OMA: Security Profiles

Similar Messages

• Importing custom created security profiles from a .csv or .xls document

  Hi Experts,
  We have a prerequisite where we need to create custome security profiles as per the requirement.
  These security profiles I have created in an excel sheet and wish to import it in the server.
  The reason behind creating the security profiles through excel sheet is that in the future we will be working on a new server. So instead of doing any rework we can directly import from this excel sheet.
  For creating a security profiles through an excel sheet, I have mentioned the following things in the excel sheet.
  1. In a "eso_security_profiles" i have mentioned the profile name,description,internal ID, etc..
  DISPLAY_NAME       DOCUMENT_DESCRIPTION    INTERNAL_NAME     CATEGORY  COLLAB_PROFILE    INTERNAL_TYPE     RESTRICTED
  DISPLAY_NAME:Category Manager    
  DOCUMENT_DESCRIPTION   : This profile is for the user who has full rights only at project business document but cannot approve and have no access rights to the master data
  INTERNAL_NAME  :  fci.profile.doc.category_manager
  CATEGORY  :   BUYSIDE     
  COLLAB_PROFILE    :   TRUE     
  INTERNAL_TYPE     :   
  RESTRICTED   :  
  2. And in the "eso_security_rights" I have mentioned the access rights as per requirement.
  RESOURCE        SECURITY_PROFILE                               ALLOW_PERMISSIONS       DENY_PERMISSIONS
  rfx.RFXDoc        fci.profile.doc.wft_category_manager     ODP_READ
  Please give some inputs on this. Am not sure if what I have done is the right way.
  Thanks.
  Vaishali.

  Hi Vaishali,
  I understand that you need these security profiles in another server going forward. I would suggest another way around rather.
  Please create the Security profiles in SAP Sourcing itself, then export the OMA file. When you move into another server please import this OMA file. This will serve the purpose of having the new security profiles in the new server.
  If you are modifing something in the workbook, then you should carefully review field details. As I am not sure which version of SAP Sourcing and details of workbook, so I would suggest the above way to try out.
  Hope this helps
  Thanks
  Jagamohan

• In R12.1.3, MO:Security Profile Vs HR:Cross Business Group precedence

  Hi All,
  In R12.1.3, Which profile option has higher precedence in MOAC structure.
  If i set the HR:Cross Business Group to NO at resp level and MO: Security Profile, which is associated to Global Security Profile which has two OUs of two different BGs.
  For example:
  I have BG1 - OU1
  BG2 - OU2
  Case 1:
  Global Security Profile - XXGSP has both OU1(BG1) and OU2(BG2) associated.
  HR:Cross Business Group - NO
  HR:Cross Business Group - BG1
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
  Case 2:
  Global Security Profile - XXGSP has both OU1(BG1) and OU2(BG2) associated.
  HR:Cross Business Group - Yes
  HR:Cross Business Group - BG1
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
  Case 3:
  Global Security Profile - XXGSP has both OU1(BG1) associated.
  HR:Cross Business Group - NO
  HR:Cross Business Group - BG2
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
  Case 4:
  Global Security Profile - XXGSP has both OU1(BG2) associated.
  HR:Cross Business Group - Yes
  HR:Cross Business Group - BG1
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU2?
  Regards,
  Soorya

  Hi Soorya,
  We are in a similiar situation and I was wondering if you have received an answer or how you proceeded?
  Thanks,
  Cathy

• Override Security Profile for one employee

  Hi
  I have one employee who works in 'Accounts Department' and the HR user of accounts department can see only the employees of Accounts Department based on the security profile. This is working fine. But theres a different requirement. Some employees are transferred to other departments for 3-6 months for different purposes. During this time also the HR user of accounts department needs to view this employees details due to HR policies and procedures. Can we achieve this? If yes, how?
  - Gulzar

  Q 1 - When Employee is transferred from Dept 1 to Dept 2 for 6 months, Should the HR for both Dept 1 and Dept 2 be able to see his details for 6 months?
  Q 2 - After 6 months period, employee's organization is again updated to Dept 1, should again HRs of both Dept 1 and Dept 2 be able to see his details even after the 6 months period?
  Q 3 - If answer for Q 2 is - "after 6 months period, only HR of Dept 1 should see his details" , how to identify Employee's home department? Will it be the Employee's Organization effective as of Employee's hire date?

• Creation of custom security profile

  Hi,
  During creation of the security profile, there is field 'internal name' .
  What is the significance of this field and how the internal name should be maintained. As this field becomes display once the security profile is created.
  Pointers will be appreciated.
  Rgds,
  Madhan

  Hi Madan
  Internal name is used by the system to identify a profile. While creating a new profile e.g. System Administrator_XYZ which is lets say based on the original system admin profile but with limited rights (to be given to a few users), you can extend the original internal name and extend it for e.g. fci.profile.admin.xyz
  Hope this helps!
  Regards
  Mudit Saini

• SQL Query in Custom Security when creating Security Profile

  Hello all,
  I've created a security profile with Custom security and provided a simple query in Custom Security tab-
  PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
  Custom security option is "Restrict the people visible to each user using this profile"
  I am not able to see the record as expected.
  If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to each user using this profile", I am able to see the record.
  If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to this profile", I am able to see the record after running PERSLM and same is in PER_PERSON_LISTS.
  Am I correct in checking with FND_GLOBAL.EMPLOYEE_ID?
  (This was mentioned in system administrator guide :
  "+Oracle HRMS assesses the custom security when the user signs on. In addition, the custom security code can include references to user specific variables, for example, fnd_profile.value() and fnd_global.employee_id.+"
  docs.oracle.com/cd/E18727_01/doc.121/e13509/T2096T2098.htm).
  I have tried with FND_GLOBAL.USER_ID / FND_PROFILE.VALUE('USER_ID') / :ASG_ID (seeded query has a join with this bind variable) - not happening.
  I've given options as below :
  Employees = None
  Contingent Worker = Restricted
  Applicant = None
  Contacts = All
  Candidates = All
  All other options - Defaulted
  Thanks,
  Sumanth

  Resolved this - One cannot see self's employee record in the form for which this is setup.
  Hence the below query though correct in syntax did not show any data.
  PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
  My original requirement was that all employees belonging to one's Organization should be displayed, and this is working fine with an updated query for the same.
  Thanks,
  Sumanth

• REQIMPORT errors when security profile set using 12I

  I am submitting the purchase requisition import using the following script in release 12I. The request is submitted but completes with an error.
  declare
  l_request_id NUMBER;
  l_batch_id NUMBER := 1027;
  l_ou_count NUMBER;
  l_org_id NUMBER := fnd_global.org_id;
  l_ou_name VARCHAR2(200);
  BEGIN
  fnd_global.apps_initialize (1759 -- User ID
  ,50557 -- Responsibility ID
  ,201); --Application ID
  mo_global.init('PO');
  mo_global.set_policy_context('S', l_org_id);
  mo_utils.get_default_ou(l_org_id, l_ou_name, l_ou_count);
  dbms_output.put_line('OU Name: '||l_ou_name||' OU count: '||l_ou_count||' ORG ID: '||l_org_id);
  l_org_id := mo_utils.get_default_org_id;
  dbms_output.put_line('Default ORG ID: '||l_org_id);
  l_request_id := fnd_request.submit_request
  (application => 'PO'
  ,program => 'REQIMPORT'
  ,description => NULL
  ,start_time => SYSDATE
  ,sub_request => FALSE
  ,argument1 => 'CONSIGNED MANUAL'
  ,argument2 => l_batch_id
  ,argument3 => 'LOCATION' --'Location'
  ,argument4 => NULL
  ,argument5 => 'N'
  ,argument6 => 'Y');
  dbms_output.put_line('Request ID: '||l_request_id);
  END;
  The MO: Default Operating Unit and MO: Operating Unit profiles are setup for the given responsibility with an operating unit value. The MO: Security Profile profile is set to a given profile at the site and responsibility level.
  When I remove the MO: Security Profile at the site level the purchase requisition concurrent request completes successfully. Only when the MO: Security Profile is set at the site level is the purchase requisition concurrent program submitted using the attached script erroring out.
  I can submit the purchase requisition import using the submit request form without any errors. I believe this is because the operating unit field is being populated.
  Has anyone run into this issue? Am I missing any commands that define the operating unit used in the concurrent program submission in release 12I?
  Any help is greatly appreciated.
  Charles

  Hi,
  Only when the MO: Security Profile is set at the site level is the purchase requisition concurrent program submitted using the attached script erroring out.Please see if the guidelines about this profile option in the following documents help.
  Note: 784609.1 - How Does R12 MOAC Defaulting Rules and MO: Security Profile Work?
  Note: 397362.1 - Multi Org Access Control (MOAC) in Oracle Purchasing
  Note: 420787.1 - Oracle Applications Multiple Organizations Access Control for Custom Code
  Regards,
  Hussein

• Securing WebService with Basic Security Profile

  Hi,
  I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
  I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
  WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6

  Hi,
  I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
  I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
  WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6

• Security Profile Seeting with in a Same Business Group

  Hello,
  With in one business group I have employee of multiple country. Now the concern is that I need to have two different responsibility through which I can restrict the employee as per the country.
  The things which identify between countries are. 1. They have different GRE. 2. They have different Operating Units. I have tried to create a security profile it has the one option Secure organization by single Operating units, but I ma not able to see that working? Where exactly we need to declare the operating Unit i need to secure for? Can any one suggest me a suitable work around.
  The version we are using is 11.5.10
  Thanks

  If you security profile is 'static', then you need to run the concurrent process 'Security List Maintenance'. This will identify all records which match the security profile rule and then allow the user to see those records when the use their 'secured' responsibility.
  Regards
  Tim

• Setting 'MO: Security Profile or MO: Operating Unit profile option' - Urgen

  All,
  Version: 12.0.4
  Module: Purchasing
  I'm trying to invoke the PO_CHANGE_API1_S.record_acceptance to send the Advance shipment Notice doc to Oracle R12. On invocation I'm getting the following error
  ORA-20001: APP-FND-02902: Multi-Org profile option is required+
  set either MO: Security Profile or MO: Operating Unit profile option+
  1. How do I set this profile option?
  2. Is it required to set both security and OU profile option?
  3. At what level(site,appln,resp,user,ou,...) should I set the profile?
  Please help me.
  Thanks,
  Sen

  Hi,
  You can set those profile options from System Administrator responsibility > Profile > System.
  Please see these docs for details.
  Note: 602141.1 - R12 - Error ORA-20001, APP-FND-02902 Accessing Profile Classes Form With Multi-Org Access Control (MOAC) Enabled
  Note: 338332.1 - App-Fnd:02902: Multi-Org Profile Option Is Required. Ora-20001
  Note: 393560.1 - How To Prevent the Profile Option MO: Operating Unit being set to NULL at Site Level?
  Regards,
  Hussein

• HRMS APP-PER-52803:Your business group does not match your security profile

  I see this as a common problem, please guide me as to what should be done to rectify it.
  While opening \Payroll\Description, it gives message as under:
  HRMS APP-PER-52803:Your business group does not match your security profile
  Regards
  Nemo

  Hi,
  I feel that "HR: Security Profile" option is not set properly, BZ of that screen is errors out.
  Please check the following Profile Options
  HR: Security Profile -- Enter the sec profile name which is business Group name
  HR: Business Group -- Your Business Group Name
  Note: If you set the HR: Security Profile optional first, then system will sets the HR: Business Group profile option too automatically.
  I hope this will solves your problem.
  thanks
  Krishna Prasad Rapolu
  Oracle HRMS Consultant.

• Lost Security Profile Password

  I'm using Acrobat Pro 7.0 and have misplaced the password on a security profile.  When I originally set it up, I checked the box that said "Save Passwords with Policy".  Is there a way I can retrieve the password from my Windows XP system?

  If the user account is associated with an Apple ID, and you know the Apple ID password, then maybe the Apple ID can be used to reset your user account password.
  Otherwise*, boot into Recovery mode. When the OS X Utilities screen appears, select
  Utilities ▹ Terminal
  from the menu bar. In the window that opens, type this:
  res
  Press the tab key. The partial command you typed will automatically be completed to this:
  resetpassword
  Press return. A Reset Password window opens. Close the Terminal window to get it out of the way.
  Select your boot volume ("Macintosh HD," unless you gave it a different name) if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Follow the prompts to reset the password. It's safest to choose a password that includes only the characters a-z, A-Z, and 0-9.
  Select
   ▹ Restart
  from the menu bar.
  You should now be able to log in with the new password, but your Keychain will be reset (empty.) If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it.
  *Note: If you've activated FileVault, this procedure doesn't apply. Follow instead these instructions.

• How to restrict employees from accessing managers data using custom security profile

  Hi,
  I am using custom security profile for restricting the employees from accessing supervisors details(PG.SEGMENT2=4). I have written the custom code as below :
  Responsibility :US Super HRMS Manager
  ASSIGNMENT.PERSON_ID
  IN
  (SELECT PAF.PERSON_ID FROM PER_ALL_PEOPLE_F PAF,
  PER_ALL_ASSIGNMENTS_F PF,
  PAY_PEOPLE_GROUPS PG,
  PER_PERSON_TYPE_USAGES_F PPU,
  FND_USER FNU
  WHERE PAF.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PAF.EFFECTIVE_START_DATE
  AND PAF.EFFECTIVE_END_DATE
  AND PF.PEOPLE_GROUP_ID=PG.PEOPLE_GROUP_ID
  AND :EFFECTIVE_DATE BETWEEN PF.EFFECTIVE_START_DATE AND PF.EFFECTIVE_END_DATE
  AND PPU.PERSON_ID=PAF.PERSON_ID
  AND PPU.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PPU.EFFECTIVE_START_daTE AND PPU.EFFECTIVE_END_DATE
  AND PAF.PERSON_ID=FNU.EMPLOYEE_ID
  AND PAF.PERSON_TYPE_ID =2
  AND PPU.PERSON_TYPE_ID
  IN(2,62)
  and PAF.person_id = FND_PROFILE.value('user_id')
  AND PG.SEGMENT2=8)
  and using "restrict the people visible to each other using this profile".
  I have assigned the security profile to HR user responsibility
  But when I query the supervisor name in HR User responsibility , it is not restricting me from viewing supervisor details.
  When I query for first time, its restricting me to view others details, but when I close that click on torch button and try searching, its allowing me to access manages details.
  Can any one please let me know what setups need to be done for restricting employees from viewing supervisors data.
  I have gone through the document "Understanding and Using HRMS Security in Oracle HRMS" but didn't got any idea.
  Please suggest.
  Thanks & Regards,
  Anusha.

  Hi All ,
  i solved the problem by using event 01 of header view and using the table "Extract" .
  Regards,
  Neha

• Export - custom queries and reports, and security profiles

  We would like to keep a copy of our customizations to the application. 
  There are ways to import queries, reports and profiles into the app.  Is there any way to export the following to something like a CSV file for the following:
  - custom queries (all tabs)
  - custom reports (all tabs)
  - security profiles (custom and out of box u2013 all access rights)
  Thanks,
  Jerry

  Jerry,
  There are no standard queries that extract security profiles, Query Groups, Reports or Query Defintiions from the system. 
  However you can build custom queries that support this functionality.  During an implementation project I created some custom queries which allowed you to extract these objects for documenting purposes  We likely could supply these to you through SAP Consulting.  Please reach out to your SAP rep and have them Contact Me.  I have created some instruction that explain how to create these.
  Regards,
  James

• How do we move the 'Security Profiles' between the instances.

  Hi All
  Do we have any facility like FNDLOAD to move the 'Security Profile's
  between the instances .
  I am not able to find any LCT file inorder to use the FNDLOAD option.
  Many Thanks
  Ravinder Namsani

  Hi snowbagel,
  To reset your account security questions your identity will have to be verified and iTunes Store support can't do that through mail support.  You may find contacting Apple through the phone to be a quicker solution:
  http://support.apple.com/kb/HE57
  Kind regards,