OMA: Security Profiles
Hi,
I am trying to migrate the Custom Security Profiles from one system to another.
When I create the OMA package and import the same in another system, only the security profile name is getting exported and none of its content is getting exported i.e the controls I have ' SET' in the role are coming as ' NOT SET' in the new environment.
What is going wrong.
Regards,
Pankaj
I guess ACL is not available in Single SRM Object because selecting a single ACL would not be very useful and also ACLs are associated with a Security Profile. You would have to use the Object List and write your own custom OML query or use the Dataset option which will export all. If Dataset option suits your needs, that would be the easiest.
Or another option would be to use the workbook approach. You could look at the security_rights tab on the enterprise workbook from Resource Guide as a reference.
Vikram
Similar Messages
-
Importing custom created security profiles from a .csv or .xls document
Hi Experts,
We have a prerequisite where we need to create custome security profiles as per the requirement.
These security profiles I have created in an excel sheet and wish to import it in the server.
The reason behind creating the security profiles through excel sheet is that in the future we will be working on a new server. So instead of doing any rework we can directly import from this excel sheet.
For creating a security profiles through an excel sheet, I have mentioned the following things in the excel sheet.
1. In a "eso_security_profiles" i have mentioned the profile name,description,internal ID, etc..
DISPLAY_NAME DOCUMENT_DESCRIPTION INTERNAL_NAME CATEGORY COLLAB_PROFILE INTERNAL_TYPE RESTRICTED
DISPLAY_NAME:Category Manager
DOCUMENT_DESCRIPTION : This profile is for the user who has full rights only at project business document but cannot approve and have no access rights to the master data
INTERNAL_NAME : fci.profile.doc.category_manager
CATEGORY : BUYSIDE
COLLAB_PROFILE : TRUE
INTERNAL_TYPE :
RESTRICTED :
2. And in the "eso_security_rights" I have mentioned the access rights as per requirement.
RESOURCE SECURITY_PROFILE ALLOW_PERMISSIONS DENY_PERMISSIONS
rfx.RFXDoc fci.profile.doc.wft_category_manager ODP_READ
Please give some inputs on this. Am not sure if what I have done is the right way.
Thanks.
Vaishali.Hi Vaishali,
I understand that you need these security profiles in another server going forward. I would suggest another way around rather.
Please create the Security profiles in SAP Sourcing itself, then export the OMA file. When you move into another server please import this OMA file. This will serve the purpose of having the new security profiles in the new server.
If you are modifing something in the workbook, then you should carefully review field details. As I am not sure which version of SAP Sourcing and details of workbook, so I would suggest the above way to try out.
Hope this helps
Thanks
Jagamohan -
Hi All,
In R12.1.3, Which profile option has higher precedence in MOAC structure.
If i set the HR:Cross Business Group to NO at resp level and MO: Security Profile, which is associated to Global Security Profile which has two OUs of two different BGs.
For example:
I have BG1 - OU1
BG2 - OU2
Case 1:
Global Security Profile - XXGSP has both OU1(BG1) and OU2(BG2) associated.
HR:Cross Business Group - NO
HR:Cross Business Group - BG1
In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
Case 2:
Global Security Profile - XXGSP has both OU1(BG1) and OU2(BG2) associated.
HR:Cross Business Group - Yes
HR:Cross Business Group - BG1
In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
Case 3:
Global Security Profile - XXGSP has both OU1(BG1) associated.
HR:Cross Business Group - NO
HR:Cross Business Group - BG2
In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
Case 4:
Global Security Profile - XXGSP has both OU1(BG2) associated.
HR:Cross Business Group - Yes
HR:Cross Business Group - BG1
In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU2?
Regards,
SooryaHi Soorya,
We are in a similiar situation and I was wondering if you have received an answer or how you proceeded?
Thanks,
Cathy -
Override Security Profile for one employee
Hi
I have one employee who works in 'Accounts Department' and the HR user of accounts department can see only the employees of Accounts Department based on the security profile. This is working fine. But theres a different requirement. Some employees are transferred to other departments for 3-6 months for different purposes. During this time also the HR user of accounts department needs to view this employees details due to HR policies and procedures. Can we achieve this? If yes, how?
- GulzarQ 1 - When Employee is transferred from Dept 1 to Dept 2 for 6 months, Should the HR for both Dept 1 and Dept 2 be able to see his details for 6 months?
Q 2 - After 6 months period, employee's organization is again updated to Dept 1, should again HRs of both Dept 1 and Dept 2 be able to see his details even after the 6 months period?
Q 3 - If answer for Q 2 is - "after 6 months period, only HR of Dept 1 should see his details" , how to identify Employee's home department? Will it be the Employee's Organization effective as of Employee's hire date? -
Creation of custom security profile
Hi,
During creation of the security profile, there is field 'internal name' .
What is the significance of this field and how the internal name should be maintained. As this field becomes display once the security profile is created.
Pointers will be appreciated.
Rgds,
MadhanHi Madan
Internal name is used by the system to identify a profile. While creating a new profile e.g. System Administrator_XYZ which is lets say based on the original system admin profile but with limited rights (to be given to a few users), you can extend the original internal name and extend it for e.g. fci.profile.admin.xyz
Hope this helps!
Regards
Mudit Saini -
SQL Query in Custom Security when creating Security Profile
Hello all,
I've created a security profile with Custom security and provided a simple query in Custom Security tab-
PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
Custom security option is "Restrict the people visible to each user using this profile"
I am not able to see the record as expected.
If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to each user using this profile", I am able to see the record.
If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to this profile", I am able to see the record after running PERSLM and same is in PER_PERSON_LISTS.
Am I correct in checking with FND_GLOBAL.EMPLOYEE_ID?
(This was mentioned in system administrator guide :
"+Oracle HRMS assesses the custom security when the user signs on. In addition, the custom security code can include references to user specific variables, for example, fnd_profile.value() and fnd_global.employee_id.+"
docs.oracle.com/cd/E18727_01/doc.121/e13509/T2096T2098.htm).
I have tried with FND_GLOBAL.USER_ID / FND_PROFILE.VALUE('USER_ID') / :ASG_ID (seeded query has a join with this bind variable) - not happening.
I've given options as below :
Employees = None
Contingent Worker = Restricted
Applicant = None
Contacts = All
Candidates = All
All other options - Defaulted
Thanks,
SumanthResolved this - One cannot see self's employee record in the form for which this is setup.
Hence the below query though correct in syntax did not show any data.
PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
My original requirement was that all employees belonging to one's Organization should be displayed, and this is working fine with an updated query for the same.
Thanks,
Sumanth -
REQIMPORT errors when security profile set using 12I
I am submitting the purchase requisition import using the following script in release 12I. The request is submitted but completes with an error.
declare
l_request_id NUMBER;
l_batch_id NUMBER := 1027;
l_ou_count NUMBER;
l_org_id NUMBER := fnd_global.org_id;
l_ou_name VARCHAR2(200);
BEGIN
fnd_global.apps_initialize (1759 -- User ID
,50557 -- Responsibility ID
,201); --Application ID
mo_global.init('PO');
mo_global.set_policy_context('S', l_org_id);
mo_utils.get_default_ou(l_org_id, l_ou_name, l_ou_count);
dbms_output.put_line('OU Name: '||l_ou_name||' OU count: '||l_ou_count||' ORG ID: '||l_org_id);
l_org_id := mo_utils.get_default_org_id;
dbms_output.put_line('Default ORG ID: '||l_org_id);
l_request_id := fnd_request.submit_request
(application => 'PO'
,program => 'REQIMPORT'
,description => NULL
,start_time => SYSDATE
,sub_request => FALSE
,argument1 => 'CONSIGNED MANUAL'
,argument2 => l_batch_id
,argument3 => 'LOCATION' --'Location'
,argument4 => NULL
,argument5 => 'N'
,argument6 => 'Y');
dbms_output.put_line('Request ID: '||l_request_id);
END;
The MO: Default Operating Unit and MO: Operating Unit profiles are setup for the given responsibility with an operating unit value. The MO: Security Profile profile is set to a given profile at the site and responsibility level.
When I remove the MO: Security Profile at the site level the purchase requisition concurrent request completes successfully. Only when the MO: Security Profile is set at the site level is the purchase requisition concurrent program submitted using the attached script erroring out.
I can submit the purchase requisition import using the submit request form without any errors. I believe this is because the operating unit field is being populated.
Has anyone run into this issue? Am I missing any commands that define the operating unit used in the concurrent program submission in release 12I?
Any help is greatly appreciated.
CharlesHi,
Only when the MO: Security Profile is set at the site level is the purchase requisition concurrent program submitted using the attached script erroring out.Please see if the guidelines about this profile option in the following documents help.
Note: 784609.1 - How Does R12 MOAC Defaulting Rules and MO: Security Profile Work?
Note: 397362.1 - Multi Org Access Control (MOAC) in Oracle Purchasing
Note: 420787.1 - Oracle Applications Multiple Organizations Access Control for Custom Code
Regards,
Hussein -
Securing WebService with Basic Security Profile
Hi,
I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6Hi,
I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6 -
Security Profile Seeting with in a Same Business Group
Hello,
With in one business group I have employee of multiple country. Now the concern is that I need to have two different responsibility through which I can restrict the employee as per the country.
The things which identify between countries are. 1. They have different GRE. 2. They have different Operating Units. I have tried to create a security profile it has the one option Secure organization by single Operating units, but I ma not able to see that working? Where exactly we need to declare the operating Unit i need to secure for? Can any one suggest me a suitable work around.
The version we are using is 11.5.10
ThanksIf you security profile is 'static', then you need to run the concurrent process 'Security List Maintenance'. This will identify all records which match the security profile rule and then allow the user to see those records when the use their 'secured' responsibility.
Regards
Tim -
Setting 'MO: Security Profile or MO: Operating Unit profile option' - Urgen
All,
Version: 12.0.4
Module: Purchasing
I'm trying to invoke the PO_CHANGE_API1_S.record_acceptance to send the Advance shipment Notice doc to Oracle R12. On invocation I'm getting the following error
ORA-20001: APP-FND-02902: Multi-Org profile option is required+
set either MO: Security Profile or MO: Operating Unit profile option+
1. How do I set this profile option?
2. Is it required to set both security and OU profile option?
3. At what level(site,appln,resp,user,ou,...) should I set the profile?
Please help me.
Thanks,
SenHi,
You can set those profile options from System Administrator responsibility > Profile > System.
Please see these docs for details.
Note: 602141.1 - R12 - Error ORA-20001, APP-FND-02902 Accessing Profile Classes Form With Multi-Org Access Control (MOAC) Enabled
Note: 338332.1 - App-Fnd:02902: Multi-Org Profile Option Is Required. Ora-20001
Note: 393560.1 - How To Prevent the Profile Option MO: Operating Unit being set to NULL at Site Level?
Regards,
Hussein -
HRMS APP-PER-52803:Your business group does not match your security profile
I see this as a common problem, please guide me as to what should be done to rectify it.
While opening \Payroll\Description, it gives message as under:
HRMS APP-PER-52803:Your business group does not match your security profile
Regards
NemoHi,
I feel that "HR: Security Profile" option is not set properly, BZ of that screen is errors out.
Please check the following Profile Options
HR: Security Profile -- Enter the sec profile name which is business Group name
HR: Business Group -- Your Business Group Name
Note: If you set the HR: Security Profile optional first, then system will sets the HR: Business Group profile option too automatically.
I hope this will solves your problem.
thanks
Krishna Prasad Rapolu
Oracle HRMS Consultant. -
Lost Security Profile Password
I'm using Acrobat Pro 7.0 and have misplaced the password on a security profile. When I originally set it up, I checked the box that said "Save Passwords with Policy". Is there a way I can retrieve the password from my Windows XP system?
If the user account is associated with an Apple ID, and you know the Apple ID password, then maybe the Apple ID can be used to reset your user account password.
Otherwise*, boot into Recovery mode. When the OS X Utilities screen appears, select
Utilities ▹ Terminal
from the menu bar. In the window that opens, type this:
res
Press the tab key. The partial command you typed will automatically be completed to this:
resetpassword
Press return. A Reset Password window opens. Close the Terminal window to get it out of the way.
Select your boot volume ("Macintosh HD," unless you gave it a different name) if not already selected.
Select your username from the menu labeled Select the user account if not already selected.
Follow the prompts to reset the password. It's safest to choose a password that includes only the characters a-z, A-Z, and 0-9.
Select
▹ Restart
from the menu bar.
You should now be able to log in with the new password, but your Keychain will be reset (empty.) If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it.
*Note: If you've activated FileVault, this procedure doesn't apply. Follow instead these instructions. -
How to restrict employees from accessing managers data using custom security profile
Hi,
I am using custom security profile for restricting the employees from accessing supervisors details(PG.SEGMENT2=4). I have written the custom code as below :
Responsibility :US Super HRMS Manager
ASSIGNMENT.PERSON_ID
IN
(SELECT PAF.PERSON_ID FROM PER_ALL_PEOPLE_F PAF,
PER_ALL_ASSIGNMENTS_F PF,
PAY_PEOPLE_GROUPS PG,
PER_PERSON_TYPE_USAGES_F PPU,
FND_USER FNU
WHERE PAF.PERSON_ID=PF.PERSON_ID
AND :EFFECTIVE_DATE BETWEEN PAF.EFFECTIVE_START_DATE
AND PAF.EFFECTIVE_END_DATE
AND PF.PEOPLE_GROUP_ID=PG.PEOPLE_GROUP_ID
AND :EFFECTIVE_DATE BETWEEN PF.EFFECTIVE_START_DATE AND PF.EFFECTIVE_END_DATE
AND PPU.PERSON_ID=PAF.PERSON_ID
AND PPU.PERSON_ID=PF.PERSON_ID
AND :EFFECTIVE_DATE BETWEEN PPU.EFFECTIVE_START_daTE AND PPU.EFFECTIVE_END_DATE
AND PAF.PERSON_ID=FNU.EMPLOYEE_ID
AND PAF.PERSON_TYPE_ID =2
AND PPU.PERSON_TYPE_ID
IN(2,62)
and PAF.person_id = FND_PROFILE.value('user_id')
AND PG.SEGMENT2=8)
and using "restrict the people visible to each other using this profile".
I have assigned the security profile to HR user responsibility
But when I query the supervisor name in HR User responsibility , it is not restricting me from viewing supervisor details.
When I query for first time, its restricting me to view others details, but when I close that click on torch button and try searching, its allowing me to access manages details.
Can any one please let me know what setups need to be done for restricting employees from viewing supervisors data.
I have gone through the document "Understanding and Using HRMS Security in Oracle HRMS" but didn't got any idea.
Please suggest.
Thanks & Regards,
Anusha.Hi All ,
i solved the problem by using event 01 of header view and using the table "Extract" .
Regards,
Neha -
Export - custom queries and reports, and security profiles
We would like to keep a copy of our customizations to the application.
There are ways to import queries, reports and profiles into the app. Is there any way to export the following to something like a CSV file for the following:
- custom queries (all tabs)
- custom reports (all tabs)
- security profiles (custom and out of box u2013 all access rights)
Thanks,
JerryJerry,
There are no standard queries that extract security profiles, Query Groups, Reports or Query Defintiions from the system.
However you can build custom queries that support this functionality. During an implementation project I created some custom queries which allowed you to extract these objects for documenting purposes We likely could supply these to you through SAP Consulting. Please reach out to your SAP rep and have them Contact Me. I have created some instruction that explain how to create these.
Regards,
James -
How do we move the 'Security Profiles' between the instances.
Hi All
Do we have any facility like FNDLOAD to move the 'Security Profile's
between the instances .
I am not able to find any LCT file inorder to use the FNDLOAD option.
Many Thanks
Ravinder NamsaniHi snowbagel,
To reset your account security questions your identity will have to be verified and iTunes Store support can't do that through mail support. You may find contacting Apple through the phone to be a quicker solution:
http://support.apple.com/kb/HE57
Kind regards,
Maybe you are looking for
-
Simple Button to Control Movie Clip
Hello, I was relatively comfortable with AS 2.0, but am having a hard time warming up to 3.0. I feel that this should be something simple to find help online with, yet I'm finding it difficult to get a simple answer. I have a button that is inside a
-
My iphone 4s will not switch on. Supposidly it has been "charging" all day and stll it does not have enough life to switch on. Rang Apple this morning and they will replace the phone under warrenty free of charge. Only problem is with this being my f
-
JMIP Print in Scheduling agreement
Dear Friends, I am not getting the print of JMIP (excise duties) in scheduling agreement, but in Po i get this, I have maintained FV11 & selected tax code. Kindly give the solution. regards, MD
-
Some of the files in my pictures are covered with a white page, how do I clear it?
I was working in Sony Vegas to put a dvd together with both video and pictures, the program kept becoming unresponsive and after about the 4th time I noticed that some of my picture files were covered with a white page. I can open the files to see my
-
Crystal Report - Linking tables
Hi all, I had a look around for this subject matter but cannot find anything to answer my question. If you know where I can find the answer, please let me know. I have 2 tables on Crystal Report and am trying to link the Primary table to the seconda