Security rules in apps EUL

Similar Messages

• Can VPD Virtual Private DB in 10g replace Oracle Apps security rules?

  I read the recent article in Oracle Magazine called 'Testing Database Security', especially the section on Virtual Private Database (VPD), caught my attention. Can this feature of the 10g database be used by the Oracle Apps to restrict access to data through the apps login? We just moved to 10g.
  Our current data security is enabled by leveraging security rules attached to responsibilities. Our security rules restrict by operating unit, of which there are 89. It would be great if VPD could be used, as it might replace the need to create 89 separate security rules. We would maintain just one set of policies.
  Does anyone know if this can be used on the applications level? If anyone has done this, do you know of a documentation link that would help?
  Thanks for your insight.

  Sebes,
  Thanks for the link...it sounds like it may be part of the Oracle future landscape, but for now, we will have to live with security rules.
  Sincerely,
  Brenda

• Export and import of Apps EUL

  I have a Apps EUL and use an Apps user id to work in Discoverer Administrator. This is what the Oracle documentation says and it has been working fine.
  Now I want to export the EUL but when I start the process I get a message that the user does not have access to all the objects and that only the accessible objects will be exported. Shouldn't the Discoverer Manager/Administrator be able to do a full export?
  To get around this problem, I have now been advised to use a database user (the EUL owner) to do the export and import with. Is this the correct way? The Oracle documentation suggest that a database user should never administrate the Apps EUL. Are exporting and importing somehow exluded form this rule?
  Thanks!

  Hi Aparna!
  The Apps EUL was created using a database user. Since then, the EUL has been administered by a Apps user that is dedicated to EUL administration.
  The documentation actually recommend that you create the Apps EUL with a database user and from there on administer the Apps EUL with the Apps user SYSADMIN. My company policy doesn't allow me to use SYSADMIN so I have a "custom" Apps user that I use to do all EUL administration. If at all possible, you should try to use SYSADMIN.
  The guides and website don't really have a step by step guidance as far as I can remember, more explanatory. I would suggest an email to Michael Armstrong-Smith of the learndiscoverer website. He has helped me alot with this particular subject!

• Oracle Apps EUL with Custom Discoverer Views

  Disco Environment:
  OracleBI Discoverer 10g (10.1.2.2)
  Oracle Business Intelligence Discoverer Plus 10g (10.1.2.54.25)
  Discoverer Model - 10.1.2.54.25
  Discoverer Server - 10.1.2.54.25
  End User Layer - 5.1.1.0.0.0
  End User Layer Library - 10.1.2.54.25
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bi
  Oracle Applications R12 EUL
  All,
  Up until now, we have been placing our Discoverer custom views in our apps schema. From a "keeping track" perspective and from a "keep Disco views separate from apps" perspective, we are inclined to create a custom schema to place all of our custom Discoverer views. I have heard that Noetix does this as well.
  To accomplish this, we were planning to provide a grant select to all tables, views and synonyms (with a limited execute rights to some packages).
  The easiest thing to do is to keep on doing what we are presently doing. We have a naming schema in place that enables us to quickly identify all custom Disco views.
  Can I have people whom have implemented a custom schema for their Disco views in apps let me know how this has worked for them? This type of Disco environment appears to require a lot of communication between the Disco staff and the DBA to make sure these grants are set-up correctly.
  Thanks,
  Patrick

  Hi,
  All the eBS sites I have worked on have created the majority of their custom views in the APPS schema using a naming convention to separate them from the seeded views. The reason being is that the SQL in the view (including all the function calls) is run with the privileges of the owner of the view. If the view is defined in another schema, then this schema must have access to the APPS database objects which can be a lot of work to set up because it is very hard to identify the dependencies and unnecessarily opens up the security on the APPS schema.
  Where the data is held in custom tables and there are views on these custom tables, then both the tables and the views are held in a separate schema.
  Rod West

• Accounting FlexField Security rules

  Hi,
  I want to know is it possible that i create one Accounting FlexField Security Rules and assign to specific user / Responsibility ?
  If is it possible plz let me know how is it possible?
  Regards,
  Yasir

  when i recompile the flexfield there is complete with error in log file
  Oracle error 905: ORA-00905: missing keyword
  ORA-06512: at "SYSTEM.AD_DDL", line 165
  ORA-06512: at line 1 has been detected in afuddl() [3_xdd].
  do_ddl(APPLSYS, SQLGL, 2, $statement$, AASML VIEW): private_do_ddl(APPS, APPLSYS, GL, 2, $statement$, AASML VIEW): do_cd_view(0, APPS, 2, AASML VIEW, $statement$): : do_apps_ddl(APPS, $statement$): : substr($statement$,1,255)='CREATE OR REPLACE VIEW AASML VIEW
  (ROW_ID, CODE_COMBINATION_ID, COMPANY, OPERATING_UNIT, DEPARTMENT, GL_ACCOUNT, PRODUCT, PROJECT, INTERCOMPANY, FUTURE_USE, GL_ACCOUNT_TYPE, GL_CONTROL_ACCOUNT, RECONCILIATION_FLAG, DETAIL_BUDGETING_ALLOWED, DETAIL_POSTI'
  CREATE OR REPLACE VIEW AASML VIEW
  AS SELECT 'View generation has failed. Check log file for error messages' VIEW_HAS_FAILED_CHECK_LOG_FILE
  FROM SYS.DUAL

• Implementing Function Security in Oracle apps.

  I wanted to restrict certain menus in Payables manager for a particular user. How should i implement it? Is there any live example of implementing function security in oracle apps? Please Help.

  Hi,
  One approach is to create a custom menu and attach to it all the menus and functions you want and the add this menu to a new responsibility. But this is not the best way to solve the issue because you have to define different menus + responsibilities for each different user. Other way is to create roles which can be assigned to users.
  Thanks,
  Bahchevanov.

• Creating a NEW Oracle APPS EUL , How to get Oracle BI Objects in new brand

  Hi there
  We upgraded Oracle Discoverer 4i to Discoverer 10g and during the upgrade process DBA upgrade the EUL5 in the same schema.
  Now That schema is corrupt.
  I have to create a new Brand EUL for Oracle APPS Business Intelligence Views 11.5.10.2.
  What steps I can follow.
  1)     DROP the existing schema at Database.
  2)     Using Discoverer Admin login through SYSTEM Account
  3)     Create the APPS EUL
  4)     Now What to do to get the Business Intelligence APPS Views in my new APPS EUL?
  Is there any process I need to run to get Business Intelligence Views.
  Thanks
  JOJI

  JOJI,
  It is a "non-destructive" upgrade/migration. This is why you have the EUL4 and EUL5 objects in the schema. This allows you to migrate your users in a controlled fashion if desired as it keeps the Discoverer 4i EUL intact.
  What Jose, is describing is that you can drop the EUL5 objects (via the 10g Administrator -drop the EUL or manually) and then perform the upgrade again.
  If you do decide to create a new 10g (eul5) EUL, then the following MetaLink Note describes how to import the Business Intelligence Business Areas and Generate the Business Views.
  Note 316463.1     Using Discoverer 10.1.2 with Oracle E-Business Suite 11i
  I hope that helps,
  Regards,
  Steve.

• Standard Oracle report for the "security rules define/assign"

  Dear all:
  Is there any Standard Oracle report to show the :"Application --> Setup : Financials : Flexfields : Key : Security " flexfield "security rules define/assign" ?
  Regards
  Terry
  Edited by: Terry Chen on 2010/5/4 上午 2:27

  yes i believe there is one report in sysadmin or gl which shows this.

• KFF Security Rules question

  Hi,
  I developed a custom page which has an Accounting KFF. I then defined security rules to exclude certain accounts for a particular responsibility and assigned the rule to the responsibility.
  When I am testing I see that the account is still shown in the KFF LOV and the users are able to select the account.
  Can someone point out what am I missing.
  We are on 11.5.10 RUP4.
  Any pointers are greatly appreciated.
  Thanks
  Srinivas

  Any help on this is greatly appreciated...
  Thanks a lot in advance.
  Srinivas

• SAP GUI 7.20 Security Rules - How to 'Always Allow' Everything?

  The SAP GUI 7.20 comes with a list of security rules.
  What is the best way to allow all access so that user's wont get any security prompts?

  @Sven, section 2.5 refers to 'Central Repository for Security Configuration'. Like Michael, I have a large number of users and we package and distribute software using non-SAP software. We can't have a central repository that all users can connect to so the 'Location' registry entry wouldn't work for us.
  @Michael:
  > Under the SAP GUI Configuration / Security / Security Settings you can change the default of "Customized" to Disabled.
  Do you mean 'Default Action = Allow'? Mine is set to that, but I still get pop-up prompts.
  Would setting 'SecurityLevel = 0' result in the SAP GUI have the required result?
  I realise that this process would need to be followed:
  - Administrator should install a new version of the SAP GUI 7.20 onto a PC
  - Administrator should edit the registry values using the rule editor in the 'Security' node of the SAP GUI options dialogue
  - A saprules.xml file will then be generated
  - The saprules.xml file should then be copied from the %APPDATA%\SAP\Common folder to the location specified in the registry value 'Location' (maybe make Location a folder on the PC? and put the saprules.xml file into there?)
  - The saprules.xml file in the location specified in the registry value 'Location' will not be overwritten by SAP GUI patches or new installations, however it may need to be updated to include new features
  Note:
  - Registry values are stored in different places for 32 bit and 64 bit PC's

• Cross validation & Security rules

  Hi,
  In a typical business scenarios which are the code combinations recommended for
  i)Cross Validation rule
  ii)Security rule
  to have better control?
  Thanks

  Hello.
  It depends on your needs. Suppose you have 2 (01, and 02)companies sharing the same Chart Of Accounts. In order to avoid entering journals from company 01 into company 02 you should create a security rule to reject all code combinations starting by 01 when a Responsibility from company 02 is being used.
  Cross validation rules are used to avoid the creation of code combinations that you may think as inappropriate within the company itself. For example, to use the Cost Center segment when the Account segment is not a cost or a revenue.
  Octavio

• Cross Validation Rules & Security Rules

  Hi all,
  Is there any one who knows where I can function/package for cross vaildation rules & security rules in GL Modules?
  I need them for our customization form before all transaction move from custom table and API table. It means we need to validate all transactions correctly in our custom form before its generated into transaction table in particular module.
  I appreciate any info.
  Thanks

  Hi,
  Thanks for your reply.
  Actually we a have customization form and interface. Due the customization programs need to use CVR, I need to know if there's a package/function/script to call this CVR procedure that we can attach to our customization programs. Before we send the transactions to API (open interface table) we already make sure there's no problem in accounting (code combination) since we activated CVR for generating account combinations.

• Security Rules in Oracle Financials GL

  I have defined security rules in Oracle Financials GL version 11.0.3. The security rules can be applied in form level.
  e.g For account inquiry, only limited accounts can be viewed.
  But for all reports in Oracle Financials, it's not restricted by the rules. How can I applied those rules in reports as well?

  Unfortunately data in standard and bespoke oracle reports is not restricted by security rules by default.
  Security can be enabled for FSG reports.
  If you need security rules to be applied to standard reports, I am afraid, you need customization.

• Install Std. Apps EUL Disco 4i

  Hi All,
  I've been trying to migrate the Std Oracle Apps EUL to discoverer... it runs for about 2 hours via MKS Toolkit - but gives the following type of errors, e.g.:
  '\discover\US\amsamsppsttslflo.eex:The import process did not import or modify any data'
  I ignore these as per instructions from Oracle's White Paper.... However even though the log file says:
  'Import completed successfully.'
  'adupdeul is exiting with status 0'
  No business areas/std EUL is created ! Anybody know why and how to get around this... appreciate any pointers given.
  Thanks
  Sandy

  Okay ... maybe I'm on the right track.
  Let's say you 'generated' your BIS views in Oracle Apps (whoops ... enterprise suite ... will never get that!) with the user bis_view_generator_guy ('ya ... as if) ... and they're in the database.
  Well, Oracle Apps has given all the good stuff to that user: bis_view_generator_guy.
  I know sysadmin is the power user in the Oracle database (and that's another issue for having sysadmin own the EUL ... but for another day), but in this case, it may well be the case that sysadmin is not allowed to see the bis views or the tables they point to (ie: no grants to sysadmin).
  I realize this may sound wierd, but sysadmin is NOT the power user for Oracle Apps, just for the Oracle database.
  So, it may be the case - as I don't have my BIS documentation on me - that you do not import the stuff as sysadmin, but as the bis_view_generator_guy.
  This may not be exactly correct, but I still believe it's in this area.
  If you have the documentation for importing the BIS .eex file, see what it says about this. I know it used to lay it out.
  Russ

• UMX - Can I setup Data Security in UMX similar to Security Rules?

  Hi;
  Is it possible to setup something similar to Security Rules in UMX? I would like to grant the same Role to different users, and assign these users different security. All my reading of UMX so far has pointed me to creating objects and granting security permissions, but I don't know how to go about implement it. If one of you has successfully implemented this, can you please share your steps?
  Thanks, Al

  Hi Al,
  restricting FND... Tables is maybe not the best idea. You should always use standard functionality to achieve the same (if available).
  1/ Is your request related to an Oracle Standard Form, if yes, which one?
  2/ Do you talk about the GL Code Combination? Would you like to restrict a value from this segment?
  3/ Data Security is a very low level technique, if you use it, such a person where the rule is enabled can never and nowhere see "removed" lines (values). Not in other forms, not in reports, not in interfaces or concurrent requests. So if you use it, be very careful.
  Please send your email address to me, my one you can get by clicking on my name.
  Thanks
  Volker