In R12.1.3, MO:Security Profile Vs HR:Cross Business Group precedence

Similar Messages

• Creating a NEW Business Group, NO Security Profile generated

  Platform : R12 running on Linux86 --> FRESH install ( NOT Vision db )
  Resp : Global HRMS Super User
  Problem : No Security Profile generated for NEWLY created Business Group
  After creating a NEW business group ( ie. BG1 )
  I am able to see both BG1 and Setup Business Group ( I an view both Business Groups via Organization screen)
  When I access the Security Profile screen using the same resp "Global HRMS Super User"...
  I can ONLY see the default security profile ( Setup Business Group )...
  I am NOT able to view the default security profile ( BG1 ) that should have been created when I created my new business group earlier.
  NOTE : If I use the VISION db, and do the exact same thing... I can see both Security Profiles.. and both Business Groups.
  If I use the FRESH db, I can see both Business Groups... BUT... only 1 Security Profile... ( Setup Business Group )
  WHY ??
  Someone please HELP !!
  Thank-you
  Charlie :)

  hi charlie i tried the same in my vision instance, i am able to view my BG at the security profile level,
  when you query the system profiles,have you enabled the display checkbox at the responsibility level and try, or create an new responsibility and try... let me know the navigation you done clearly,
  Raj

• HRMS APP-PER-52803:Your business group does not match your security profile

  I see this as a common problem, please guide me as to what should be done to rectify it.
  While opening \Payroll\Description, it gives message as under:
  HRMS APP-PER-52803:Your business group does not match your security profile
  Regards
  Nemo

  Hi,
  I feel that "HR: Security Profile" option is not set properly, BZ of that screen is errors out.
  Please check the following Profile Options
  HR: Security Profile -- Enter the sec profile name which is business Group name
  HR: Business Group -- Your Business Group Name
  Note: If you set the HR: Security Profile optional first, then system will sets the HR: Business Group profile option too automatically.
  I hope this will solves your problem.
  thanks
  Krishna Prasad Rapolu
  Oracle HRMS Consultant.

• R12 Security Profiles

  Hi- novice here. I do this: select security_profile_id, security_profile_name
  from per_security_profiles
  If I do the above query, I get values like:
  1508 SECCPF5O
  1509 SECCPF5P
  1510 SECCPF5R
  1511 SECCPF5T
  1512 SECCPF5V
  1513 SECCPF5W
  1514 SECCPF5X
  These are security profile names. My client uses these to decide what data a user can see when they log in. What the custom code is doing is comparing that security profile name (formerly secure_oracle_username in 10.7) with the user that is logged in and lets the user see specific data based on this.
  The thing is, user names are not the above SECC% name. I need to know where in the database (tables or forms) I can find the relation between who is logged in (user name) and the security profile for each. Is there a table to coorolate the two? I assume all users have a security profile attached to them correct? Is there a form I can navigate to in order to see/assign this? If so, I can examine that form and find the tables.
  Thanks in advance for your input.

  Pl post details of OS, database and EBS versions.
  Pl see if these MOS Docs can help
  Understanding and Using HRMS Security in Oracle HRMS          (Doc ID 394083.1)
  Secure Users Functionality in Release 11          (Doc ID 50850.1)
  You Have Installed, Now Before You Setup, Read This! - HR Shared          (Doc ID 116376.1)
  More information is in the "Oracle HRMS Configuring, Reporting, and System Administration Guide" for your release at http://www.oracle.com/technetwork/documentation/applications-167706.html
  HTH
  Srini

• REQIMPORT errors when security profile set using 12I

  I am submitting the purchase requisition import using the following script in release 12I. The request is submitted but completes with an error.
  declare
  l_request_id NUMBER;
  l_batch_id NUMBER := 1027;
  l_ou_count NUMBER;
  l_org_id NUMBER := fnd_global.org_id;
  l_ou_name VARCHAR2(200);
  BEGIN
  fnd_global.apps_initialize (1759 -- User ID
  ,50557 -- Responsibility ID
  ,201); --Application ID
  mo_global.init('PO');
  mo_global.set_policy_context('S', l_org_id);
  mo_utils.get_default_ou(l_org_id, l_ou_name, l_ou_count);
  dbms_output.put_line('OU Name: '||l_ou_name||' OU count: '||l_ou_count||' ORG ID: '||l_org_id);
  l_org_id := mo_utils.get_default_org_id;
  dbms_output.put_line('Default ORG ID: '||l_org_id);
  l_request_id := fnd_request.submit_request
  (application => 'PO'
  ,program => 'REQIMPORT'
  ,description => NULL
  ,start_time => SYSDATE
  ,sub_request => FALSE
  ,argument1 => 'CONSIGNED MANUAL'
  ,argument2 => l_batch_id
  ,argument3 => 'LOCATION' --'Location'
  ,argument4 => NULL
  ,argument5 => 'N'
  ,argument6 => 'Y');
  dbms_output.put_line('Request ID: '||l_request_id);
  END;
  The MO: Default Operating Unit and MO: Operating Unit profiles are setup for the given responsibility with an operating unit value. The MO: Security Profile profile is set to a given profile at the site and responsibility level.
  When I remove the MO: Security Profile at the site level the purchase requisition concurrent request completes successfully. Only when the MO: Security Profile is set at the site level is the purchase requisition concurrent program submitted using the attached script erroring out.
  I can submit the purchase requisition import using the submit request form without any errors. I believe this is because the operating unit field is being populated.
  Has anyone run into this issue? Am I missing any commands that define the operating unit used in the concurrent program submission in release 12I?
  Any help is greatly appreciated.
  Charles

  Hi,
  Only when the MO: Security Profile is set at the site level is the purchase requisition concurrent program submitted using the attached script erroring out.Please see if the guidelines about this profile option in the following documents help.
  Note: 784609.1 - How Does R12 MOAC Defaulting Rules and MO: Security Profile Work?
  Note: 397362.1 - Multi Org Access Control (MOAC) in Oracle Purchasing
  Note: 420787.1 - Oracle Applications Multiple Organizations Access Control for Custom Code
  Regards,
  Hussein

• Setting 'MO: Security Profile or MO: Operating Unit profile option' - Urgen

  All,
  Version: 12.0.4
  Module: Purchasing
  I'm trying to invoke the PO_CHANGE_API1_S.record_acceptance to send the Advance shipment Notice doc to Oracle R12. On invocation I'm getting the following error
  ORA-20001: APP-FND-02902: Multi-Org profile option is required+
  set either MO: Security Profile or MO: Operating Unit profile option+
  1. How do I set this profile option?
  2. Is it required to set both security and OU profile option?
  3. At what level(site,appln,resp,user,ou,...) should I set the profile?
  Please help me.
  Thanks,
  Sen

  Hi,
  You can set those profile options from System Administrator responsibility > Profile > System.
  Please see these docs for details.
  Note: 602141.1 - R12 - Error ORA-20001, APP-FND-02902 Accessing Profile Classes Form With Multi-Org Access Control (MOAC) Enabled
  Note: 338332.1 - App-Fnd:02902: Multi-Org Profile Option Is Required. Ora-20001
  Note: 393560.1 - How To Prevent the Profile Option MO: Operating Unit being set to NULL at Site Level?
  Regards,
  Hussein

• Security Profile with Assignment-level Security limitations

  Hi, We are on an R12 installation, and have a security profile based on Organization Hierarchy (With Assignment-Level Security - i.e. 'Restrict on Individual Assignments' checkbox is ticked); this is based on a specific organisation as the 'Top Org' rather than the User's own Assignment.
  The profile option "HR: Access Non-Current Employee Data" is set to 'Yes', but the security profile still restricts access to Future-Dated Assignments and Ended Assignments. Is this expected behaviour, and is the only solution to develop a Custom security profile, and is this even feasible (to replicate organisation hierarchy security using SQL in the custom security tab), or would we have to use a different criteria, such as Payroll?
  Regards, Chris

  Further investigation reveals this is a limitation of the product - within security, the selection criteria which determines which individuals (or assignments) is handled seperately to Assignment-level security (i.e. whether individual assignments are restricted), it is not possible to get around this issue even using custom security, as that does not give one the power to determine how individual assignments are handled. Thus if assignment-level security is implemented, the user cannot see Ended or Future-Dated assignments, even if the profile option "HR: Access Non-Current Employee Data" is set to 'Yes'.
  The only workaround we have found for this is to:
  a) remove assignment-level security, and
  b) ensure that where an employee has multiple assignments that cross security groups, this individual is set up twice, as two separate employees.

• Mixed results from HR EBS Security Profile in new Discoverer 11g  EUL

  Hello,
  We’ve recently implement a new Discoverer 11g (11.1.1.4.0) APPS MODE EUL against out R12.1.3 EBS application.
  In HR EBS we have Security Profiles that limit data access against some responsibilities( No Sr. Exec or HR personnel).
  We are seeing mixed results in Discoverer when accessing Shared Workbooks using these responsibilities.
  Let’s say I’m viewing workbooks that return Current Employee Salary details. For some the data is filtered as expected. For others, all rows are being returned!
  Any ideas on why we’re seeing this behavior and what the resolution might be?
  Thank you ahead of time for you help.
  Rich

  Hi Rod,
  Thanks for the reply!
  I think I understand what you are saying but let me provide some more detail and we'll see if this still applies.
  Yes. We are using custom responsibilities designed against the HR application.
  The user is accessing workbooks through Discoverer Viewer. They are not logged into EBS application. They are logging directly into Discoverer View and are selecting the Limited Inquiry responsibility (As far as I know there is know way to switch resp once logged in so the security profile should be applied).
  In this session, the user opens one workbook and the security options are applied, with limited data being returned. Great.
  Close that workbook and open another. This time the security options are not applied, with all rows data being returned.
  Any ideas?
  Best Regards,
  Rich

• Override Security Profile for one employee

  Hi
  I have one employee who works in 'Accounts Department' and the HR user of accounts department can see only the employees of Accounts Department based on the security profile. This is working fine. But theres a different requirement. Some employees are transferred to other departments for 3-6 months for different purposes. During this time also the HR user of accounts department needs to view this employees details due to HR policies and procedures. Can we achieve this? If yes, how?
  - Gulzar

  Q 1 - When Employee is transferred from Dept 1 to Dept 2 for 6 months, Should the HR for both Dept 1 and Dept 2 be able to see his details for 6 months?
  Q 2 - After 6 months period, employee's organization is again updated to Dept 1, should again HRs of both Dept 1 and Dept 2 be able to see his details even after the 6 months period?
  Q 3 - If answer for Q 2 is - "after 6 months period, only HR of Dept 1 should see his details" , how to identify Employee's home department? Will it be the Employee's Organization effective as of Employee's hire date?

• Creation of custom security profile

  Hi,
  During creation of the security profile, there is field 'internal name' .
  What is the significance of this field and how the internal name should be maintained. As this field becomes display once the security profile is created.
  Pointers will be appreciated.
  Rgds,
  Madhan

  Hi Madan
  Internal name is used by the system to identify a profile. While creating a new profile e.g. System Administrator_XYZ which is lets say based on the original system admin profile but with limited rights (to be given to a few users), you can extend the original internal name and extend it for e.g. fci.profile.admin.xyz
  Hope this helps!
  Regards
  Mudit Saini

• SQL Query in Custom Security when creating Security Profile

  Hello all,
  I've created a security profile with Custom security and provided a simple query in Custom Security tab-
  PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
  Custom security option is "Restrict the people visible to each user using this profile"
  I am not able to see the record as expected.
  If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to each user using this profile", I am able to see the record.
  If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to this profile", I am able to see the record after running PERSLM and same is in PER_PERSON_LISTS.
  Am I correct in checking with FND_GLOBAL.EMPLOYEE_ID?
  (This was mentioned in system administrator guide :
  "+Oracle HRMS assesses the custom security when the user signs on. In addition, the custom security code can include references to user specific variables, for example, fnd_profile.value() and fnd_global.employee_id.+"
  docs.oracle.com/cd/E18727_01/doc.121/e13509/T2096T2098.htm).
  I have tried with FND_GLOBAL.USER_ID / FND_PROFILE.VALUE('USER_ID') / :ASG_ID (seeded query has a join with this bind variable) - not happening.
  I've given options as below :
  Employees = None
  Contingent Worker = Restricted
  Applicant = None
  Contacts = All
  Candidates = All
  All other options - Defaulted
  Thanks,
  Sumanth

  Resolved this - One cannot see self's employee record in the form for which this is setup.
  Hence the below query though correct in syntax did not show any data.
  PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
  My original requirement was that all employees belonging to one's Organization should be displayed, and this is working fine with an updated query for the same.
  Thanks,
  Sumanth

• Securing WebService with Basic Security Profile

  Hi,
  I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
  I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
  WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6

  Hi,
  I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
  I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
  WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6

• Security Profile Seeting with in a Same Business Group

  Hello,
  With in one business group I have employee of multiple country. Now the concern is that I need to have two different responsibility through which I can restrict the employee as per the country.
  The things which identify between countries are. 1. They have different GRE. 2. They have different Operating Units. I have tried to create a security profile it has the one option Secure organization by single Operating units, but I ma not able to see that working? Where exactly we need to declare the operating Unit i need to secure for? Can any one suggest me a suitable work around.
  The version we are using is 11.5.10
  Thanks

  If you security profile is 'static', then you need to run the concurrent process 'Security List Maintenance'. This will identify all records which match the security profile rule and then allow the user to see those records when the use their 'secured' responsibility.
  Regards
  Tim

• Lost Security Profile Password

  I'm using Acrobat Pro 7.0 and have misplaced the password on a security profile.  When I originally set it up, I checked the box that said "Save Passwords with Policy".  Is there a way I can retrieve the password from my Windows XP system?

  If the user account is associated with an Apple ID, and you know the Apple ID password, then maybe the Apple ID can be used to reset your user account password.
  Otherwise*, boot into Recovery mode. When the OS X Utilities screen appears, select
  Utilities ▹ Terminal
  from the menu bar. In the window that opens, type this:
  res
  Press the tab key. The partial command you typed will automatically be completed to this:
  resetpassword
  Press return. A Reset Password window opens. Close the Terminal window to get it out of the way.
  Select your boot volume ("Macintosh HD," unless you gave it a different name) if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Follow the prompts to reset the password. It's safest to choose a password that includes only the characters a-z, A-Z, and 0-9.
  Select
   ▹ Restart
  from the menu bar.
  You should now be able to log in with the new password, but your Keychain will be reset (empty.) If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it.
  *Note: If you've activated FileVault, this procedure doesn't apply. Follow instead these instructions.

• How to restrict employees from accessing managers data using custom security profile

  Hi,
  I am using custom security profile for restricting the employees from accessing supervisors details(PG.SEGMENT2=4). I have written the custom code as below :
  Responsibility :US Super HRMS Manager
  ASSIGNMENT.PERSON_ID
  IN
  (SELECT PAF.PERSON_ID FROM PER_ALL_PEOPLE_F PAF,
  PER_ALL_ASSIGNMENTS_F PF,
  PAY_PEOPLE_GROUPS PG,
  PER_PERSON_TYPE_USAGES_F PPU,
  FND_USER FNU
  WHERE PAF.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PAF.EFFECTIVE_START_DATE
  AND PAF.EFFECTIVE_END_DATE
  AND PF.PEOPLE_GROUP_ID=PG.PEOPLE_GROUP_ID
  AND :EFFECTIVE_DATE BETWEEN PF.EFFECTIVE_START_DATE AND PF.EFFECTIVE_END_DATE
  AND PPU.PERSON_ID=PAF.PERSON_ID
  AND PPU.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PPU.EFFECTIVE_START_daTE AND PPU.EFFECTIVE_END_DATE
  AND PAF.PERSON_ID=FNU.EMPLOYEE_ID
  AND PAF.PERSON_TYPE_ID =2
  AND PPU.PERSON_TYPE_ID
  IN(2,62)
  and PAF.person_id = FND_PROFILE.value('user_id')
  AND PG.SEGMENT2=8)
  and using "restrict the people visible to each other using this profile".
  I have assigned the security profile to HR user responsibility
  But when I query the supervisor name in HR User responsibility , it is not restricting me from viewing supervisor details.
  When I query for first time, its restricting me to view others details, but when I close that click on torch button and try searching, its allowing me to access manages details.
  Can any one please let me know what setups need to be done for restricting employees from viewing supervisors data.
  I have gone through the document "Understanding and Using HRMS Security in Oracle HRMS" but didn't got any idea.
  Please suggest.
  Thanks & Regards,
  Anusha.

  Hi All ,
  i solved the problem by using event 01 of header view and using the table "Extract" .
  Regards,
  Neha