person Security Profile ‘View All Workers’
 Click check box ‘Secure by Person Type’
 Click the ‘Next’ Button
 Click the ‘Next’ Button

 Click the ‘Next’ Button

Review and click the ‘Submit’ button

After performing these steps, wait for 10 minutes and then login to the home page as with your user
assigned the new application/job role. The Manage Receipts UI in Self-Service Receiving will allow you
to query all receipts and actions ‘Correct’ and ‘Return’ will be disabled. You will be able to query
receipts for all Requisitioning Business Units across all Procurement Requesters.

PROCESS COMPLETE