HR: Security Profile at User Level

Similar Messages

• Security Profile with Assignment-level Security limitations

  Hi, We are on an R12 installation, and have a security profile based on Organization Hierarchy (With Assignment-Level Security - i.e. 'Restrict on Individual Assignments' checkbox is ticked); this is based on a specific organisation as the 'Top Org' rather than the User's own Assignment.
  The profile option "HR: Access Non-Current Employee Data" is set to 'Yes', but the security profile still restricts access to Future-Dated Assignments and Ended Assignments. Is this expected behaviour, and is the only solution to develop a Custom security profile, and is this even feasible (to replicate organisation hierarchy security using SQL in the custom security tab), or would we have to use a different criteria, such as Payroll?
  Regards, Chris

  Further investigation reveals this is a limitation of the product - within security, the selection criteria which determines which individuals (or assignments) is handled seperately to Assignment-level security (i.e. whether individual assignments are restricted), it is not possible to get around this issue even using custom security, as that does not give one the power to determine how individual assignments are handled. Thus if assignment-level security is implemented, the user cannot see Ended or Future-Dated assignments, even if the profile option "HR: Access Non-Current Employee Data" is set to 'Yes'.
  The only workaround we have found for this is to:
  a) remove assignment-level security, and
  b) ensure that where an employee has multiple assignments that cross security groups, this individual is set up twice, as two separate employees.

• How to assign profiles at user level  ?

  hello every body.....i have created 2 users say x , y
  and i have assigned them general ledger responsibilty.....
  .at site level profile Gl set of books name is vision operation..
  .now i have assigned Gl set of books profile to user x at user level
  as vision china...and to user y as vision germany.....when i login with
  different user name with gl responsibilty ......after navigating
  to----journal-->enter--->new journal----for both users iam getting the
  same currency which is at sit level...i thought for x user the currency
  will be china currency
  and for y user it will be germany curreny which i hav assigned at user level....
  please help me regarding this.......
  thanks and regars
  imran

  Hi,
  i have assigned it at user level then why iam i
  getting the currency code of site level ?Did you user to logout and login again after setting the profile option at the user level?
  What if you set this profile option at the site/application/responsibility level, can you reproduce the issue then?
  Thanks,
  Hussein

• Roaming Profile at User level simply not copying...no error

  Little rusty on setting this up but if I recall if I choose to setup roaming profiles at the user object level then I simply need to create a share with the appropriate share/NTFS permissions then assign the UNC path in the Profile tab in ADUC?  We
  are running Win 2008 R2 with Win 7 SP1 clients.
  If this is correct then I have done this and the profile will simply not roam...no errors in event log, the test user simply logs in and has a normal local profile.  While I am logged in as this user I can access the above UNC and create a folder so
  I think permissions are ok.
  Originally this computer and test user were in an OU where I set a GPO setting up Folder Redirection.  Thinking that I possibly configured something incorrectly there I moved the user and computer object to a basic OU where only the default domain policy
  is applied.  No change.
  I don't remember getting this part working to be such a hassle so I am at a loss now how to troubleshoot further.
  Thanks

  Hi,
  Since Roaming Profile doesn’t work correctly, and you could not find any error in the event logs. At this time, I suggest you’d better first check for the correct permissions on the profile
  share. In addition to logging events in the Application Event log, User Profiles can provide a detailed log to aid troubleshooting. To create a detailed log file for user profiles:
  1. Start regedit and locate the following path: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
  2. Create a new value called UserEnvDebugLevel as a REG_DWORD, and set the value to 30002 in hexadecimal format.
  The log file can be found at: %windir%\debug\usermode\userenv.log
  Regarding how to troubleshoot Roaming Profile issue, please try to refer to the following article to see if it helps.
  Troubleshoot User Profiles with Events
  http://technet.microsoft.com/en-us/library/jj649075.aspx
  Here are some guide about how to configure Roaming Profile, they may be useful to us.
  Configuring Roaming User Profiles
  http://technet.microsoft.com/en-us/library/cc738596(WS.10).aspx
  Group Policy Recommendations for Roaming User Profiles
  http://technet.microsoft.com/en-us/library/cc781862(v=ws.10).aspx
  How to configure Roaming Profiles and Folder Redirection
  http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• How to set users level security profiles and auditing?

  hi,
  We are using EBS 12( 12.0.6 ) with database 10g (10.2.0.3) on Linux redhat 4.
  I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
  infos and attempts should be audit.
  Please also explain the empact of audit on running system?
  Thx

  I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
  infos and attempts should be audit. https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+API&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+Audit&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  Please also explain the empact of audit on running system?https://forums.oracle.com/forums/search.jspa?threadID=&q=Auditing+AND+FND+AND+Profile+AND+Option&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  Try this in a TEST instance before you promote it to Production.
  You will need to bounce the application services and enforce the users to sign off/on after setting those profile options.
  Thanks,
  Hussein

• Disable profile option updation at user level

  I want to disable the profile option HR: Security Profile or for that matter any other profile option at user level. The user should be able to see the value set by the system administrator (Field should be grayed out) and user should not be able to update it.
  How to do it??

  Try a personalization combined with custom PLSQL, like this:
  1) Acces System Profiles
  2) Help->Diagnostics->Custom Code->Personalize
  3) In the newly displayed Form Personalization form, create a line with a description like this: Prevent modification of USER_VISIBLE_VALUE
  4) In the Conditions tab, set Trigger Event = WHEN-NEW-ITEM-INSTANCE
  5) Set Trigger Object = PROFILE_VALUES.USER_VISIBLE_VALUE
  6) In the Condition text area, enter:
  apps.xxror_test_sysprofile(:PROFILE_VALUES.USER_PROFILE_OPTION_NAME,'USER')=1
  7) Set Processing Mode to Both
  8) Switch to the Actions tab and create two actions:
  first:
  type = property
  description = Don't update
  Language=all
  enabled=yes
  object type=Item
  target object=PROFILE_VALUES.USER_VISIBLE_VALUE
  property name=UPDATE_ALLOWED
  value=false
  second:
  type=property
  description=Don't enter
  language=all
  enabled=yes
  object type=Item
  target object=PROFILE_VALUES.USER_VISIBLE_VALUE
  property name=ALTERABLE_PLUS
  value=false
  9) Repeat steps 3-8 if desired for other levels, such as:
  Prevent modification of SITE_VISIBLE_VALUE
  Prevent modification of APPL_VISIBLE_VALUE
  Prevent modification of RESP_VISIBLE_VALUE
  Prevent modification of SERVER_VISIBLE_VALUE
  Prevent modification of ORG_VISIBLE_VALUE
  paying attention to update the corresponding names for xxx_VISIBLE_VALUE.
  10) Create the following PLSQL function:
  CREATE OR REPLACE function xxror_test_sysprofile (
  prof_opt_name in varchar2,
  lvl in varchar2
  return number
  is
  v_ret number;
  s_prof varchar2(1024);
  s_uname varchar2(100);
  s_lvl varchar2(10);
  begin
  -- returns 0 if the user "uname" must be granted access the profile named "prof_opt_name" at the "lvl" level
  -- returns 1 if the user "uname" must be forbidden to access such a profile at such a level.
  -- important assumption: the "lvl" parameter may have only one of the following values:'SITE', 'APPL', 'RESP', 'USER', 'SERVER', 'ORG'
  -- or else this function will return 1, thus forbidding the access
  s_uname:=substr(upper(trim(nvl(fnd_profile.value('USERNAME'),''))),1,100);
  if s_uname in ('MY_ADMIN_1','MY_ADMIN_2','SYSADMIN') then
  v_ret:=0; -- no restrictions
  else
       if s_uname in ('MY_POWERUSER_1','MY_POWERUSER_2') then
       -- restrict to only the below mentioned profiles
       s_prof:=substr(upper(trim(nvl(prof_opt_name,''))),1,1024);
            s_lvl:=substr(upper(trim(nvl(lvl,''))),1,10);
            if
            (s_prof like '%WHATEVER%')
            then
                 if s_lvl in ('SITE', 'APPL', 'RESP', 'USER', 'SERVER', 'ORG') then
                      v_ret:=0; -- level acceptable for these users on these profiles
                 else
                      v_ret:=1; -- unknown level, so reject
                 end if;
            else
                 -- these users may not access these profiles, so reject
                 v_ret:=1;
            end if;
       else
            if s_lvl = 'SITE' then
            -- no way any other user than those above may modify site-level profiles
            v_ret:=1;
            else
                 -- any other user than those above may modify lower-level profiles, but
                 -- for now reject all
                 v_ret:=1;
            end if;
       end if;
  end if;
  return v_ret;
  end;
  Pls be aware that testing first on a test instance is always advisable.

• Object Level Security Profile-Collaborators

  Dear All,
  I the document collaborator security profile one permission is change master data state, is master data considered all fields within the contract.Also what will happen if this permission is changed to not set.
  Thanks,
  Jay

  Hi,
  object level security will be done by bi-server or presentation server?It would be maintained by both the servers,as the end user sends a request that would be sent to presentation server and then in turn to BI server....while in this processboth checks is there any security implemented on it.
  Ya in simple words authorization and authentication.
  Hope it helps you.
  By,
  KK

• Query to find all users under specific MO: Security Profile (per_security_profiles)

  Hi Folks,
  Could you please help me out to get list of users under the selected MO: Secuirty Profile.
  Requirement:
  I have a parameter in which i can select MO: Security profiles those are under responsibility level. So based upon this parameter i need to populate all organizations under selected MO Security Profile and in third parameter i need to fetch all users which are under selected MO: Security Profile.
  So please help me to sort out this problem.

  Pl do not post duplicates - How to Fetch organizations under specific MO: Security Profile
  Pl continue the discussion in your original thread

• Security profiles attached to an User

  Hi Gurus,
  Can anyone Help me out with the process to know, What all Security profiles are attached to an user in Oracle Apps HRMS.
  or
  any query available to know, What all Security profiles are attached to an user in Oracle Apps HRMS.
  Thanks in Advances

  You can use the following query to look for all the security profiles. You can join the hr_operating_units to fnd_profile_option_values.level_value to get the desired result.
  SELECT psp.security_profile_name,
         psp.security_profile_id,
         hou.NAME,
         hou.organization_id
    FROM per_security_profiles psp,
         per_security_organizations pso,
         hr_operating_units hou
  WHERE pso.security_profile_id = psp.security_profile_id
     AND pso.organization_id = hou.organization_id;Additionally, you can also have a look at the below MOS docs.
  How To Check If a Profile Option Is Set In Oracle Applications? [ID 470102.1]
  How to Search all of the Profile Options for a Specific Value [ID 282382.1]
  How To List E-Business Suite Profile Option Values For All Levels Using SQLPlus [ID 201945.1]
  Script To List The Values Of A Profile Option At All Levels [ID 803587.1]
  How to Search all of the Profile Options for a Specific Value [ID 282382.1]
  How To Find All Users With A Particular Profile Option Set? [ID 367926.1]
  How to Change Profile Option Value Without Forms? [ID 943710.1]
  Cheers,
  ND
  Use the "helpful" or "correct" buttons to award points to replies.

• How to create a profile value at user level programatically

  Dear all,
  I want to create a profile value at user level programatically, I refer to the developer guide and try to use fnd_profile.put() to create a new value.
  But I find out the value is just created in session level, not be inserted into base table.
  So is there anyone know how to realize this function in PL/SQL?
  Any idea is appreciated.
  Best Regards,
  Kenny

  Check Note: 364503.1 - How to Set a System Profile Value Without Logging in to the Applications
  https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=364503.1

• Data-level security in user level

  Hi All,
  In our OBIEE we have created several application roles and assign them to the users. We set data-level security for each application role, and the filter does apply to all related users. But we want to do more specific data-level security for each user, which we did by clicking on user name in Manage Identity, and set permission with additional data filter. But this does not work.
  Let's say we have Application Role1 with access to region='Asia', but then we want to set User1 to access only subregion='North Asia' and User2 to access only subregion='South East Asia', where User1 and User2 belongs to Application Role1.
  Is this possible to work in OBIEE 11g?
  Thanks.

  Hi,
  Yes it is possible,
  Please refer the below link.
  http://satyaobieesolutions.blogspot.in/2012/06/obiee-11g-security-week-row-level.html -- stey by step is there.
  Hope this help's
  Thanks
  Satya

• Update profile options at user level?

  Hi All,
  Need a script for,
  update profile options at user level, for example we should be able to update a profile xyz for a user abc using that script?
  or please provide the document related to that..

  Hi All,
  Thanks for all sugessions,
  i have written an script for updating profile option value from backend.
  SELECT d.level_id,c.user_name, b.profile_option_name, a.user_profile_option_name,d.profile_option_value
  FROM fnd_profile_options_tl a,
  fnd_profile_options b,
  fnd_user c,
  fnd_profile_option_values d
  WHERE d.profile_option_id = b.profile_option_id
  AND d.level_id = 10004
  AND a.profile_option_name = b.profile_option_name
  AND d.level_value = c.user_id
  AND c.user_name = '&USER_NAME'
  update query
  update fnd_profile_option_values
  set profile_option_value = '&Profile_Option_Value'
  where profile_option_id in
  (select profile_option_id from fnd_profile_options where profile_option_name
  =(select profile_option_name from fnd_profile_options_tl
  where user_profile_option_name = ('&User_Profile_Option_Name')))
  and level_id = 10004
  and level_value in (select user_id from fnd_user
  where user_name in ('&User_Name'))
  Thanks
  One

• Profile options at USER level in EBS r12

  Hi Gurus
  I'm an new to Oracle EBS can some one help with this,
  1. Turn on debugging using the following profile options at USER level :
  FND: Debug Log Enabled : Yes
  FND: Debug Log Level : Statement
  2. Run the Create Accounting Program
  3. Derive debug message using the following query and upload in excel format :
  SELECT substr(module,1,70), MESSAGE_TEXT, timestamp, log_sequence
  FROM fnd_log_messages msg, fnd_log_transaction_context tcon
  WHERE msg.TRANSACTION_CONTEXT_ID = tcon.TRANSACTION_CONTEXT_ID
  AND tcon.TRANSACTION_ID = <’Accounting program ‘ request ID>
  ORDER BY LOG_SEQUENCE
  4. Upload the LOG and OUTPUT files for the :
  - Create Accounting
  - Accounting Program
  Will be waiting for you reply.
  Best Regards
  Babu.

  Hi Babu,
  FND: Debug Log Enabled : Yes
  FND: Debug Log Level : Statement
  - Navigate to sysadmin responsibility > profile > system
  - Find for the respective profiles eg: FND: Debug Log Enabled
  - Set your desired value.
  2. Run the Create Accounting Program
  Run the create accounting conncurrnet program View > Request > New from the respective module
  SELECT substr(module,1,70), MESSAGE_TEXT, timestamp, log_sequence
  FROM fnd_log_messages msg, fnd_log_transaction_context tcon
  WHERE msg.TRANSACTION_CONTEXT_ID = tcon.TRANSACTION_CONTEXT_ID
  AND tcon.TRANSACTION_ID = <’Accounting program ‘ request ID>
  ORDER BY LOG_SEQUENCE
  Run this query from backend, and provide the Concurrent ID of the Create accounting program (replace this at <’Accounting program ‘ request ID>)
  - Create Accounting
  - Accounting Program
  Upload the the logfile and output files of the respective program and the output of the above query.
  I believe this is an action plan from the SR, you may also get the assistance from the SR itself and they will help you. Anyways let us know if you need any assistance
  Thanks &
  Best Regards

• Profile chance at user level

  hi,
  two things i wanted to know.
  (1) Can i change site name at user level ? (i tried updatable for user th' Application Developer responsibility)
  (2) The default color for query mode is Yellow. I want to change it to blue. Is this possible ?
  TIA
  dbaapps.

  Hi Babu,
  FND: Debug Log Enabled : Yes
  FND: Debug Log Level : Statement
  - Navigate to sysadmin responsibility > profile > system
  - Find for the respective profiles eg: FND: Debug Log Enabled
  - Set your desired value.
  2. Run the Create Accounting Program
  Run the create accounting conncurrnet program View > Request > New from the respective module
  SELECT substr(module,1,70), MESSAGE_TEXT, timestamp, log_sequence
  FROM fnd_log_messages msg, fnd_log_transaction_context tcon
  WHERE msg.TRANSACTION_CONTEXT_ID = tcon.TRANSACTION_CONTEXT_ID
  AND tcon.TRANSACTION_ID = <’Accounting program ‘ request ID>
  ORDER BY LOG_SEQUENCE
  Run this query from backend, and provide the Concurrent ID of the Create accounting program (replace this at <’Accounting program ‘ request ID>)
  - Create Accounting
  - Accounting Program
  Upload the the logfile and output files of the respective program and the output of the above query.
  I believe this is an action plan from the SR, you may also get the assistance from the SR itself and they will help you. Anyways let us know if you need any assistance
  Thanks &
  Best Regards

• Data Level security for specific Users

  Hi,
  Can you please suggest some ideas on by-passing the Data Level security for specific users or specific group?
  Currently, we have data level security defined on a group permissions for one group and for people belonging to another group, the security should not apply and they should see entire data.
  But, key thing here is that, the user belongs to both the groups.
  Any ideas helps.
  Thanks,
  Chandu.

  So you are saying you want a user to belong to a group with data-level security filters, but you don't want the filters to apply to that user?
  Why are they in the group then?
  Are the data filter defined with variables or are the hard-coded?
  If variables, you may be able to put logic in initialization block to set the variable appropriately for specific users.
  I'd rethink the security model - when I define data level security filters, I tend to force users to only belong to a single group/role.