Re: Security Profile
Hi All,
When we set the fnd_global.apps_initialize from the backend using
begin
fnd_global.APPS_INITIALIZE(user_id=>4599,resp_id=>50860, resp_appl_id=>800);
end;
,resp_id=>50860------->'San Antonio, TX HRMS User'
An employee emp#2565 is not getting reported.
But, When we logon to the corresponding responsibility('San Antonio, TX HRMS User') We are able to see the that
emp#2565 person.
Can anyone help me in this regard why this is happening?
Thanks
Can you please clarify what you mean by not getting reported
Similar Messages
-
Hi All,
In R12.1.3, Which profile option has higher precedence in MOAC structure.
If i set the HR:Cross Business Group to NO at resp level and MO: Security Profile, which is associated to Global Security Profile which has two OUs of two different BGs.
For example:
I have BG1 - OU1
BG2 - OU2
Case 1:
Global Security Profile - XXGSP has both OU1(BG1) and OU2(BG2) associated.
HR:Cross Business Group - NO
HR:Cross Business Group - BG1
In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
Case 2:
Global Security Profile - XXGSP has both OU1(BG1) and OU2(BG2) associated.
HR:Cross Business Group - Yes
HR:Cross Business Group - BG1
In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
Case 3:
Global Security Profile - XXGSP has both OU1(BG1) associated.
HR:Cross Business Group - NO
HR:Cross Business Group - BG2
In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
Case 4:
Global Security Profile - XXGSP has both OU1(BG2) associated.
HR:Cross Business Group - Yes
HR:Cross Business Group - BG1
In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU2?
Regards,
SooryaHi Soorya,
We are in a similiar situation and I was wondering if you have received an answer or how you proceeded?
Thanks,
Cathy -
Override Security Profile for one employee
Hi
I have one employee who works in 'Accounts Department' and the HR user of accounts department can see only the employees of Accounts Department based on the security profile. This is working fine. But theres a different requirement. Some employees are transferred to other departments for 3-6 months for different purposes. During this time also the HR user of accounts department needs to view this employees details due to HR policies and procedures. Can we achieve this? If yes, how?
- GulzarQ 1 - When Employee is transferred from Dept 1 to Dept 2 for 6 months, Should the HR for both Dept 1 and Dept 2 be able to see his details for 6 months?
Q 2 - After 6 months period, employee's organization is again updated to Dept 1, should again HRs of both Dept 1 and Dept 2 be able to see his details even after the 6 months period?
Q 3 - If answer for Q 2 is - "after 6 months period, only HR of Dept 1 should see his details" , how to identify Employee's home department? Will it be the Employee's Organization effective as of Employee's hire date? -
Creation of custom security profile
Hi,
During creation of the security profile, there is field 'internal name' .
What is the significance of this field and how the internal name should be maintained. As this field becomes display once the security profile is created.
Pointers will be appreciated.
Rgds,
MadhanHi Madan
Internal name is used by the system to identify a profile. While creating a new profile e.g. System Administrator_XYZ which is lets say based on the original system admin profile but with limited rights (to be given to a few users), you can extend the original internal name and extend it for e.g. fci.profile.admin.xyz
Hope this helps!
Regards
Mudit Saini -
SQL Query in Custom Security when creating Security Profile
Hello all,
I've created a security profile with Custom security and provided a simple query in Custom Security tab-
PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
Custom security option is "Restrict the people visible to each user using this profile"
I am not able to see the record as expected.
If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to each user using this profile", I am able to see the record.
If I Hardcode the person ID "PERSON.PERSON_ID = 13449" with "Restrict the people visible to this profile", I am able to see the record after running PERSLM and same is in PER_PERSON_LISTS.
Am I correct in checking with FND_GLOBAL.EMPLOYEE_ID?
(This was mentioned in system administrator guide :
"+Oracle HRMS assesses the custom security when the user signs on. In addition, the custom security code can include references to user specific variables, for example, fnd_profile.value() and fnd_global.employee_id.+"
docs.oracle.com/cd/E18727_01/doc.121/e13509/T2096T2098.htm).
I have tried with FND_GLOBAL.USER_ID / FND_PROFILE.VALUE('USER_ID') / :ASG_ID (seeded query has a join with this bind variable) - not happening.
I've given options as below :
Employees = None
Contingent Worker = Restricted
Applicant = None
Contacts = All
Candidates = All
All other options - Defaulted
Thanks,
SumanthResolved this - One cannot see self's employee record in the form for which this is setup.
Hence the below query though correct in syntax did not show any data.
PERSON.PERSON_ID = FND_GLOBAL.EMPLOYEE_ID
My original requirement was that all employees belonging to one's Organization should be displayed, and this is working fine with an updated query for the same.
Thanks,
Sumanth -
REQIMPORT errors when security profile set using 12I
I am submitting the purchase requisition import using the following script in release 12I. The request is submitted but completes with an error.
declare
l_request_id NUMBER;
l_batch_id NUMBER := 1027;
l_ou_count NUMBER;
l_org_id NUMBER := fnd_global.org_id;
l_ou_name VARCHAR2(200);
BEGIN
fnd_global.apps_initialize (1759 -- User ID
,50557 -- Responsibility ID
,201); --Application ID
mo_global.init('PO');
mo_global.set_policy_context('S', l_org_id);
mo_utils.get_default_ou(l_org_id, l_ou_name, l_ou_count);
dbms_output.put_line('OU Name: '||l_ou_name||' OU count: '||l_ou_count||' ORG ID: '||l_org_id);
l_org_id := mo_utils.get_default_org_id;
dbms_output.put_line('Default ORG ID: '||l_org_id);
l_request_id := fnd_request.submit_request
(application => 'PO'
,program => 'REQIMPORT'
,description => NULL
,start_time => SYSDATE
,sub_request => FALSE
,argument1 => 'CONSIGNED MANUAL'
,argument2 => l_batch_id
,argument3 => 'LOCATION' --'Location'
,argument4 => NULL
,argument5 => 'N'
,argument6 => 'Y');
dbms_output.put_line('Request ID: '||l_request_id);
END;
The MO: Default Operating Unit and MO: Operating Unit profiles are setup for the given responsibility with an operating unit value. The MO: Security Profile profile is set to a given profile at the site and responsibility level.
When I remove the MO: Security Profile at the site level the purchase requisition concurrent request completes successfully. Only when the MO: Security Profile is set at the site level is the purchase requisition concurrent program submitted using the attached script erroring out.
I can submit the purchase requisition import using the submit request form without any errors. I believe this is because the operating unit field is being populated.
Has anyone run into this issue? Am I missing any commands that define the operating unit used in the concurrent program submission in release 12I?
Any help is greatly appreciated.
CharlesHi,
Only when the MO: Security Profile is set at the site level is the purchase requisition concurrent program submitted using the attached script erroring out.Please see if the guidelines about this profile option in the following documents help.
Note: 784609.1 - How Does R12 MOAC Defaulting Rules and MO: Security Profile Work?
Note: 397362.1 - Multi Org Access Control (MOAC) in Oracle Purchasing
Note: 420787.1 - Oracle Applications Multiple Organizations Access Control for Custom Code
Regards,
Hussein -
Securing WebService with Basic Security Profile
Hi,
I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6Hi,
I'm trying to write a WebService on EJB 3.0 that is secured with Basic Security Profile. Every message is signed with x509 certificate.
I'm new in Java WebServices and I really don't know how to do it. Can anybody help me?
WebService will be deployed on JBoss 4.2.1 GA with java jdk 1.6 -
Security Profile Seeting with in a Same Business Group
Hello,
With in one business group I have employee of multiple country. Now the concern is that I need to have two different responsibility through which I can restrict the employee as per the country.
The things which identify between countries are. 1. They have different GRE. 2. They have different Operating Units. I have tried to create a security profile it has the one option Secure organization by single Operating units, but I ma not able to see that working? Where exactly we need to declare the operating Unit i need to secure for? Can any one suggest me a suitable work around.
The version we are using is 11.5.10
ThanksIf you security profile is 'static', then you need to run the concurrent process 'Security List Maintenance'. This will identify all records which match the security profile rule and then allow the user to see those records when the use their 'secured' responsibility.
Regards
Tim -
Setting 'MO: Security Profile or MO: Operating Unit profile option' - Urgen
All,
Version: 12.0.4
Module: Purchasing
I'm trying to invoke the PO_CHANGE_API1_S.record_acceptance to send the Advance shipment Notice doc to Oracle R12. On invocation I'm getting the following error
ORA-20001: APP-FND-02902: Multi-Org profile option is required+
set either MO: Security Profile or MO: Operating Unit profile option+
1. How do I set this profile option?
2. Is it required to set both security and OU profile option?
3. At what level(site,appln,resp,user,ou,...) should I set the profile?
Please help me.
Thanks,
SenHi,
You can set those profile options from System Administrator responsibility > Profile > System.
Please see these docs for details.
Note: 602141.1 - R12 - Error ORA-20001, APP-FND-02902 Accessing Profile Classes Form With Multi-Org Access Control (MOAC) Enabled
Note: 338332.1 - App-Fnd:02902: Multi-Org Profile Option Is Required. Ora-20001
Note: 393560.1 - How To Prevent the Profile Option MO: Operating Unit being set to NULL at Site Level?
Regards,
Hussein -
HRMS APP-PER-52803:Your business group does not match your security profile
I see this as a common problem, please guide me as to what should be done to rectify it.
While opening \Payroll\Description, it gives message as under:
HRMS APP-PER-52803:Your business group does not match your security profile
Regards
NemoHi,
I feel that "HR: Security Profile" option is not set properly, BZ of that screen is errors out.
Please check the following Profile Options
HR: Security Profile -- Enter the sec profile name which is business Group name
HR: Business Group -- Your Business Group Name
Note: If you set the HR: Security Profile optional first, then system will sets the HR: Business Group profile option too automatically.
I hope this will solves your problem.
thanks
Krishna Prasad Rapolu
Oracle HRMS Consultant. -
Lost Security Profile Password
I'm using Acrobat Pro 7.0 and have misplaced the password on a security profile. When I originally set it up, I checked the box that said "Save Passwords with Policy". Is there a way I can retrieve the password from my Windows XP system?
If the user account is associated with an Apple ID, and you know the Apple ID password, then maybe the Apple ID can be used to reset your user account password.
Otherwise*, boot into Recovery mode. When the OS X Utilities screen appears, select
Utilities ▹ Terminal
from the menu bar. In the window that opens, type this:
res
Press the tab key. The partial command you typed will automatically be completed to this:
resetpassword
Press return. A Reset Password window opens. Close the Terminal window to get it out of the way.
Select your boot volume ("Macintosh HD," unless you gave it a different name) if not already selected.
Select your username from the menu labeled Select the user account if not already selected.
Follow the prompts to reset the password. It's safest to choose a password that includes only the characters a-z, A-Z, and 0-9.
Select
▹ Restart
from the menu bar.
You should now be able to log in with the new password, but your Keychain will be reset (empty.) If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it.
*Note: If you've activated FileVault, this procedure doesn't apply. Follow instead these instructions. -
How to restrict employees from accessing managers data using custom security profile
Hi,
I am using custom security profile for restricting the employees from accessing supervisors details(PG.SEGMENT2=4). I have written the custom code as below :
Responsibility :US Super HRMS Manager
ASSIGNMENT.PERSON_ID
IN
(SELECT PAF.PERSON_ID FROM PER_ALL_PEOPLE_F PAF,
PER_ALL_ASSIGNMENTS_F PF,
PAY_PEOPLE_GROUPS PG,
PER_PERSON_TYPE_USAGES_F PPU,
FND_USER FNU
WHERE PAF.PERSON_ID=PF.PERSON_ID
AND :EFFECTIVE_DATE BETWEEN PAF.EFFECTIVE_START_DATE
AND PAF.EFFECTIVE_END_DATE
AND PF.PEOPLE_GROUP_ID=PG.PEOPLE_GROUP_ID
AND :EFFECTIVE_DATE BETWEEN PF.EFFECTIVE_START_DATE AND PF.EFFECTIVE_END_DATE
AND PPU.PERSON_ID=PAF.PERSON_ID
AND PPU.PERSON_ID=PF.PERSON_ID
AND :EFFECTIVE_DATE BETWEEN PPU.EFFECTIVE_START_daTE AND PPU.EFFECTIVE_END_DATE
AND PAF.PERSON_ID=FNU.EMPLOYEE_ID
AND PAF.PERSON_TYPE_ID =2
AND PPU.PERSON_TYPE_ID
IN(2,62)
and PAF.person_id = FND_PROFILE.value('user_id')
AND PG.SEGMENT2=8)
and using "restrict the people visible to each other using this profile".
I have assigned the security profile to HR user responsibility
But when I query the supervisor name in HR User responsibility , it is not restricting me from viewing supervisor details.
When I query for first time, its restricting me to view others details, but when I close that click on torch button and try searching, its allowing me to access manages details.
Can any one please let me know what setups need to be done for restricting employees from viewing supervisors data.
I have gone through the document "Understanding and Using HRMS Security in Oracle HRMS" but didn't got any idea.
Please suggest.
Thanks & Regards,
Anusha.Hi All ,
i solved the problem by using event 01 of header view and using the table "Extract" .
Regards,
Neha -
Export - custom queries and reports, and security profiles
We would like to keep a copy of our customizations to the application.
There are ways to import queries, reports and profiles into the app. Is there any way to export the following to something like a CSV file for the following:
- custom queries (all tabs)
- custom reports (all tabs)
- security profiles (custom and out of box u2013 all access rights)
Thanks,
JerryJerry,
There are no standard queries that extract security profiles, Query Groups, Reports or Query Defintiions from the system.
However you can build custom queries that support this functionality. During an implementation project I created some custom queries which allowed you to extract these objects for documenting purposes We likely could supply these to you through SAP Consulting. Please reach out to your SAP rep and have them Contact Me. I have created some instruction that explain how to create these.
Regards,
James -
How do we move the 'Security Profiles' between the instances.
Hi All
Do we have any facility like FNDLOAD to move the 'Security Profile's
between the instances .
I am not able to find any LCT file inorder to use the FNDLOAD option.
Many Thanks
Ravinder NamsaniHi snowbagel,
To reset your account security questions your identity will have to be verified and iTunes Store support can't do that through mail support. You may find contacting Apple through the phone to be a quicker solution:
http://support.apple.com/kb/HE57
Kind regards, -
Mapping Apps security profiles in Discoverer
Hello
We wish to implement a 2-tiered security architecture. We already have the 1st tier in place in Disco Admin by assigning specific Business Areas to responsibilities.
However, we also want to use the Apps custom Security Profiles to restrict access to tables and views through Discoverer Admin.
How can this be implemented? Any examples would be most welcome.
Thanks
Sanjib Manna
Oracle Practice
IBM Business ConsultingYou can use the following query to look for all the security profiles. You can join the hr_operating_units to fnd_profile_option_values.level_value to get the desired result.
SELECT psp.security_profile_name,
psp.security_profile_id,
hou.NAME,
hou.organization_id
FROM per_security_profiles psp,
per_security_organizations pso,
hr_operating_units hou
WHERE pso.security_profile_id = psp.security_profile_id
AND pso.organization_id = hou.organization_id;Additionally, you can also have a look at the below MOS docs.
How To Check If a Profile Option Is Set In Oracle Applications? [ID 470102.1]
How to Search all of the Profile Options for a Specific Value [ID 282382.1]
How To List E-Business Suite Profile Option Values For All Levels Using SQLPlus [ID 201945.1]
Script To List The Values Of A Profile Option At All Levels [ID 803587.1]
How to Search all of the Profile Options for a Specific Value [ID 282382.1]
How To Find All Users With A Particular Profile Option Set? [ID 367926.1]
How to Change Profile Option Value Without Forms? [ID 943710.1]
Cheers,
ND
Use the "helpful" or "correct" buttons to award points to replies. -
Hi- novice here. I do this: select security_profile_id, security_profile_name
from per_security_profiles
If I do the above query, I get values like:
1508 SECCPF5O
1509 SECCPF5P
1510 SECCPF5R
1511 SECCPF5T
1512 SECCPF5V
1513 SECCPF5W
1514 SECCPF5X
These are security profile names. My client uses these to decide what data a user can see when they log in. What the custom code is doing is comparing that security profile name (formerly secure_oracle_username in 10.7) with the user that is logged in and lets the user see specific data based on this.
The thing is, user names are not the above SECC% name. I need to know where in the database (tables or forms) I can find the relation between who is logged in (user name) and the security profile for each. Is there a table to coorolate the two? I assume all users have a security profile attached to them correct? Is there a form I can navigate to in order to see/assign this? If so, I can examine that form and find the tables.
Thanks in advance for your input.Pl post details of OS, database and EBS versions.
Pl see if these MOS Docs can help
Understanding and Using HRMS Security in Oracle HRMS (Doc ID 394083.1)
Secure Users Functionality in Release 11 (Doc ID 50850.1)
You Have Installed, Now Before You Setup, Read This! - HR Shared (Doc ID 116376.1)
More information is in the "Oracle HRMS Configuring, Reporting, and System Administration Guide" for your release at http://www.oracle.com/technetwork/documentation/applications-167706.html
HTH
Srini
Maybe you are looking for
-
How to edit a ".class" file? Anyone?
I hope someone can help me with this... Someone gave me a class file to put into my applet. However, I'm wanting to go into the class file and change a few things around. However, I've done just about everything to try to find a way to go into the co
-
Survey result sending online/offline
Hi there. For our new customer we would like to add a survey at the end of the folio. Now we are thinking what are the best ways to do this. Since the folio contains learning material the basic idea is that you don't really need any internet access t
-
How to install the driver of the 'SCSI and RAID Host Controller'
Hi, I have two Windows XP(32Bit) installations: •Windows XP SP2(32Bit) which is old and it seems as if it is infected by some viruses. •I have installed another fresh clean Windows XP(32Bit) SP3. However, I have found that there is no category named
-
Portlet Discoverer List of Worksheets OAS 10.1.2 ???
Hi! After we upgreded OAS 9..0.4 to 10.1.2 Portlet "Discoverer List of Worksheets" did't work. On page portal make "Edit defaults" for portlet.. On first step "Database connect" is successfully. Next step show "Discoverer List of Worksheets", but I c
-
Suggestion for a future release (Large number of playlists)
It would really be great if you could send a playlist to a connected iPod by right clicking on it. Instead of having to drag it. When you have a large number of playlists and you want to drag one from the bottom it can take 2 or 3 minutes just to get