Service Interface Security Profile & Idempotency

Similar Messages

• 'owspe:PolicyAccess' error while invoking ADF BC Service Interface

  Hi,
     I have deployed a custom ADF BC Service Interface application to a standalone weblogic server. On invoking the service interface i get the following error in response.
  <env:Envelope
    xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header/>
  <env:Body>
    <env:Fault
      xmlns:owspe="http://schemas.oracle.com/ws/policy-enforcement-2007-06">
     <faultcode>owspe:PolicyAccess</faultcode>
     <faultstring>PolicySet Invalid: WSM-02557 oracle.wsm.policymanager.accessor.BeanAccessor The documents required to configure the Oracle Web Services Manager runtime have not been retrieved from the Policy Manager application (wsm-pm), possibly because the application is not running or has not been deployed in the environment. The query "&(@appliesTo~="WS-Service()")(policysets:global/%)" is queued for later retrieval. </faultstring>
     <faultactor/>
    </env:Fault>
  </env:Body>
  </env:Envelope>
  I have deployed the same .ear file to my local weblogic server and got no error while invoking the WS.
  Please suggest if any configuration needs to be done at weblogic server or to the ADF application.
  Regards,
  Himanshu

  Hi Timo,
             No Luck.. Still getting same error. My ADF BC Custom Service Interface deployed on integrated weblogic server works fine.When i deploy the same EAR to Standalone weblogic server then i'm getting following error on invoking WS method.
  <env:Envelope
    xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header/>
  <env:Body>
    <env:Fault
      xmlns:owspe="http://schemas.oracle.com/ws/policy-enforcement-2007-06">
     <faultcode>owspe:PolicyAccess</faultcode>
     <faultstring>PolicySet Invalid: WSM-02557 oracle.wsm.policymanager.accessor.BeanAccessor The documents required to configure the Oracle Web Services Manager runtime have not been retrieved from the Policy Manager application (wsm-pm), possibly because the application is not running or has not been deployed in the environment. The query "&(@appliesTo~="WS-Service()")(policysets:global/%)" is queued for later retrieval. WSM-02557 oracle.wsm.policymanager.accessor.BeanAccessor The documents required to configure the Oracle Web Services Manager runtime have not been retrieved from the Policy Manager application (wsm-pm), possibly because the application is not running or has not been deployed in the environment. The query "/policies/oracle/wss_http_token_service_policy" is queued for later retrieval. </faultstring>
     <faultactor/>
    </env:Fault>
  </env:Body>
  </env:Envelope>
  Could it be related to some Security: Roles or policies ?
  Regards,
  Himanshu

• Failure in SDOSerializer.deserialize - Invoking AMImpl's Service Interface

  Hi,
  I have a typical Issue while invoking a Service Interface creation using ADF BC.
  Steps done:
  1. I generated the service interface using AMImpl.
  2. Modified the WSDL to include soap headers.
  <wsdl:input>
  <soap:body use="literal"/>
  *<soap:header message="tns:getTransactionHeader"*
  part="transaction" use="literal"/>
  </wsdl:input>
  <wsdl:output>
  <soap:body use="literal"/>
  *<soap:header message="tns:getTransactionHeader"*
  part="transaction" use="literal"/>
  </wsdl:output>
  3. Modified the Service classes (Service.java and ServiceImpl.java) to include the holders for the soap headers.
  Now the method looks like this in the Service.java class:
  List<SellingDayCalendar> getXYZ(@WebParam(mode = WebParam.Mode.IN,
  name="unitName")
  String unitName, @WebParam(mode = WebParam.Mode.IN, name="salesDate")
  Timestamp salesDate, *@WebParam(name = "transactionHeaderType", mode = WebParam.Mode.INOUT,*
  targetNamespace =
  *"/com/gm/vstar/model/core/common/",*
  header = true, partName = "transaction")
  Holder<TransactionHeaderType> transaction
  ) throws ServiceException;
  4. I have created the POJO class called TransactionHeaderType.java which implements Serializable interface.
  While I run the service by including headers or try to invoke the proxy from my JSF page, I get the following exception:
  Target URL -- http://localhost:7101/MyServicesApplication-MyServicesModel-context-root/MyService
  <ServerMessages> <severeMessage> oracle.webservices.provider.ProviderException: oracle.j2ee.ws.common.databinding.common.spi.DatabindingException: Failure in SDOSerializer.deserialize.
       at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:494)
       at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:1187)
       at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:1081)
       at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessing(ProviderProcessor.java:581)
       at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:232)
       at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
       at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:459)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.jbo.server.svc.ServiceContextFilter.doFilter(ServiceContextFilter.java:78)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
  Caused by: oracle.j2ee.ws.common.databinding.common.spi.DatabindingException: Failure in SDOSerializer.deserialize.
       at oracle.j2ee.ws.common.databinding.runtime.sdo.SDOSerializer.deserialize(SDOSerializer.java:383)
       at oracle.j2ee.ws.common.jaxws.runtime.SoapInvocationSerializer.deserialize(SoapInvocationSerializer.java:298)
       at oracle.j2ee.ws.server.jaxws.SoapEndpointSerializer.deserializeRequest(SoapEndpointSerializer.java:86)
       at oracle.j2ee.ws.server.jaxws.ServiceEndpointRuntime.processMessage(ServiceEndpointRuntime.java:320)
       at oracle.j2ee.ws.server.jaxws.ServiceEndpointRuntime.processMessage(ServiceEndpointRuntime.java:196)
       at oracle.j2ee.ws.server.jaxws.JAXWSRuntimeDelegate.processMessage(JAXWSRuntimeDelegate.java:479)
       ... 34 more
  Caused by: oracle.j2ee.ws.common.databinding.common.spi.DatabindingException: Deserialization failure. Invalid data type: com.gm.vstar.model.core.common.TransactionHeaderType
       at oracle.j2ee.ws.common.databinding.runtime.sdo.SDOSerializer.deserializePrimitives(SDOSerializer.java:520)
       at oracle.j2ee.ws.common.databinding.runtime.sdo.SDOSerializer.deserializePart(SDOSerializer.java:470)
       at oracle.j2ee.ws.common.databinding.runtime.sdo.SDOSerializer.deserializeNewPart(SDOSerializer.java:432)
       at oracle.j2ee.ws.common.databinding.runtime.sdo.SDOSerializer.deserialize(SDOSerializer.java:362)
       ... 39 more
  <ServerMessages> <severeMsgServletException> An error occurred for port: {com/gm/vstar/model/utility/service/applicationmodule/common/}MyServiceSoapHttpPort: oracle.webservices.provider.ProviderException: oracle.j2ee.ws.common.databinding.common.spi.DatabindingException: Failure in SDOSerializer.deserialize..
  Any solutions would be appreciated.
  Thanks,
  Ajith

  Hi,
  its JDeveloper and ADF on this forum. For EM related questions, you should try the EM forum
  Frank

• Security profiles

  Hi all,
  when I create a web service from a function module... I can configure a security profile (e. g. low, medium, high, none)
  What are the difference between these security profiles?
  regards

  Use these transactions -
                                                                                  S_BCE_68001393         Users by address data              
  S_BCE_68001394         Users According to Complex Criteria
  S_BCE_68001395         Users According to Complex Criteria
  S_BCE_68001396         Users According to Complex Criteria
  S_BCE_68001397         Users According to Complex Criteria
  S_BCE_68001398         Users According to Complex Criteria
  S_BCE_68001399         Users According to Complex Criteria
  S_BCE_68001400         Users According to Complex Criteria
  and see which one suits you.
  Cheers .
  Sanjay

• Creating Entity Object from Service Interface - JDeveloper version 11.1.1.3

  In our project, we don't intend to have any JDBC connection to a database and want to create all my entity objects using SDO web services deployed in a remote server. I could create an entity object based on a SDO web service deployed in the standalone WL server successfully. But at the time of Development,when I select ADF Business Component --> Entity Object, it always takes to a screen that prompts for a JDBC connection, if you have no connection defined in the project yet. To bypass this, I need to create a valid connection to a local DB and then I can go the next page that prompts me to to choose service interface and asks for a WSDL URL. How do I get around creating a JDBC connection and create a service interface based data source directly?
  To get around this issue, I created a connection to a local DB by providing a wrong password to make sure that we don't need a valid db connection. The application module (Business Component Browser) works fine when the DB connection is broken. But when I create a JSF page and put the data control there, if we don't have the DB connection established it gives error during deployment.I tried deleting the unused connection, but that gives a lot of errors during deployment. My question is;
  1. How can I create a service interface based data source by-passing the requirement for a connection?
  2. If that's not possible - how can I cleanly delete the JDBC connection and all it's dependencies, so that, it deploys and runs without error

  Frank,
  Thanks for your response.
  I have made some progress in last two days and solved some of the original issues. I deleted the fake JDBC connection from connection.xml that I had to use to go to the second screen that lets me select the WSDL for the service interface. After that, I checked off the "Auto Generate and Synchronize ..." option from Application --> Application Properties --> Deployment. (thanks to Steve Muench's blog post on this subject). After that, I could deploy the JSF page and the page shows up with no problem.
  However, when I try to run the App Module that was created from the WSDL (service interface), it brings up a pop-up with heading "Password Required" that says "Enter the password for" and asks for a user name and password (not sure what they are as they take any value and takes me to the next screen). After that, I can open the View and navigate through it. When i change some data and try to commit - it makes the change to the data and stores in the DB but gives an error saying "(oracle.jbo.NotConnectedException) JBO-25200: Application module is not connected to a database."
  Also, the data control created from the service interface had operations called Commit and Rollback. I used the Commit on JSF page and that does the exact same thing too. Any idea?
  Also - when we consume a SDO WSDL to create the entity object - how can we access the SOAP Request and Response objects? We have to implement WS-Security by instrumenting the SOAP header and need to get a handle on that. Is there a mechanism similar to JAX-WS handler framework for SDO?
  R,
  Chandan

• List of Employees through custom security profile - SSHR

  Hi,
  A coordinator sitting in a region required access to all those employees who are coming in his region. This thing has been done and tested in PUI using custom security profile but can we give the same access to coordinator at Self service level, so that it can view employee detail and take necessary actions against employee.
  Thanks
  Ayaz

  You can indeed use the same Security Profile to control access through Self Service. In Self Service, you will need to use the Simple or Advanced Search to find these people because the default hierarchy that is displayed won't render.
  Often it is useful to add a personalization message to the Search region so that the users know to find people this way, eg:
  "To find employees in your region, please enter their Last Name in the Search box and hit Enter."

• How to set users level security profiles and auditing?

  hi,
  We are using EBS 12( 12.0.6 ) with database 10g (10.2.0.3) on Linux redhat 4.
  I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
  infos and attempts should be audit.
  Please also explain the empact of audit on running system?
  Thx

  I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
  infos and attempts should be audit. https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+API&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+Audit&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  Please also explain the empact of audit on running system?https://forums.oracle.com/forums/search.jspa?threadID=&q=Auditing+AND+FND+AND+Profile+AND+Option&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
  Try this in a TEST instance before you promote it to Production.
  You will need to bounce the application services and enforce the users to sign off/on after setting those profile options.
  Thanks,
  Hussein

• Security Profile not taking effect.

  Hi,
  I created a new responsibility such is pretty much a  cut down version of Oracle standard ' Manager Self Service' responsibility.
  I have created a new security profile which I want it to restrict the list of employees to a particular person i.e 'John Smith'. The user of this responsibility should only be able to process manager self service function for John Smith.
  I have then attach the security profile to the responsibility and bounched Apache. But after testing the responsibility it is producing the list of employees who the user is supervisor of. I dont't want it to list the user's employees, I want it to bring up just John Smith.
  Please what am I missing? Why is it base on supervisor hierarchy and not my security profile?
  Regards
  TL

  Vignesh,
  What I  am saying is when I create security profile and attach it to the responsibility my security changes is not reflecting at all. The responsibility I created is similar to seeded 'Manager Self Service'.The list of employees it shows on self service is based on supervisor hierarchy.I want to know how it knows to produce employees using supervisor hierarchy and why its not producing the list of employees as defined in the security profile.
  I have even made a change to another security profile, by changing the top organisation. After I assign this security profile to the seeded 'HR Profession V4' responsibility it doesn't reflect the change. This responsibility is still able to see everyone in the business and not restricting it to the top organisation.
  Is there a step I'm missing? Is there a menu function that is overriding my security profile?
  Regards
  TL

• Firefox says Google Services is Secure Connection Failed (sec_error_inadequate_key_usage). It does not give me an option to load the page anyway.

  Detailed error message is below shown :
  Secure Connection Failed
  mail.google.com uses an invalid security certificate. The certificate does not come from a trusted source. (Error code: sec_error_inadequate_key_usage)
  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
  Try again
  I am using Windows 7 ultimate and I have Kaspersky Anti virus 2013 for internet security.
  I am using Firefox version 30.0.
  I have tried opening google services with different profiles(guest, administrator,standard user) but each time the same error messages are displayed and google services can not open.
  Is this problem is created because of missing authorities certificates? I am using firefox on another computer but it has more authorities certificates than this computer with error message. In other computer google(search, mail, maps etc.) services are working correctly.

  It may be Kaspersky intercepting your secure connection to Gmail.
  Try to start Windows in safe mode with networking enabled to verify if this is the case.
  Do you see this problem with other secure sites too?

• Make a security profile available to device

  Hello!  Newbie question here.
  I thought I'd try to get a few IP phones configured to encrypt their media streams.  Seems I needed
  to create a security profile that the phones could be configured with.  That seemed to work.  But then when I access the phones' device properties page I can not select the security profile.  In fact, I only seem to be able to see one profile in the drop down list.  So how would I make that newly created security profile available?
  Thanks

  The whole procedure is here
  Configuring the Cisco CTL Client
  http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucm/security/8_0_2/secugd/secuauth.html
  Before you configure the Cisco CTL Client, verify  that you activated the Cisco CTL Provider service and the Cisco  Certificate Authority Proxy Function service in Cisco Unified  Serviceability. Obtain at least two security tokens; the Cisco  certificate authority issues these security tokens. The security tokens  must come from Cisco. You will insert the tokens one at a time into the  USB port on the server/workstation. If you do not have a USB port on the  server, you may use a USB PCI card.
  HTHjavaIf this helps, please ratewww.cisco.com/go/pdihelpdesk

• Unable to View Composite service interface in Integrated SOA Gateway

  Hi,
  Am unable to view the Composite Service Interface, Can you suggest me wethere to add any roles or profiles to be set specifically for this.
  Thanks,
  Maggi.

  What version are you on and what user groups is your log in assigned to?

• User and System Interface Security by OBPM

  Can anybody describe how User security & System interface security are handled in OBPM?
  Is it through Spring Security Framework, authentication of participants through Active Directory and LDAP. Secure Web-Services, JDBC, XML, Single Sign On, HTTPS, HTTP POST etc.?

  got to command prompt(windows)
  cmd>set ORACLE_SID='database_name'
  cmd>sqlplus '/ as sysdba'
  sqlplus>alter user username identified by password;
  you can change any user password by above command using sys as sysdba or / as sysdba.

• The Secure Store Service application Secure Store Service Proxy is not accessible

  I am working on setting up a new SharePoint 2013 Farm for our external web site which is currently running on 2010 SharePoint. Because this is an External Website for our organization we have an internally available Publishing Site and there is an Web App
  Extension to provide Anon Access to users using the www address. Currently I am doing everything on a single server for testing with HOSTS entries to loop back so I can test with real host headers and not impact the 2010 prod environment. We will be setting
  up 2 more WFEs with a NLB before moving this into prod but it isn't there yet. We brought the Site Collection Databases over but are still running in 2010 mode for now.
  I migrated a copy of the Secure Store Database over from 2010 and had it put on the 2013 Farm's Database Server. Set up Secure Store and the Secure Store Proxy. I went into the Secure Store Proxy in CA and refreshed the Key with the proper Pass Phrase. After
  doing that I could see the Target Application IDs listed. Everything was looking good so I went off to test. If I am on the publishing site I can go to a page that has the solution on it and it operates as expected. It does a query to a non SharePoint database
  and returns information filtered based on the search parameters. The only odd thing I see is if I click on the "Site Actions" I get a message "An error has occurred with the data fetch. Please refresh page and retry." Need to look into
  that more but it only happens on pages that have these solutions. Maybe a clue. If I go to the Anonymous Access page (www......) and try and use the solution, it immediately (way too quick to appear like it is doing anything) comes back with "The security
  token request cannot be completed."
  If I dig through the usage logs I am finding the following.
  The Secure Store Service application Secure Store Service Proxy is not accessible. The full exception text is: The security token request cannot be completed.
  Unexpected exception from endpoint address : https://[Servername]:32844/4e87fd3aabb640fb8cc3ed52188cf5c0/SecureStoreService.svc/https
  Logging unknown/unexpected client side exception: InvalidOperationException. This will cause this application server to be removed from the load balancer queue. Exception: System.InvalidOperationException: The security token request cannot be completed.
      at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForServiceContext(Uri contextUri)     at Microsoft.SharePoint.SPChannelFactoryOperations.InternalCreateChannelActingAsLoggedOnUser[TChannel](ChannelFactory`1 factory, EndpointAddress
  address, Uri via)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.GetChannel(Uri address)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.Execute[T](String operationName,
  Boolean validateCanary, ExecuteDelegate`1 operation).
  Initially I was fighting a firewall issue because it wasn't working (different errors) on both sides. Had Network Engineers open firewall ports needed and now it works on the publishing side. Still the same error on the Anon side. I suspect I have missed
  something when it comes to configuring the Secure Store to allow access to anonymous connections.
  Let me know if you need any more information but that should paint a pretty good picture as to how things are set up.
  Thanks for any help on this one. Searches haven't found much that has helped so far.

  Hi Sennister,
  I recommend to verify the things below:
  Did this issue occur with all the pages in the anonymous side?
  Check if the Claims to Windows Token Service is started.
  Change the <identity impersonate="true" /> in the web.config to see if the issue still occurs.
  Thanks,
  Victoria
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Victoria Xia
  TechNet Community Support

• In R12.1.3, MO:Security Profile Vs HR:Cross Business Group precedence

  Hi All,
  In R12.1.3, Which profile option has higher precedence in MOAC structure.
  If i set the HR:Cross Business Group to NO at resp level and MO: Security Profile, which is associated to Global Security Profile which has two OUs of two different BGs.
  For example:
  I have BG1 - OU1
  BG2 - OU2
  Case 1:
  Global Security Profile - XXGSP has both OU1(BG1) and OU2(BG2) associated.
  HR:Cross Business Group - NO
  HR:Cross Business Group - BG1
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
  Case 2:
  Global Security Profile - XXGSP has both OU1(BG1) and OU2(BG2) associated.
  HR:Cross Business Group - Yes
  HR:Cross Business Group - BG1
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
  Case 3:
  Global Security Profile - XXGSP has both OU1(BG1) associated.
  HR:Cross Business Group - NO
  HR:Cross Business Group - BG2
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU1?
  Case 4:
  Global Security Profile - XXGSP has both OU1(BG2) associated.
  HR:Cross Business Group - Yes
  HR:Cross Business Group - BG1
  In Purchasing Responsibility, what could be the behavior when i create PO?. Will it show both OU1 and OU2? or OU2?
  Regards,
  Soorya

  Hi Soorya,
  We are in a similiar situation and I was wondering if you have received an answer or how you proceeded?
  Thanks,
  Cathy

• Override Security Profile for one employee

  Hi
  I have one employee who works in 'Accounts Department' and the HR user of accounts department can see only the employees of Accounts Department based on the security profile. This is working fine. But theres a different requirement. Some employees are transferred to other departments for 3-6 months for different purposes. During this time also the HR user of accounts department needs to view this employees details due to HR policies and procedures. Can we achieve this? If yes, how?
  - Gulzar

  Q 1 - When Employee is transferred from Dept 1 to Dept 2 for 6 months, Should the HR for both Dept 1 and Dept 2 be able to see his details for 6 months?
  Q 2 - After 6 months period, employee's organization is again updated to Dept 1, should again HRs of both Dept 1 and Dept 2 be able to see his details even after the 6 months period?
  Q 3 - If answer for Q 2 is - "after 6 months period, only HR of Dept 1 should see his details" , how to identify Employee's home department? Will it be the Employee's Organization effective as of Employee's hire date?