HR Business Group Based Security

Similar Messages

• Creating a NEW Business Group, NO Security Profile generated

  Platform : R12 running on Linux86 --> FRESH install ( NOT Vision db )
  Resp : Global HRMS Super User
  Problem : No Security Profile generated for NEWLY created Business Group
  After creating a NEW business group ( ie. BG1 )
  I am able to see both BG1 and Setup Business Group ( I an view both Business Groups via Organization screen)
  When I access the Security Profile screen using the same resp "Global HRMS Super User"...
  I can ONLY see the default security profile ( Setup Business Group )...
  I am NOT able to view the default security profile ( BG1 ) that should have been created when I created my new business group earlier.
  NOTE : If I use the VISION db, and do the exact same thing... I can see both Security Profiles.. and both Business Groups.
  If I use the FRESH db, I can see both Business Groups... BUT... only 1 Security Profile... ( Setup Business Group )
  WHY ??
  Someone please HELP !!
  Thank-you
  Charlie :)

  hi charlie i tried the same in my vision instance, i am able to view my BG at the security profile level,
  when you query the system profiles,have you enabled the display checkbox at the responsibility level and try, or create an new responsibility and try... let me know the navigation you done clearly,
  Raj

• IRecruitment Manager,SR BUSINESS GROUP is not a valid responsibility

  Hi
  I've added the iRecruitment Manager responsability to my user id and assigned the mandatory security profiles
  when i try to acces any of the functiona in the menu i am getting the folowing error
  'iRecruitment Manager,SR BUSINESS GROUP is not a valid responsibility for the current user. Please contact your System Administrator.'
  Is there any specific profile for this issue.I crossed check the profiles with the implementation guide too but i am not able to resolve it
  Thanks
  Regards
  Ramesh Kumar S

  Hi Nagasuresh
  HR:Business Group, HR: Security profile,
  HR: User type and few mandatory profiles for iRecruitment is also set correctly and i've rechecked it also
  But i couldn't find out the reason for this issue. i've faced similiar issue once with the oracle sales but i lost track how I resolved it
  Any suggestion would be really great
  Regards
  Ramesh Kumar S

• In R12.1.3, MO:Security Profile Vs HR:Cross Business Group precedence

  Hi All,
  In R12.1.3, Which profile option has higher precedence in MOAC structure.
  If i set the HR:Cross Business Group to NO at resp level and MO: Security Profile, which is associated to Global Security Profile which has two OUs of two different BGs.
  For example:
  I have BG1 - OU1
  BG2 - OU2
  Case 1:
  Global Security Profile - XXGSP has both OU1(BG1) and OU2(BG2) associated.
  HR:Cross Business Group - NO
  HR:Cross Business Group - BG1
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
  Case 2:
  Global Security Profile - XXGSP has both OU1(BG1) and OU2(BG2) associated.
  HR:Cross Business Group - Yes
  HR:Cross Business Group - BG1
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
  Case 3:
  Global Security Profile - XXGSP has both OU1(BG1) associated.
  HR:Cross Business Group - NO
  HR:Cross Business Group - BG2
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
  Case 4:
  Global Security Profile - XXGSP has both OU1(BG2) associated.
  HR:Cross Business Group - Yes
  HR:Cross Business Group - BG1
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU2?
  Regards,
  Soorya

  Hi Soorya,
  We are in a similiar situation and I was wondering if you have received an answer or how you proceeded?
  Thanks,
  Cathy

• Security Profile Seeting with in a Same Business Group

  Hello,
  With in one business group I have employee of multiple country. Now the concern is that I need to have two different responsibility through which I can restrict the employee as per the country.
  The things which identify between countries are. 1. They have different GRE. 2. They have different Operating Units. I have tried to create a security profile it has the one option Secure organization by single Operating units, but I ma not able to see that working? Where exactly we need to declare the operating Unit i need to secure for? Can any one suggest me a suitable work around.
  The version we are using is 11.5.10
  Thanks

  If you security profile is 'static', then you need to run the concurrent process 'Security List Maintenance'. This will identify all records which match the security profile rule and then allow the user to see those records when the use their 'secured' responsibility.
  Regards
  Tim

• HRMS APP-PER-52803:Your business group does not match your security profile

  I see this as a common problem, please guide me as to what should be done to rectify it.
  While opening \Payroll\Description, it gives message as under:
  HRMS APP-PER-52803:Your business group does not match your security profile
  Regards
  Nemo

  Hi,
  I feel that "HR: Security Profile" option is not set properly, BZ of that screen is errors out.
  Please check the following Profile Options
  HR: Security Profile -- Enter the sec profile name which is business Group name
  HR: Business Group -- Your Business Group Name
  Note: If you set the HR: Security Profile optional first, then system will sets the HR: Business Group profile option too automatically.
  I hope this will solves your problem.
  thanks
  Krishna Prasad Rapolu
  Oracle HRMS Consultant.

• Person DFF Context Value based on 2 criteria (Business Group and Emp Type)?

  Hello,
  We're implementing HR module into multiple business groups.
  I need to define context value for DFF "Additional Personal Details" based on 2 criteria Business Group ID and Employee Type
  Any idea how to do it?
  Thank you
  Elie

  Hello Elie,
  I am not sure on it,However have you tried creating a context with combination of Business Group and Person Type using merging,
  business_group_id || "_"|| person_type_id And structures would be something like 80_2112 Business Group id = 80 and Person Type id=2112.
  It may resolve your issue if this works out.
  Regards,
  Saurabh

• MOAC / "Org-Based" Security

  Hello,
  I'm developing custom pl/sql for submitting concurrent requests/sets. For reference, here is what my initialization 'block' looks like in the pl/sql:
  apps.fnd_global.apps_initialize(user_id, resp_id, app_id);
  apps.mo_global.set_policy_context('M');
  apps.mo_global.init(appShortName);
  (or)
  apps.fnd_global.apps_initialize(user_id, resp_id, app_id);
  apps.mo_global.set_policy_context('S', org_id);
  apps.mo_global.init(appShortName);
  (depending on whether the user chooses a 'multi-org' context or 'single-org' context)
  I just have a few general questions.
  1) Is the "mo_global.set_policy_context" followed by "mo_global.init" proper form?
  2) I understand that if you choose multi-org (set_policy_context('M')), it reads the 'fnd_global.apps_initialize'd user's "allowed orgs" from his profile options (I forget the exact ones at this moment). Is this correct?
  3) Is the sole purpose of "multi-org" security for performing multiple operations on multiple orgs without having to switch responsibility?
  4) Most importantly (saved this one for last), I'm reading about the various different kinds of security (namely, http://docs.oracle.com/cd/E14223_01/bia.796/e14219/security.htm#BGBIFAIG):
  Operating Unit Org-Based security
  Inventory Org-Based Security
  Company Org-Based Security
  Business Group Org-Based Security
  HR Org-based Security
  Payables Org-Based Security
  Receivables Org-Based Security
  SetID-Based Security
  Position-Based Security
  Ledger-Based Security
  My question is, are all of these various "securities" all managed with organizations? In other words, will my code (above) enable users to use ANY of these different kinds of security, if they so choose?

  Hey so seeing as this question hasn't really been answered yet I figure I'll give it another go.
  I'm going to be very specific this time:
  I run PL/SQL scripts against the EBS database in order to do things like schedule requests/request-sets. The first thing I do (always) is initialize the apps context:
  apps.fnd_global.apps_initialize(u_id, r_id, a_id);
  Next, depending on the situation (still unsure when/why, but whatever), we initialize the org context. This is done by performing exactly one of the following steps.
  apps.mo_global.set_policy_context('M', null);
  OR
  apps.mo_global.set_policy_context('S', org_id);
  OR
  apps.mo_global.init('appname');
  Now, the ORG_ID comes from this statement:
  SELECT organization_id FROM apps.org_organization_definitions2 WHERE organization_name = 'blah'
  Again, I don't know why/when we need to do this or apparently what any of these things do but it's kind of beyond the scope of what I do. SOMEBODY chooses one of these, depending on their mood (or whatever factors :) ). Based on my model, the following are the possibilities thus far:
  apps.fnd_global.apps_initialize(u_id, r_id, a_id);
  OR
  apps.fnd_global.apps_initialize(u_id, r_id, a_id);
  apps.mo_global.set_policy_context('M', null);
  OR
  apps.fnd_global.apps_initialize(u_id, r_id, a_id);
  apps.mo_global.set_policy_context('S', org_id);
  OR
  apps.fnd_global.apps_initialize(u_id, r_id, a_id);
  apps.mo_global.init('appname');
  After this, I use
  apps.fnd_submit.submit_program('appName','progName','STAGEXYZ', args); <-- however many times I need
  apps.fnd_submit.set_request_set('appname','requestSetName');
  OR
  apps.fnd_request.submit_request('appName','progName','description',starttime,FALSE, args);
  My question is twofold:
  1) Is this model generic enough? In other words, without doing anything extra, will people be able to do pretty much everything you could think of, at least in terms of running concurrent requests / sets? Will I ever - EVER - need to chain "set_policy_context" with "init"? <-- I would really love a yes/no answer because I am in no way/shape/form an EBS expert. I've read all the docs that I've been presented with thus far but I haven't found a straight answer to this yet.
  2) I understand there are all different kinds of "org-based" security. Could I use my current code to initialize an inv_org, for example? If not, where could I turn for help? Are there other tables I should use for inv_orgs, hr_orgs, etc?
  THANKS! YOU ARE THE BEST!

• Is HR Org based security supported in OBIA

  Hi all
  I just wanna know whether HR Org-based Security is supported in OBIA with Oracle Apps as Source ?
  We have already implemented security based on Business Group Id and it is working good.
  Now we want to implement the security based on Organization ID.
  Plz advice..
  Thanx

  Hi all
  I just wanna know whether HR Org-based Security is supported in OBIA with Oracle Apps as Source ?
  We have already implemented security based on Business Group Id and it is working good.
  Now we want to implement the security based on Organization ID.
  Plz advice..
  Thanx

• New Business Group in HR 11.5.7 FP.G.

  New Business Group in HR 11.5.7 FP.G.
  Hi all,
  We have Oracle HR 11.5.7 (Family Pack G), SSHR 5.2, WorkFlow 2.6.0.
  We currently have two different Business Groups for Country A (Main Banking Operations) and Country B (Banking Operations Abroad).The Human Resources Dept wants to create a New Business Group to hold information for an Insurance Company that belongs to the Group (base at Country A) but whose employees'(currently they are not held in Oracle HR) have different collective agreements and reporting structures.Also users of Insurance not to be able to see data from banking Operations, but some users in banking to be able to see all data.
  Firstly, can anyone help us regarding the pros/flexibility and cons/limitations of creating a New Business Group for the purpose described above?
  From the way I see it if we create a New Business Group we will have more overhead even if the Flexfield Structures will remain the same.If we use the existing Country A BG to hold this info we will have to change all responsibilities/users/ profiles to restrict access based on less clearly defined lines as opposed to a New BG.
  If we will proceed with the creation of a New Business Group (Users requested for a new BG to be created) does anyone knows or have an implementation/priority step guide/plan for a new BG not limited just to the creation of the Organization details?
  Does anyone have an indication as to the average time required to setup a new BG as described above with all related information completed(security/ responsibilities/Organizations/positions/jobs/locations/grades/ elements/element links/special info/etc)?
  Lastly, we recently setup SSHR 5.2 for the purposes of Online Appraisal System for the BG of Country A-Main Banking Opreations. Is there any impact that we have to consider, regarding the new BG?
  I hope someone can give me some feedback!
  Thanking you in advance for your much appreciated help.
  Best regards,
  Elena

  Dear 'thierry' and 'HCMgaclark'
  Thanks a lot for your replies.
  In case I convince Key Business users to use the existing BG is there an easy way to exclude these new employees from showing in all reporting unless we want to display them?
  One reason that will cause us difficulties to do that is the fact that we are not using the Position/Organization Hierachies of the HR. instead we use an additional Organization Flexfield to hold a code that represents our organizational structure due to our Payroll links.
  We use Discoverer 4.1.41.05 for reporting purposes. We created our own EUL and have 2 BUsiness Areas, one for each BG.Users connect as Super Users (Responsibility). If we add these employees in the existing BG, what worries me is that we have to specifically exclude from each report the new employees and structures while in some cases a user should be able to see both.
  is there an easy way out of these problems?
  If we eventually decide to use a separate BG does anyone knows or have an implementation/priority step guide/plan for a new BG not limited just to the creation of the Organization details?
  Thanks a lot for your time and help.
  Best regards,
  Elena

• Using container managed form-based security in JSF

  h1. Using container managed, form-based security in a JSF web app.
  A Practical Solution
  h2. {color:#993300}*But first, some background on the problem*{color}
  The Form components available in JSF will not let you specify the target action, everything is a post-back. When using container security, however, you have to specifically submit to the magic action j_security_check to trigger authentication. This means that the only way to do this in a JSF page is to use an HTML form tag enclosed in verbatim tags. This has the side effect that the post is not handled by JSF at all meaning you can't take advantage of normal JSF functionality such as validators, plus you have a horrible chimera of a page containing both markup and components. This screws up things like skinning. ([credit to Duncan Mills in this 2 years old article|http://groundside.com/blog/DuncanMills.php?title=j2ee_security_a_jsf_based_login_form&more=1&c=1&tb=1&pb=1]).
  In this solution, I will use a pure JSF page as the login page that the end user interacts with. This page will simply gather the input for the username and password and pass that on to a plain old jsp proxy to do the actual submit. This will avoid the whole problem of having to use verbatim tags or a mixture of JSF and JSP in the user view.
  h2. {color:#993300}*Step 1: Configure the Security Realm in the Web App Container*{color}
  What is a container? A container is basically a security framework that is implemented directly by whatever app server you are running, in my case Glassfish v2ur2 that comes with Netbeans 6.1. Your container can have multiple security realms. Each realm manages a definition of the security "*principles*" that are defined to interact with your application. A security principle is basically just a user of the system that is defined by three fields:
  - Username
  - Group
  - Password
  The security realm can be set up to authenticate using a simple file, or through JDBC, or LDAP, and more. In my case, I am using a "file" based realm. The users are statically defined directly through the app server interface. Here's how to do it (on Glassfish):
  1. Start up your app server and log into the admin interface (http://localhost:4848)
  2. Drill down into Configuration > Security > Realms.
  3. Here you will see the default realms defined on the server. Drill down into the file realm.
  4. There is no need to change any of the default settings. Click the Manage Users button.
  5. Create a new user by entering username/password.
  Note: If you enter a group name then you will be able to define permissions based on group in your app, which is much more usefull in a real app.
  I entered a group named "Users" since my app will only have one set of permissions and all users should be authenticated and treated the same.
  That way I will be able to set permissions to resources for the "Users" group that will apply to all users that have this group assigned.
  TIP: After you get everything working, you can hook it all up to JDBC instead of "file" so that you can manage your users in a database.
  h2. {color:#993300}*Step 2: Create the project*{color}
  Since I'm a newbie to JSF, I am using Netbeans 6.1 so that I can play around with all of the fancy Visual Web JavaServer Faces components and the visual designer.
  1. Start by creating a new Visual Web JSF project.
  2. Next, create a new subfolder under your web root called "secure". This is the folder that we will define a Security Constraint for in a later step, so that any user trying to access any page in this folder will be redirected to a login page to sign in, if they haven't already.
  h2. {color:#993300}*Step 3: Create the JSF and JSP files*{color}
  In my very simple project I have 3 pages set up. Create the following files using the default templates in Netbeans 6.1:
  1. login.jsp (A Visual Web JSF file)
  2. loginproxy.jspx (A plain JSPX file)
  3. secure/securepage.jsp (A Visual Web JSF file... Note that it is in the sub-folder named secure)
  Code follows for each of the files:
  h3. {color:#ff6600}*First we need to add a navigation rule to faces-config.xml:*{color}
      <navigation-rule>
  <from-view-id>/login.jsp</from-view-id>
          <navigation-case>
  <from-outcome>loginproxy</from-outcome>
  <to-view-id>/loginproxy.jspx</to-view-id>
          </navigation-case>
      </navigation-rule>
  NOTE: This navigation rule simply forwards the request to loginproxy.jspx whenever the user clicks the submit button. The button1_action() method below returns the "loginproxy" case to make this happen.
  h3. {color:#ff6600}*login.jsp -- A very simple Visual Web JSF file with two input fields and a button:*{color}
  <?xml version="1.0" encoding="UTF-8"?>
  <jsp:root version="2.1"
  xmlns:f="http://java.sun.com/jsf/core"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:jsp="http://java.sun.com/JSP/Page"
  xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
      <jsp:directive.page
  contentType="text/html;charset=UTF-8"
  pageEncoding="UTF-8"/>
      <f:view>
          <webuijsf:page
  id="page1">
  <webuijsf:html id="html1">
  <webuijsf:head id="head1">
  <webuijsf:link id="link1"
  url="/resources/stylesheet.css"/>
  </webuijsf:head>
  <webuijsf:body id="body1" style="-rave-layout: grid">
  <webuijsf:form id="form1">
  <webuijsf:textField binding="#{login.username}"
  id="username" style="position: absolute; left: 216px; top:
  96px"/>
  <webuijsf:passwordField binding="#{login.password}" id="password"
  style="left: 216px; top: 144px; position: absolute"/>
  <webuijsf:button actionExpression="#{login.button1_action}"
  id="button1" style="position: absolute; left: 216px; top:
  216px" text="GO"/>
  </webuijsf:form>
  </webuijsf:body>
  </webuijsf:html>
          </webuijsf:page>
      </f:view>
  </jsp:root>h3. *login.java -- implent the
  button1_action() method in the login.java backing bean*
      public String button1_action() {
          setValue("#{requestScope.username}",
  (String)username.getValue());
  setValue("#{requestScope.password}", (String)password.getValue());
          return "loginproxy";
      }h3. {color:#ff6600}*loginproxy.jspx -- a login proxy that the user never sees. The onload="document.forms[0].submit()" automatically submits the form as soon as it is rendered in the browser.*{color}
  {code}
  <?xml version="1.0" encoding="UTF-8"?>
  <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page"
  version="2.0">
  <jsp:output omit-xml-declaration="true" doctype-root-element="HTML"
  doctype-system="http://www.w3.org/TR/html4/loose.dtd"
  doctype-public="-W3CDTD HTML 4.01 Transitional//EN"/>
  <jsp:directive.page contentType="text/html"
  pageEncoding="UTF-8"/>
  <html>
  <head> <meta
  http-equiv="Content-Type" content="text/html;
  charset=UTF-8"/>
  <title>Logging in...</title>
  </head>
  <body
  onload="document.forms[0].submit()">
  <form
  action="j_security_check" method="POST">
  <input type="hidden" name="j_username"
  value="${requestScope.username}" />
  <input type="hidden" name="j_password"
  value="${requestScope.password}" />
  </form>
  </body>
  </html>
  </jsp:root>
  {code}
  h3. {color:#ff6600}*secure/securepage.jsp -- A simple JSF{color}
  target page, placed in the secure folder to test access*
  {code}
  <?xml version="1.0" encoding="UTF-8"?>
  <jsp:root version="2.1"
  xmlns:f="http://java.sun.com/jsf/core"
  xmlns:h="http://java.sun.com/jsf/html"
  xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
  <jsp:directive.page
  contentType="text/html;charset=UTF-8"
  pageEncoding="UTF-8"/>
  <f:view>
  <webuijsf:page
  id="page1">
  <webuijsf:html id="html1">
  <webuijsf:head id="head1">
  <webuijsf:link id="link1"
  url="/resources/stylesheet.css"/>
  </webuijsf:head>
  <webuijsf:body id="body1" style="-rave-layout: grid">
  <webuijsf:form id="form1">
  <webuijsf:staticText id="staticText1" style="position:
  absolute; left: 168px; top: 144px" text="A Secure Page"/>
  </webuijsf:form>
  </webuijsf:body>
  </webuijsf:html>
  </webuijsf:page>
  </f:view>
  </jsp:root>
  {code}
  h2. {color:#993300}*_Step 4: Configure Declarative Security_*{color}
  This type of security is called +declarative+ because it is not configured programatically. It is configured by declaring all of the relevant parameters in the configuration files: *web.xml* and *sun-web.xml*. Once you have it configured, the container (application server and java framework) already have the implementation to make everything work for you.
  *web.xml will be used to define:*
  - Type of security - We will be using "form based". The loginpage.jsp we created will be set as both the login and error page.
  - Security Roles - The security role defined here will be mapped (in sun-web.xml) to users or groups.
  - Security Constraints - A security constraint defines the resource(s) that is being secured, and which Roles are able to authenticate to them.
  *sun-web.xml will be used to define:*
  - This is where you map a Role to the Users or Groups that are allowed to use it.
  +I know this is confusing the first time, but basically it works like this:+
  *Security Constraint for a URL* -> mapped to -> *Role* -> mapped to -> *Users & Groups*
  h3. {color:#ff6600}*web.xml -- here's the relevant section:*{color}
  {code}
  <security-constraint>
  <display-name>SecurityConstraint</display-name>
  <web-resource-collection>
  <web-resource-name>SecurePages</web-resource-name>
  <description/>
  <url-pattern>/faces/secure/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  <http-method>HEAD</http-method>
  <http-method>PUT</http-method>
  <http-method>OPTIONS</http-method>
  <http-method>TRACE</http-method>
  <http-method>DELETE</http-method>
  </web-resource-collection>
  <auth-constraint>
  <description/>
  <role-name>User</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name/>
  <form-login-config>
  <form-login-page>/faces/login.jsp</form-login-page>
  <form-error-page>/faces/login.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description/>
  <role-name>User</role-name>
  </security-role>
  {code}
  h3. {color:#ff6600}*sun-web.xml -- here's the relevant section:*{color}
  {code}
  <security-role-mapping>
  <role-name>User</role-name>
  <group-name>Users</group-name>
  </security-role-mapping>
  {code}
  h3. {color:#ff6600}*Almost done!!!*{color}
  h2. {color:#993300}*_Step 5: A couple of minor "Gotcha's"_ *{color}
  h3. {color:#ff6600}*_Gotcha #1_*{color}
  You need to configure the "welcome page" in web.xml to point to faces/secure/securepage.jsp ... Note that there is *_no_* leading / ... If you put a / in there it will barf all over itself .
  h3. {color:#ff6600}*_Gotcha #2_*{color}
  Note that we set the <form-login-page> in web.xml to /faces/login.jsp ... Note the leading / ... This time, you NEED the leading slash, or the server will gag.
  *DONE!!!*
  h2. {color:#993300}*_Here's how it works:_*{color}
  1. The user requests the a page from your context (http://localhost/MyLogin/)
  2. The servlet forwards the request to the welcome page: faces/secure/securepage.jsp
  3. faces/secure/securepage.jsp has a security constraint defined, so the servlet checks to see if the user is authenticated for the session.
  4. Of course the user is not authenticated since this is the first request, so the servlet forwards the request to the login page we configured in web.xml (/faces/login.jsp).
  5. The user enters username and password and clicks a button to submit.
  6. The button's action method stores away the username and password in the request scope.
  7. The button returns "loginproxy" navigation case which tells the navigation handler to forward the request to loginproxy.jspx
  8. loginproxy.jspx renders a blank page to the user which has hidden username and password fields.
  9. The hidden username and password fields grab the username and password variables from the request scope.
  10. The loginproxy page is automatically submitted with the magic action "j_security_check"
  11. j_security_check notifies the container that authentication needs to be intercepted and handled.
  12. The container authenticates the user credentials.
  13. If the credentials fail, the container forwards the request to the login.jsp page.
  14. If the credentials pass, the container forwards the request to *+the last protected resource that was attempted.+*
  +Note the last point! I don't know how, but no matter how many times you fail authentication, the container remembers the last page that triggered authentication and once you finally succeed the container forwards your request there!!!!+
  +The user is now at the secure welcome page.+
  If you have read this far, I thank you for your time, and I seriously question your ability to ration your time pragmatically.
  Kerry Randolph

  If you want login security on your web app, this is one way to do it. (the easiest way i have seen).
  This method allows you to create a custom login form and error page using JSF.
  The container handles the actual authentication and protection of the resources based on what you declare in web.xml and sun-web.xml.
  This example uses a statically defined user/password, stored in a file, but you can also configure JDBC realm in Glassfish, so that that users can register for access and your program can store the username/passwrod in a database.
  I'm new to programming, so none of this may be a good practice, or may not be secure at all.
  I really don't know what I'm doing, but I'm learning, and this has been the easiest way that I have found to add authentication to a web app, without having to write the login modules yourself.
  Another benefit, and I think this is key ***You don't have to include any extra code in the pages that you want to protect*** The container manages this for you, based on the constraints you declare in web.xml.
  So basically you set it up to protect certain folders, then when any user tries to access pages in that folder, they are required to authenticate.
  --Kerry                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• Creating a target group based on the BP email address only in CRM

  Hi there,
  I am currently trying to create a target group based on the business partner email address only.
  I have a list of over 1000 email addresses - these email addresses equate to a BP in our CRM system, however I do not have a list of the equivalent business partner numbers, all I have to work on are the email addresses.  With these 1000 BP email addresses I need to update the marketing attributes of each of these 1000 BP records in CRM.
  What I need is a method to find the 1000 BP numbers based on the email addresses and then use the marketing expert tool (tx. CRMD_MKT_TOOLS) to change the marketing attributes on all of the 1000 BPs.
  The issue I am having is how can I find the list of BP numbers just based on the BP email address, I tried creating an infoset based on table BUT000, BUT020 and ADR6 but I after creating attribute list & data source for this I am stuck on what to do next. In the attribute list the selection criteria does not allow me to import a file for the selection range.  I can only enter a value but I have 1000 email addresses and cannot possibly email them manually in the filter for the attribute list.   I also looked at imported a file into the target group but I do not have any BP numbers so this will not work.
  Does anyone know a method where I can create a target group based on the email addresses only without having to do any code?
  Any help would be most appreciated.
  Kind regard
  JoJo

  Hi JoJo ,
  The below report will return you BP GUID from emails that is stored in a single column .xls file and assign the BP to a target group.
  REPORT  zexcel.
  * G L O B A L D A T A D E C L A R A T I O N
  TYPE-POOLS : ole2.
  TYPES : BEGIN OF typ_xl_line,
  email TYPE ad_smtpadr,
  END OF typ_xl_line.
  TYPES : typ_xl_tab TYPE TABLE OF typ_xl_line.
  DATA : t_data TYPE typ_xl_tab,
         lt_bu_guid TYPE TABLE OF bu_partner_guid,
         ls_bu_guid TYPE  bu_partner_guid,
         lt_guids TYPE TABLE OF bapi1185_bp,
         ls_guids TYPE  bapi1185_bp,
         lt_return TYPE bapiret2_t.
  * S E L E C T I O N S C R E E N L A Y O U T
  PARAMETERS : p_xfile TYPE localfile,
                p_tgguid TYPE bapi1185_key .
  * E V E N T - A T S E L E C T I O N S C R E E N
  AT SELECTION-SCREEN ON VALUE-REQUEST FOR p_xfile.
     CALL FUNCTION 'WS_FILENAME_GET'
       IMPORTING
         filename         = p_xfile
       EXCEPTIONS
         inv_winsys       = 1
         no_batch         = 2
         selection_cancel = 3
         selection_error  = 4
         OTHERS           = 5.
     IF sy-subrc <> 0.
       CLEAR p_xfile.
     ENDIF.
  * E V E N T - S T A R T O F S E L E C T I O N
  START-OF-SELECTION.
  * Get data from Excel File
     PERFORM sub_import_from_excel USING p_xfile
     CHANGING t_data.
     SELECT but000~partner_guid FROM but000 INNER JOIN but020 ON
  but000~partner =
     but020~partner
       INNER JOIN adr6 ON but020~addrnumber = adr6~addrnumber INTO TABLE
  lt_bu_guid FOR ALL ENTRIES IN t_data WHERE adr6~smtp_addr =
  t_data-email.
     CLEAR: lt_guids,ls_guids.
     LOOP AT lt_bu_guid INTO ls_bu_guid.
       ls_guids-bupartnerguid = ls_bu_guid.
       APPEND ls_guids TO lt_guids.
     ENDLOOP.
     CALL FUNCTION 'BAPI_TARGETGROUP_ADD_BP'
       EXPORTING
         targetgroupguid = p_tgguid
       TABLES
         return          = lt_return
         businesspartner = lt_guids.
  *&      Form  SUB_IMPORT_FROM_EXCEL
  *       text
  *      -->U_FILE     text
  *      -->C_DATA     text
  FORM sub_import_from_excel USING u_file TYPE localfile
  CHANGING c_data TYPE typ_xl_tab.
     CONSTANTS : const_max_row TYPE sy-index VALUE '65536'.
     DATA : l_dummy TYPE typ_xl_line,
            cnt_cols TYPE i.
     DATA : h_excel TYPE ole2_object,
            h_wrkbk TYPE ole2_object,
            h_cell TYPE ole2_object.
     DATA : l_row TYPE sy-index,
            l_col TYPE sy-index,
            l_value TYPE string.
     FIELD-SYMBOLS : <fs_dummy> TYPE ANY.
  * Count the number of columns in the internal table.
     DO.
       ASSIGN COMPONENT sy-index OF STRUCTURE l_dummy TO <fs_dummy>.
       IF sy-subrc EQ 0.
         cnt_cols = sy-index.
       ELSE.
         EXIT.
       ENDIF.
     ENDDO.
  * Create Excel Application.
     CREATE OBJECT h_excel 'Excel.Application'.
     CHECK sy-subrc EQ 0.
  * Get the Workbook object.
     CALL METHOD OF h_excel 'Workbooks' = h_wrkbk.
     CHECK sy-subrc EQ 0.
  * Open the Workbook specified in the filepath.
     CALL METHOD OF h_wrkbk 'Open' EXPORTING #1 = u_file.
     CHECK sy-subrc EQ 0.
  * For all the rows - Max upto 65536.
     DO const_max_row TIMES.
       CLEAR l_dummy.
       l_row = l_row + 1.
  * For all columns in the Internal table.
       CLEAR l_col.
       DO cnt_cols TIMES.
         l_col = l_col + 1.
  * Get the corresponding Cell Object.
         CALL METHOD OF h_excel 'Cells' = h_cell
           EXPORTING #1 = l_row
           #2 = l_col.
         CHECK sy-subrc EQ 0.
  * Get the value of the Cell.
         CLEAR l_value.
         GET PROPERTY OF h_cell 'Value' = l_value.
         CHECK sy-subrc EQ 0.
  * Value Assigned ? pass to internal table.
         CHECK NOT l_value IS INITIAL.
         ASSIGN COMPONENT l_col OF STRUCTURE l_dummy TO <fs_dummy>.
         <fs_dummy> = l_value.
       ENDDO.
  * Check if we have the Work Area populated.
       IF NOT l_dummy IS INITIAL.
         APPEND l_dummy TO c_data.
       ELSE.
         EXIT.
       ENDIF.
     ENDDO.
  * Now Free all handles.
     FREE OBJECT h_cell.
     FREE OBJECT h_wrkbk.
     FREE OBJECT h_excel.
  ENDFORM. " SUB_IMPORT_FROM_EXCEL
  Just copy paste the code and run the report select any local xls file with emails and pass the target group guid.
  snap shot of excel file:
  Let me know if it was useful.

• How to retrive only data related to specific business group efficiently?

  We have sql queries which were written for an instance assuming that there will be only one Business Group. Now, we want to reuse those queries for another instance which is based on multi business groups.
  I understand, using fnd_profile.value('PER_BUSINESS_GROUP_ID') this, we can join with BG ID in correspondingthe tables. I found below tables which are used in my query.
  ota_delegate_bookings
  ota_events_tl
  ota_activity_versions
  ota_activity_versions_tl
  ota_activity_versions
  ota_category_usages
  ota_offerings
  per_person_types
  ota_booking_status_types
  hr_locations
  per_all_assignments_f
  per_all_people_f
  per_org_structure_elements
  hr_all_organization_units
  Now my question is, do we need to join this BG id for all these tables using the value from above profile?
  For example, employees difined in system are specific to one BG. Even though when we use/join with person_id in per_all_people_f, we will get unique record. So still is there any need to join with this BG id ?
  My concern is, in my query there are many places where I need to add this extra BG id condition, this may reduce performance of the query. I am not sure whether I have to change if id's are being used in the query.
  It would be very helpful, if any one can share the best practices(technically) when working with multiple BG, LE, OU's etc..
  Best Regards,
  Venkat.Y

  Its difficult to summirize all that is needed for multi-org -
  Check below -
  https://forums.oracle.com/forums/search.jspa?threadID=&q=multiple+AND+BG&objID=f113&dateRange=all&userID=&numResults=15&rankBy=10001
  Can Multiple Business Groups Be Associated with a Single Opearating Unit? [ID 732664.1]
  FAQ - Multiple Organizations Architechure (Multi-Org) [ID 165042.1]
  Cheers,
  Vignesh

• What is the mean of using Portal with Role Based security as entry point

  Hi Experts we have requirement of integration of Portal and MDM
  I am completely new to the MDM. So please give me some idea , what is the meanin for following points.
  1) Using the Portal with Role Based security as entry point for capacity and Routing Maintaince(These two are some modules).
  2) Additionally , Portal should have capability to enter in to the MDM for future master data maintence. Feeds of data will need to be come from  SAP 4.6c
  Please give me the clarity of what is the meanin of second point
  Regards
  Vijay

  Hi
  It requires the entire land scape like EP server and MDM server both should be configured in SLD.
  Your requirement is maintaing and updating the MDM data with Enterprise portal.We have some Business Packages to install in Portal inorder to access the functionality of MDM.
  Portal gives you a secure role based functionality of MDM through Single sign on (login into the portal access any application) to their end users.
  Please go through this link
  http://help.sap.com/saphelp_mdmgds55/helpdata/EN/45/c8cd92dc7f4ebbe10000000a11466f/frameset.htm
  You need to develope some custom applications which should be integrated into the portal to access MDM Server master data
  The estimation involves as per your requirement clearly
  Its depends upon the Landscape settings, Requirement complexity,Identify how many number of custom applications need to be developed
  Regards
  Kalyan

• Single Item Master across Business Groups

  Hi Gurus,
  Client wants to implement single item master across the business groups (BG).
  Does this require set up of HR Profile for allowing Cross Business groups?
  Is there any other setting that needs to be done (in addition to traditional Inv Org definition)?
  Appreciate your early response.
  Thanks,
  Sudarshan

  Sudarshan
  I think you need to setup Hr security profile only if you are using that. If not you just need to enable the profile value for cross business group. This is required just in case if an employee needs to be picked up in the lov in an item attribute (I don't remember whether there is one) from diff BG.Also move order approvals need to be tested if you are using that feature.
  In general I think anything that need to do with employees need to be tested.
  Thanks
  Nagamohan