Security models in Oracle HRMS

Oracle HRMS provides two different security models: Standard HRMS security and Security Groups Enabled security (formerly called Cross Business Group Responsibility Security).
What are advantages and disadvantages?
We have two business groups. Which security model do you suggest and why?
Thank you for your answers!

Hi Austria
As suggested in previous two responses, since you have 2 business groups, it is beneficial for you to go for multi-business group scenario. Thus, enabling Security groups based security.
Once this is enabled, the responsibilities to different users should be attached using the form 'Assign Security Profiles' in UK HRMS manager responsibility. Using this, you can attach required security profile (for the specific business group) and the responsibility to the user.

Similar Messages

  • Multi security groups in Oracle apps hrms

    Hi All,
    Could you please let us know how to enable or disable multi security groups in Oracle Apps hrms?
    Thnaks,
    Anil

    If you have access to Oracle Help-on-line check it there
    <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by Amit Das ([email protected]):
    Can you please tell me of any document/book etc which describes the security features in Oracle Apps specially on Oracle financials. <HR></BLOCKQUOTE>
    null

  • Mail-merging from Oracle HRMS - Web ADI vs BI Publisher

    Hi
    I'm currently involved in a project to automate the production of candidate offer letters and contracts from HRMS for our shared HR service centre. The solution I've built to date uses custom database tables and PL/SQL to select the relevant text for the candidate based on a set of criteria, and views to supply the necessary data to Web ADI which then performs the actual merge into a template Microsoft Word document on demand from the end-user.
    The issue we're facing is that the Web ADI to Word interface can't handle more than 64 merge fields (Word basically throws up an error saying the maximum number of fields has been exceeded) so I'm looking at alternatives which will still provide the same (or nearly the same) functionality in terms of mail-merging. From the looks of things it seems like BI Publisher could be a potential alternative; I do however have a few questions which I hope someone can answer!
    1) How easily can BI Publisher be integrated with HRMS to provide such mail-merge functionality on demand? How would such integration be achieved e.g. concurrent program, button on the toolbar in HRMS?
    2) How many merge fields can BI Publisher handle? Our largest letter has nearly 100 unique fields, a number which could go up or down over time.
    3) I understand from looking at some of the tutorials and demos that an RTF template could be used as the basis for the mail merge - where would this be stored, on the database or the file system?
    4) Are there any case studies out there which cover such an implementation of BI Publisher? This would be really useful as it would help in formulating a recommendation to my project manager!
    Many thanks
    Geoff Butler

    metalray wrote:
    Well, glad you got soemthing. Now I try to be more "properly" for you :)
    Good that you are trying.
    The LDAP users do not show up in my Web Logic console. Is a functionality available to allocate the LDAP users to Oracle user groups in web logic or do I expect too much?LDAP = what in your case, do you mean Active Directory .? or any other LDAP directory .?
    You need to configure that in weblogic as one of the authentication providers if you have not done so yet, otherwise they cannot magically appear in WLS console.
    So I am assuming you are expecting too much if you have not configured and trying to look for LDAP users. Let us know if you have already configured one but having trouble managing these users.
    If the functionality (allocating LDAP users to groups) exists in the oracle web logic console,Even though you configure LDAP users in WLS , you cannot assign LDAP users to LDAP groups in WLS since you have to do that in your LDAP not in WLS.
    why does this functionality also in the Oracle BI Publisher Admin screen?Oracle BI Publisher security is managed by Fusion middleware security model not Weblogic , so to get the LDAP users to BIP you need to integrate OBIEE security to BI Publisher.
    Hope this helps. ! Mark if it does.
    Thanks,
    SVS

  • Need Best Practice - Apex, multiple schemas, security model

    We have an oracle database which contains
    a) named database users with no objects
    b) several schemas with data tables:
    sales
    marketing
    accounting
    We need to build GUI for tables in these schemas,
    every database users should belong to a group, each user group should have access to several (not all) GUI pages.
    1) Is it possible and is it recommended (if not - why?) to create ONE workspace and ONE application inside it to have access to ALL tables in ALL schemas listed with user groups level security?
    How to do it properly?
    Some link to documentation?
    2) Which security model (apex users, database users,..) to choose and why? please recommend some links to comparison...

    Hi Marcus,
    Our developers like to see all the tables for a single custom application in its own diagram no matter where they come from and the DBA's don't want to wade through several thousand tables to find the handful we need nor have to duplicate table definitions in multiple models. In >Designer we have been doing that with Application Folders.There are no application folders in data Modeler. You can use subviews to define your subject areas. Subview is crated for each application (folder) during import form Designer repository.
    Philip

  • Assigning role to role doesn't work when applying Database security model

    I applied Oracle Database security model for BI Publisher.
    then I create some roles and users and assigned roles to users in Oracle Database.
    i also assigned appropriate folders to each role in BI Publisher.
    the users with direct roles worked successfully but i got problem when i assigned roles to a super role, and assigned this role to a super user.
    the super user could only access guest folder.
    Please help me.
    thanks.
    Daniel
    Edited by: user13344498 on Jul 5, 2010 11:13 PM

    Add a Role to a Role:
    1. From the Security Center, select Roles and Permissions; this will invoke the
    Security Center page. Here you can see the list of existing roles and permissions.
    2. Select the Add Roles icon for the Role.
    3. Select the desired role from the Available Roles list and use the Move shuttle
    button to move it to the Included Roles.
    this is from "Oracle® Business Intelligence Publisher User's Guide Release 10.1.3.2 Part No. B40017-01" book, but the security model is BI Publisher Security.

  • Advice on Security Model Architecture..

    Hi all,
    Just looking for the advice of the experts :)
    I am working on the security model architecture for multi-tiered java application. The application architecture breaks down roughly as follows:
    Presentation Layer (JSP/Java)
    Business Layer (Java)
    Persistence Layer (JDBC/Oracle DB)
    Now, in the DB we will preserve information about various users, as well as the user's application permissions. My question pertains to authentication/authorization. Where is it most appropriate or efficient to verify a user's access to a functionality? Assume that the user and permission information is retrieved upon login and is made available to all levels.
    The options, as I see them, include the following:
    Presention layer - UI exposes only functionality applicable to the user.
    Business layer - Encode the logic in this facade for the backend.
    Persistence layer - Encode the logic in the data access objects.
    Any thoughts?

    Well, the layered approach is one way in which java applications are constructed.. the user interface is the top layer, which is composed of jsp files and other java files, and the objects that talk to the database are the bottom layer. Maybe an example would help..
    You're looking at a page on the Java Discussion Forums. It's a jsp page. You click on the 'Watches' link (upper right). The link points to a servlet, which calls a method in an object that is in what I call the "business" or middle layer/tier. An object in this layer has methods that correspond to any request that needs to be made of the db.
    This method in turn calls method/methods in the backend, or data layer, which queries the database and returns the watches for this particular user...
    So, if you have a request/response transaction (click on a link or button, processing, and new page is loaded), it would make a round trip through the layers:
    Presentation -> Business -> Data -> DB -> Data -> Business -> Presentation

  • Payroll Run request not showing Payroll LOV in Oracle HRMS R12.0.6

    Dear All,
    We implemented Oracle HRMS R12.0.6 to one of our client. But we are facing an issue. We create a responsibility for our payroll user and assign modified menu and Glb Shrms Process and Reports request group to it. We set the profile options (HR:Business Group, HR:Security Profile and HR:User Type) on this responsibility. when we are going to run payroll from this responsibility then on Payroll Run request the LOV of Payroll parameter doesn't show values. Kindly, if any one can have idea related this then please update. Its very urgent..
    Thanx In Advance.
    Regards.

    i don't recall the details, but you have to add a hidden forms function to your menu, so that the concurrent inherits the settings of the caller, so that the LOV's of your concurrent behave.
    Look into the seeded responsibilities, and look for a hidden forms function like multiform or so.
    If it is this, then the issue has nothing to do with 12.0.6 , but is linked to the fact you build your custom menu from scratch.

  • Sox compliance in Oracle HRMS

    Hi,
    I am looking for standard policies during implement Oracle HRMS. Such as:
    System architecture and processes to identify issue.
    Integration process. What is kind of data encryption while in transit?...
    Security Gaps
    Sensitive Data Leaks
    Non secure/Improper access
    Non secure/Improper Files
    Potential holes in the Database, OS, Application Layers.
    If you have any idea/suggestion, please kindly let me know.
    Thanks in advance.
    Hieu

    You can explore GRC 8.6.4 to meet some of your requirements:
    1. GRCM for documenting and testing the process, risks and controls
    2. AACG for access monitoring and prevention etc.
    Thanks

  • In oracle hrms

    would like to know what are the roles of a system administrator in an oracle hrms erp system
    thank you for all ur comments in advance!

    A System Administrator is a person responsible for controlling access to Oracle Applications and assuring smooth ongoing operation. Each site where Oracle Applications is installed needs a system administrator to perform tasks such as:
    • Managing and controlling security
    • Setting up new users.
    • Auditing user activity.
    • Managing concurrent processing.
    This is reponsibility is not specific to HRMS and its centerally required to for all ERP products.
    For more details you can check
    http://docs.oracle.com/cd/A91130_01/acrobat/115saug.pdf
    Thanks

  • Oracle HRMS Setup Issue with Business Group

    Hi Gurys.
    need your ugrent help.
    i am implementing Oracle HRMS on 12.1.1
    Steps
    --- Responsbility Creation
    1- Responsbility Creation XX_HRMS (Responsbility created through Sysadmin)
    2- Menu Option GLB SHRMS Navigator
    -- USER Creation
    1- Create user XX_USER (User Creation done through Sysadmin)
    2- Below Responsiblities are granted to new User HRMS)
    -Application Developer
    -System Administrator
    -XX HRMS
    -System Administrator
    --KFF Creation through XX_USER with System Administrator
    --Location Creation through XX_USER with XX_HRMS Responsbility
    --Business Group creation through XX_USER with XX_HRMS Responsbility
    Here is issue, Business group created and saved, upon search it's not showing business group.
    i change the responsbility to System Administrator and set the profile at system level
    HR: Business Group to newly created Business Group.
    but when i want to set HR:Security profile , business group is not visible

    Thanks for your reply .
    1- avigate to the oraganization window and search for the business groups? how many do you see ? What are the names ?
    It show all the business grup , names are in query result below
    2- What is the result of the query -
    Select * from per_business_groups
    below is the query result
    NAME |DATE_FROM|LOCATION_ID|SHORT_NAME|LEGISLATION_CODE|CURRENCY_CODE|ENABLED_FLAG
    FAYYAZ GB |1/1/1990 |142 |Setup |US|USD|Y
    FAYYAZ |2/8/2011 |142 |Fayyaz |PK|USD|Y
    XX_TEST |2/8/2010 |142 |XX Test |GB|GBP|Y
    XX Company Final |2/8/2011 |142 |XX Company Final |GB|GBP|Y
    XX Company |2/8/2011 |142 |XX Company |GB|GBP|Y
    XX Comapny |2/8/2011 |142 |XX Company |GB|GBP|Y
    TEST |2/8/2011|142 |TEST |GB|GBP|Y
    3- Naigate to the security profile window. How many security profiles do you see ? What are the business groups they are associated with ?
    there is no business group showing in security profile, nor at site level not at responsbility.

  • Security models available in Portal

    We are doing some investigation working with Oracle Portal and the client had come back asking about using security models in Portal. I have been trying to gather information on this but not much seems to be available. Any sort of info would be helpful as we are really running short on time. Thanx a lot!
    Karthik

    Thank you for your reply. The logical server name is dbfpdm01.
    I have tried to use the Powershell commands to downgrade, using the commands shown
    HERE
    (using S2 as serviceobjective, because S3 was not available apparently, and using the -Edition Standard, instead of Premium)
    But I'm not sure if this worked. The command
    Get-AzureSqlDatabase -ServerName "dbfpdm01" -DatabaseName "dbfpdm01"
    does not return. (read: it hangs my powershell session)
    Regards,
    Tim

  • UCM Folders custom alternate security model

    Hi All,
    Im working on a Proof of Concept using UCM 10GR3 and we need help from you guys.
    The content will be categorized using the Folders structure from the Oracle Folders Component.
    Let’s look this example:
    1. The user DANIEL creates the folder A and sets who will have access (R,RW,RWD,RWDA);
    2. DENIS another user from UCM get permission to access the folder A and starts to create his own Folders (A1, A2, A3) and defines who will access these Folders and their permissions but if he doesn’t set access permission to DANIEL he (DANIEL) won’t be capable to see these Folders content .
    So, this security model is defined for each Folder and won’t be hierarchical.
    I`ve already explained for the customer about possible problems with inappropriate content stored inside some users Folders and the lack of permission from their superiors to control this.
    But they don’t want to go another way.
    This customer didn’t like UCM Collaboration Manager concept of Projects, Dashboards and so on.
    They prefer Folders with this ‘ Custom’’ security model because simplicity and not hierarchical security model are crucial points.
    Is there any case about the use of this security model or some ideas about how do that for Oracle Folders?
    Best Regards
    Daniel

    I think accounts can do the trick. You'll have to write a component that automaticcly creates account if someone adds a folder.
    With accounts you can give someone permission in a hierarchical way. You define for example an account A/1 A/2 A/3
    If Daniel creates a folder your component can automaticlly create an account A
    If Denis creates a folder A/1 your component would create A/1
    If daniel grants denis the A account he gets permission to the A folder
    if Denis don't grant daniel the A/1 account. he doesn't have acces to that folder. Is that what you wnat?
    There is a small problem with this construction and that is that a user normally can't grant, revoke accounts. It's done in the user admin applet so you're component would normally add some functionallity so users could add delete accounts but that't kinda tricky...

  • Publisher: BI_SERVER security model.

    Hello Guys,
    I read a couple of time now to change
    <property name="SECURITY_MODEL" value="BI_SERVER"/>
    to
    <property name="SECURITY_MODEL" value="XDO"/>
    but this means I dont have all the users I got in my BI_SERVER security model.
    I cant add those 200 users again in the XDO security model.
    The problem is that when I change it to BI_SERVER none of the logins work.
    Why is that?

    Hey,
    On the surface it sounds like you have everything setup properly.
    You have the appropriate groups setup in Bi Server:
    XMLP_ADMIN
    XMLP_ANALYZER_EXCEL
    XMLP_ANALYZER_ONLINE
    XMLP_DEVELOPER
    XMLP_SCHEDULER
    XMLP_TEMPLATE_DESIGNER
    You do NOT need to add any of your BI Server users to these groups.
    I think an few updates to your xmlp-server-config file may get you there...
    Check your BI_SERVER_SECURITY_DRIVER and BI_SERVER_SECURITY_URL settings.
    My settings are below for my xmlp-server-config
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <xmlpConfig xmlns="http://xmlns.oracle.com/oxp/xmlp">
    <property name="SAW_SERVER" value="OBIEE_SERVER"/>
    <property name="SAW_SESSION_TIMEOUT" value="90"/>
    <property name="DEBUG_LEVEL" value="exception"/>
    <property name="SAW_PORT" value="80"/>
    <property name="SAW_PASSWORD" value="password"/>
    <property name="SAW_PROTOCOL" value="http"/>
    <property name="SAW_VERSION" value="v4"/>
    <property name="SAW_USERNAME" value="username"/>
    <property name="SAW_URL_SUFFIX" value="analytics/saw.dll"/>
    <property name="SECURITY_MODEL" value="BI_SERVER"/>
    <property name="BI_SERVER_SECURITY_DRIVER" value="oracle.bi.jdbc.AnaJdbcDriver"/>
    <property name="BI_SERVER_SECURITY_URL" value="jdbc:oraclebi://OBIEE_SERVER:9703/"/>
    <property name="BI_SERVER_SECURITY_ADMIN_USERNAME" value="username"/>
    <property name="BI_SERVER_SECURITY_ADMIN_PASSWORD" value="password"/>
    </xmlpConfig>
    Let me know how it goes...

  • Oracle HRMS standard policies

    Hi,
    I am looking for standard policies during implement Oracle HRMS. Such as:
    System architecture and processes to identify issue.
    Integration process. What is kind of data encryption while in transit?...
    Security Gaps
    Sensitive Data Leaks
    Non secure/Improper access
    Non secure/Improper Files
    Potential holes in the Database, OS, Application Layers.
    If you have any idea/suggestion, please kindly let me know.
    Thanks in advance.
    Hieu

    Did you see HRMS docs? -- http://www.oracle.com/technetwork/documentation/applications-167706.html
    Thanks,
    Hussein

  • Error while confgiuring Siebel Bi Publisher Security Model..

    Hi,
    Steps Done
    1)     Imported the BIPSiebelSecurityWS.XML
    2)     Replaced Existing address with the specific address of the Siebel Server
    3)     Enabled Local Super user checkbox, entered a Super user name and password
    4)     Configured the Siebel Security Model by pointing the Siebel Web Service end point with Siebel Username/Pwd
    5)     Restarted the Bipublisher
    6)     When I try to login to Bi Publisher with Siebel Credentials I am getting the error
    The server cannot be used due to configuration error, please contact admin..
    Please let us know the necessary steps ..

    Login using the credentilas used for super user. Siebel user do not work here, it will only fetch the responsibilities here as a roles for that super user.
    Thanks,
    Ravi kanth

Maybe you are looking for