R12 SLA drilldown security:How to restrict drilldown based on source/AppI

Similar Messages

• How to restricting comepetncy based on grade

  Hi,
  We have a requirement to restrict the comepetncy displayed after seraching by employees to those valid for its grade.
  Navigation -
  Employee Self-Service -> Competency Profile -> Add Comnpetency -> Find Competencies -> Search
  Is there anyway to restrict this based on the grade of the employee.
  If so, what kind of setup is required in the Competency KFF?
  I tried defining a DFF segment for competency and attaching a grade to the segment. So each cometency will hold the grade for which it is valid ( assuming a 1-1 mapping between each grade and competency )
  And then I tried to restrict the result of the query by using OA framework and adding a where clause to the View Object dynamically. But it doesn't work.
  i will post the OA Framework part of my post in OA Framework forum, but in general is there a way to achieve this requirement.
  Thanks,
  -Deb

  You've pretty much done what I would have tried first (except I am no good at OAF so would have asked a technical buddy).
  There is no way to link Competences to grade.
  Depending on how many grades you have, you might like to define one Competence Type, each type mapping onto each grade, and then associate the competencies to the type. I believe Types can then share some common competencies if there is crossover. Types will be easier to write SQL off of but you'd still have to customise your VO. It also makes it really easy for employees to search for the correct one.
  By the way, storing the grade on the competence keyflex effectively makes it part of the competence name which may start to look clunky in self service. I'd consider sticking the grade on the Competence flexfield which will also make your SQL easier to write as well as streamlining your competence name (I find querying on keyflex segments a bit of a chore).
  Last resort is you could simply code some PL/SQL in a user hook to error if the employee tries to add a competence that is not appropriate for their grade.

• Kids security - How to restrict online or usage time per account

  OSX enables you to restrict applications (e.g. safari, restriction of loadable web-sites). But how to give children a fixed amount of time per day to use their account or to access the internet?

  Some of the better routers allow you to set a schedule according to machine hardware number and services.

• How to restrict authorization based on profit center in ke80 report

  hi friends
  we have a situation where we need to maintain the authorization based on profit center in ke80 report. The authorzation object K_PCA is not working. whenever we assign a particular profit center and then generate the profile, we still get the message no autjorization and when we check su53 it shows it needs '' asterisk. but we cant assign the asterisk as we have 5 subsidaries and there are using 5 different set of profit centers so assigning asterisk () would be comprimising on our security.
  does anybody came across this situation and if yes how did they resolve this?
  I need your suggestions on how to maintain this restriction.
  Regards,
  Imran

  Hi Friends
  The problem has beend solved. It turns out that this is a report writer issue. We raised the issue with SAP and they informed that 'For Report Painter/Writer every item is checked if you have the authori-zation or not. Only the items with authorization fullfilled will be displayed afterwards'.
  Based on SAP answer we created different reports for each profit center/company code.
  I would like to thank you all for your time and inputs.
  Regards,

• How to Restrict Search based on the Roles for External crawled sites

  I have a situation where the search results have to be restricted based on role
  When External sites are crawled, how can we restrict the search results based on roles,
  I know that we can restrict the search to a group or set of groups that can contain many users but if the group have different roles and if that group has given access to a web repository search, how can we restrict the document/search access based on roles for the same group?
  For Example an Index that has external site as data source and the permissions were set for a group and that group has 2 roles, lets say <b>"Admin" and "user"</b> and the external site have some documents when searched the documents should come up only for the "Admin" role during search, but should not come up for the "user" role
  Is it possible to achieve this? Is there a solution?
  Any advices are greatly appreciated and awarded
  Thanks,
  kk

  Is it possible to restrict on role based?
  Any suggestions are appreciated
  Thanks
  KK

• Problem with FC security when data restrictions are based on RU dimention

  Dear Sirs,
  The data access restrictions for users in our system is configured, that reporting unitu2019s data can be accessed only by users that are responsible for ancestor's data based on RU hierarchy (restriction by RU dimension in data analysis).
  When reporting unit is moved in hierarchy from one parent to another -  old ancestor canu2019t access itu2019s data as only new ancestor do. But in that case we have a very big problem as users can't build old ancestoru2019s consolidated reports for previous periods - they are incorrect since RU dimension access is restricted for all periods.
  Are any ideas how the issue can be solved ?

  Dear Egle,
  Indeed,  the historical data within the reports will not be accessible after the data analysis modifications and this is the normal behavior of BO Financial Consolidation.
  Please note that an enhancement request was escalated to allow users to belong to more than one Data Access Group. This enhancement is referenced under the reference ADAPT01028492 ( for more information, you can refer to  the SAP Note 1405946 - BOFC - Allowing multiple Data Access Groups).
  This new feature is not implemented yet in  Financial Consolidation  and the current  workaround is to create 2, 3 or 4 users for the same person.
  However, this workaround will oblige users to disconnect/reconnect many times or open more than one session  to apply necessary changes on BO Financial Consolidation.
  If this request is quite important for you, we recommend you to enter this enhancement in our new site ( Idea Place): https://ideas.sap.com. Indeed, SAP has defined a new process and a new tool that is now available to customers  which allow them to log Enhancement Requests themselves and have the ability to work more directly with our technology and Development group.
  If the request sent by the customer is pertinent and voted by 10 other customers at minimum, the Enhancement Request will be probably accepted by the Product Group(to have more information  about this new process, you can refer to the SAP note 1515837 - NEW Enhancement Request Process - "Idea Place" )
  Let me know if you will need further details.
  Best regards,
  Emna.

• How to restrict "insert new data source" in Analysis, edition for Microsoft Office report

  Hi Experts,
  There is a requirement in my current project: when an end user access a Analysis, edition for Office Report from BI platform, they can view and refresh the report. But users should not be able to add new data source in that Analysis Report. As per my understanding, that means "insert data source" button should remain disable for the user.
  I have check all available access levels from CMC, but cannot find any. It will be great if you let know correct access level in CMC for the same.
  Any comments/recommendation will be appreciated.
  I am using BOXI4.1 SP3 version with Microsoft Office 2013.
  Thanks in advance.
  Regards,
  Animikh Chaudhury

  The answer from our account manager is that there is only one license model for AO - which means every user is able to refresh, navigate, use planning functions and add source data (whith the standard license). Adding a DS is not really more then navigation because you can build a Query with all key figures and characteristics of a cube which gives you flexibility. That makes sense because there are no authority checks installed from SAP to avoid this (maybe this is different in combination with HANA and workspaces) .
  Futhermore SAP has no possibility to measure how many users are doing which functions instead of recording every action of every user. But where should they do it? You could use it with BO or with Netweaver or in mixed Environments. The BO license check is done on BO platform and there you have no possibility to create new users which you need for connection (I'm not sure how this is monitored in a pure BW Environment without BO).
  Furterhmore another possibility to add new data is using vba. You don't really need the buttons from the menu.

• How to restrict the records in source qualifier?

  What is your source system?If it's Oracle, you could use the following trick:Wrap your original SQL query (which retrieves all the columns which you need plus "ROWNUM AS row_num") into a "common table expression" which returns records based on this "row_num", like this: SELECT a1, a2, a3,... an FROM(select *, rownum as row_num FROM tab1, tab2 WHERE...)WHERE row_num between 11 and 15 Other than that I would recommend you insert an Expression transformation into your mapping right after the Source Qualifier. Within this EXP, define a variable port "v_rownum" of type BigInt with this expression:  v_rownum + 1Then define an output port ROWNUM of type BigInt and set it to this expression:  v_rownumForward all the data from the SQ plus "ROWNUM" from the EXP into a Filter.Define two mapping parameters $$FIRST_ROW and $$LAST_ROW of type BigInt (if possible, I can't try myself at this moment).Set the Filter expression like this:  ROWNUM >= $$FIRST_ROW AND ROWNUM <= $$LAST_ROW This works for all sorts of source systems. Regards,Nico

  I Have loading 10 record on first run , inserted in DB,and again load 5 records in second run in this restrict the first 10 records in source qualifier and took only 5 records to the target?

• How to restrict Service PO type to enter GR based account assignment

  Hi,
  How to restrict Service Based PO document type to enter GR based Account assignment.
  Thanks in advance.
  Regards
  JACK

  Dear Jack,
  Purchase Order Account Assignment For Service Items:
  http://www.sap-img.com/materials/account-assignment.htm
  The concept of account assignment remains same whether for materials with Mat. No. Or only text. 
  If you are purchasing a particular service for a cost center. then you can assign the PO item to Cost Center & so on..... 
  Material Management 
  -> Purchasing 
  -> Material Master 
  -> Entry Aids For Items Without a Material Master.
  Also, visit:
  http://sap.ittoolbox.com/groups/technical-functional/sap-acct/maintance-order-not-reading-valuation-area-in-okb9-1018737
  Regards,
  Naveen.

• R12 GL Drilldown to PO

  Hello,
  I am looking for a query to drilldown information from GL to PO in release 12, does anyone has one? I am looking to drilldown to Purchase Orders and the Purchase Orders Receipts from GL.
  Thanks

  See the query in the following thread
  R12 GL Drilldown to AR
  Change the je_source to 'Purchasing'
  Thanks,
  Anil

• How to restrict employees from accessing managers data using custom security profile

  Hi,
  I am using custom security profile for restricting the employees from accessing supervisors details(PG.SEGMENT2=4). I have written the custom code as below :
  Responsibility :US Super HRMS Manager
  ASSIGNMENT.PERSON_ID
  IN
  (SELECT PAF.PERSON_ID FROM PER_ALL_PEOPLE_F PAF,
  PER_ALL_ASSIGNMENTS_F PF,
  PAY_PEOPLE_GROUPS PG,
  PER_PERSON_TYPE_USAGES_F PPU,
  FND_USER FNU
  WHERE PAF.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PAF.EFFECTIVE_START_DATE
  AND PAF.EFFECTIVE_END_DATE
  AND PF.PEOPLE_GROUP_ID=PG.PEOPLE_GROUP_ID
  AND :EFFECTIVE_DATE BETWEEN PF.EFFECTIVE_START_DATE AND PF.EFFECTIVE_END_DATE
  AND PPU.PERSON_ID=PAF.PERSON_ID
  AND PPU.PERSON_ID=PF.PERSON_ID
  AND :EFFECTIVE_DATE BETWEEN PPU.EFFECTIVE_START_daTE AND PPU.EFFECTIVE_END_DATE
  AND PAF.PERSON_ID=FNU.EMPLOYEE_ID
  AND PAF.PERSON_TYPE_ID =2
  AND PPU.PERSON_TYPE_ID
  IN(2,62)
  and PAF.person_id = FND_PROFILE.value('user_id')
  AND PG.SEGMENT2=8)
  and using "restrict the people visible to each other using this profile".
  I have assigned the security profile to HR user responsibility
  But when I query the supervisor name in HR User responsibility , it is not restricting me from viewing supervisor details.
  When I query for first time, its restricting me to view others details, but when I close that click on torch button and try searching, its allowing me to access manages details.
  Can any one please let me know what setups need to be done for restricting employees from viewing supervisors data.
  I have gone through the document "Understanding and Using HRMS Security in Oracle HRMS" but didn't got any idea.
  Please suggest.
  Thanks & Regards,
  Anusha.

  Hi All ,
  i solved the problem by using event 01 of header view and using the table "Extract" .
  Regards,
  Neha

• R12: How to Restrict Custom Responsibility to a particular Organization

  Hi,
  I have created a new responsibility say xx_resp.
  I want it to restrict it to paraticualr one organization say ORG1.
  whenver any user access any function under this responsibility he/she cannot query any other organization data except ORG1.
  Please advise.
  -Thanks
  SJ

  Hi Sj;
  Please see below which could be helpful for your issue:
  Restrict report to particular User
  to restrict the reports based on user responsiblity
  How to Restrict a Resp. to Specific Org. in Multi-Org. Setup within an OU
  Value Set Restriction in a Report
  Regard
  Helios

• Drilldown based on user access rights

  Hi
  I have a bar chart which displays monthly sales for Region A, Region B.
  I would like to know if it is possible to restrict drilldown based on user access rights (I'll get this from database and i know if the user has access or not when clicking, but i don't know how to disable the drill down or stop drilling down when user has no access rights)
  Thanks
  yesvee
  Edited by: yesvee123 on Jun 2, 2010 2:03 PM

  Hello Yesvee,
  Database security does not exist in CR Designer, only in Trusted Authentication but it doesn't support Row security. You'll have to use one of our other Products to get this feature/functionality.
  Call Sales for more info on which Products would be best suited for your needs and pricing.
  Thank you
  Don

• How to Restrict a Resp. to Specific Org. in Multi-Org. Setup within an OU

  Hi,
  I want to restrict a Responsibility to a specific Inventory Organization in an Operating Unit.
  For this purpose, I have defined a Security Profile which restricts the access to that specific Inventory Org. and Operating Unit, and assign the same to the
  Responsibility I want to restrict.
  The Security Profile is assigned at the Responsibility level using the Profile Option: MO: Security Profile.
  Relevant Information:
  Application: Oracle Purchasing
  Operating Unit: A OU
  Inventory Org.: A-1 (Access Allowed only to this Org.)
  Inventory Org.: A-2
  Inventory Org.: A-3
  Profile option: MO: Security Profile
  Now, while working in that Responsibility, for example, when I entered a Purchase Order, it’s not restricting me to the Org. assigned through security profile and also showing the other Inventory Orgs’ (in Shipment Tab of PO).
  Now please guide me how I can implement this control using this MO: Security Profile or through sum other functionality like: Org Access etc...
  Regards,
  Kashif

  Kashi,
  This security (also organization access security that is in Inventory) does not work for this screen.
  Just personlize this based on your business need. Use the WHEN-VALIDATE-RECORD event in the PO_SHIPMENTS block and use the condition :PO_SHIPMENTS.SHIP_TO_ORGANIZATION_CODE=<<ORG>> then raise an error message using the message as the action.
  Thanks
  Nagamohan

• How to restrict the user(Schema) from deleting the data from a table

  Hi All,
  I have scenario here.
  I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
  Below is the example.
  I have created a table employee in abc schema which has two values.
  EMPLOYEE
  ABC
  XYZ
  In the above scenario the abc user can only fire select query on the EMPLOYEE table.
  SELECT * FROM EMPLOYEE;
  He should not be able to use any other DML commands on that table.
  If he uses then Insufficient privileges error should be thrown.
  Can anyone please help me out on this.

  Hi,
  kumar0828 wrote:
  Hi Frank,
  Thanks for the reply.
  Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
  If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
  Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
  See the forum FAQ {message:id=9360002}
  The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
  USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
  SELECT  *
  FROM    table_x
  ;what actually runs is:
  SELECT  *
  FROM    table_x
  WHERE   USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
  ;If you want to prevent any user from deleting rows, then the policy function can return just this string
  0 = 1Then, if somone says
  DELETE  employee
  ;what actually gets run is
  DELETE  employee
  WHERE   0 = 1
  ;No error will be raised, but no rows will be deleted.
  Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
  Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
  I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.