User Level PO Restrictions In Orcle PO Standard Form

Similar Messages

• User Level Data Restriction in OBIEE

  Hi Experts,
  Need your help in implementing the below logic in OBIEE.
  I have a requirement where user needs to view only particular data. Say for example ,
  UserA   Bangalore
  UserB   Delhi
  UserC   Mumbai
  Once User A logins he / she should be able to view only Bangalore and the same follows with the other users.
  I have this User and area/city relation stored in a table.
  Please let me know how can I achieve this.
  I have these user created and I am unable to establish a relation between the user and the city .
  Please let me know your suggestions on how can I implement this.
  Appreciate your immediate response.
  Regards,
  Veena A

  Hi,
  Detailed description is as follows
  1. Create 3 users -> userA, userB, userC from Manage->Security->Users in Administration Tool.
  2. Create Intialization Block from Manage->Variables->Intialization Block right click on white space in Administration Tool. Give a name to it
  3. Click on Edit Data Source in Intialization Block that you have created and write the query
  SELECT 'user_city', column of city FROM table_name which has city column.
  4. Create 4 session variables USER, USER_CITY, GROUP, LOG_LEVEL(Note : The order of creation of variables should be same). for USER , LOG_LEVEL and GROUP an alert will come saying that these varibles are of special purpose, click on Yes to create it.
  5. Go to Manage->Security->Users in Administration Tool and double click on userA->Permissions click on Filters tab and click on Add button. Select the table which has city column. click on '...' button next to Business Model Filter Column to get the Expression Builder - Security Filter.
  6. In the Expression builder select logical tables, and then select table which has city column and click on Insert button. Click on '=' in Expression builder. Click on Session Variables. double click on user_city session variable. (for example : Employee_Manager."Locations Ma"."Loc Name" =  VALUEOF(NQ_SESSION."UserLocation")) and then click on ok. save reporsitory. restart BI server from services and launch the BI Answers and login as userA and check the city.
  For more details visit
  http://www.oracle.com/technology/obe/obe_bi/bi_ee_1013/bi_admin/biadmin.html
  Scroll down to topic -> Using Initialization Blocks and Variables
  Thanks and Regards,
  Mahesh
  Edited by: magu on Apr 27, 2009 3:10 PM

• Restricting Authorizations to Variants at User level

  Hi SAPians,
  Can you help me to know how can I restrict variants to be displayed for particular users.?
  Example: I am creating 5 variants in EMMACL transaction and give authorizations for the users only to particular Variants as below:
  1. Variant1 --> Can be access by only users ERP-EHK, ERP-SAP & ERP-EJS
  2. Variant2 --> Can be access by only users ERP-EAS & ERP-HJG.
  3. Variant3 --> Can be access by only user ERP-EMM
  4. Variant4 --> Can be access by only users ERP-EHK & ERP-UJY
  5. Variant5 --> Can be access by only user ERP-EAS
  Let me know how I can achieve the above requirement?

  Hi,
  i have assigned it at user level then why iam i
  getting the currency code of site level ?Did you user to logout and login again after setting the profile option at the user level?
  What if you set this profile option at the site/application/responsibility level, can you reproduce the issue then?
  Thanks,
  Hussein

• Restriction in MIGO at user level

  Hi all,
  I have a requirement , system should not allow to post excise invoice at the time of MIGO for some users .
  we can restrict all the users by excise group but i want for specific users.
  How can i achieve this.

  hi
  there are two settings first is for displaying options in the MIGo EXCISE tab
  it is to be donr in Define Processing Modes Per Transaction
  once  tick for cap and post it will be vivable to all users
  now whn you dont give  authorisation fot posting then POSTING will not be done although cap and post is viewable
  regards
  kunal

• How to hide the columns at the end user level thru personalization

  Hi all
  how I can hide the columns that are displayed on the portal. Any personalize option for the end user? Any righ click or some thing?
  I am looking at hiding columns not while developing the iViews / Pages, But in the browsers as the end user.
  i can hide the columns what ever i want while creating the iViews for MDM data. but we cant provide the content administrator role to the end user for hiding the columns what ever they want. they want to hide the columns thru pesonalization option at the end user level.
  Can you please let me know whether we can able to hide the columns at the end user level thru personalization ?? is it posible with standard iViews??
  Regards
  Sunil

  Hi Sunil,
  I understood your requirement properly and seems valid and I tried this at my end but i didnt get the solution. Field list is not visible in Personalize option. I dont think it is possible with MDM standard iViews.
  I was thinking an alternative is if some how we manage to give the permissions to end user only on Result Set iView but if it would be possible it will not be a good design.
  Lets wait for some inputs from others.
  Regards,
  Jitesh Talreja

• How can we do personalization at User Level

  Hi ,
  I have extended a controller .
  and I have to replace the seeded controller to extended controller using personalization at User Level.
  Can any one suggest how can we do personalization at user level.
  Regards,
  Krishna.

  Hi,
  If you have extended controller then why don't you use profile option for restricting at user level.
  In controller use as following :
  processRequest(...)
  super.processRequest(...);
  String userProfile = pageContect.getProfile("Profile option name");
  if(null!= userProfile && !"".equalsIgnoreCase(userProfile.trim()) && "userRestriction".equals(userProfile.trim()))
  //do your changes
  follow same in processFormRequest as well.
  Once it is done...replace you controller at site level. It will only work for the users for whom the profile option is set.
  Regards,
  Mukesh Uchaniya

• Disable profile option updation at user level

  I want to disable the profile option HR: Security Profile or for that matter any other profile option at user level. The user should be able to see the value set by the system administrator (Field should be grayed out) and user should not be able to update it.
  How to do it??

  Try a personalization combined with custom PLSQL, like this:
  1) Acces System Profiles
  2) Help->Diagnostics->Custom Code->Personalize
  3) In the newly displayed Form Personalization form, create a line with a description like this: Prevent modification of USER_VISIBLE_VALUE
  4) In the Conditions tab, set Trigger Event = WHEN-NEW-ITEM-INSTANCE
  5) Set Trigger Object = PROFILE_VALUES.USER_VISIBLE_VALUE
  6) In the Condition text area, enter:
  apps.xxror_test_sysprofile(:PROFILE_VALUES.USER_PROFILE_OPTION_NAME,'USER')=1
  7) Set Processing Mode to Both
  8) Switch to the Actions tab and create two actions:
  first:
  type = property
  description = Don't update
  Language=all
  enabled=yes
  object type=Item
  target object=PROFILE_VALUES.USER_VISIBLE_VALUE
  property name=UPDATE_ALLOWED
  value=false
  second:
  type=property
  description=Don't enter
  language=all
  enabled=yes
  object type=Item
  target object=PROFILE_VALUES.USER_VISIBLE_VALUE
  property name=ALTERABLE_PLUS
  value=false
  9) Repeat steps 3-8 if desired for other levels, such as:
  Prevent modification of SITE_VISIBLE_VALUE
  Prevent modification of APPL_VISIBLE_VALUE
  Prevent modification of RESP_VISIBLE_VALUE
  Prevent modification of SERVER_VISIBLE_VALUE
  Prevent modification of ORG_VISIBLE_VALUE
  paying attention to update the corresponding names for xxx_VISIBLE_VALUE.
  10) Create the following PLSQL function:
  CREATE OR REPLACE function xxror_test_sysprofile (
  prof_opt_name in varchar2,
  lvl in varchar2
  return number
  is
  v_ret number;
  s_prof varchar2(1024);
  s_uname varchar2(100);
  s_lvl varchar2(10);
  begin
  -- returns 0 if the user "uname" must be granted access the profile named "prof_opt_name" at the "lvl" level
  -- returns 1 if the user "uname" must be forbidden to access such a profile at such a level.
  -- important assumption: the "lvl" parameter may have only one of the following values:'SITE', 'APPL', 'RESP', 'USER', 'SERVER', 'ORG'
  -- or else this function will return 1, thus forbidding the access
  s_uname:=substr(upper(trim(nvl(fnd_profile.value('USERNAME'),''))),1,100);
  if s_uname in ('MY_ADMIN_1','MY_ADMIN_2','SYSADMIN') then
  v_ret:=0; -- no restrictions
  else
       if s_uname in ('MY_POWERUSER_1','MY_POWERUSER_2') then
       -- restrict to only the below mentioned profiles
       s_prof:=substr(upper(trim(nvl(prof_opt_name,''))),1,1024);
            s_lvl:=substr(upper(trim(nvl(lvl,''))),1,10);
            if
            (s_prof like '%WHATEVER%')
            then
                 if s_lvl in ('SITE', 'APPL', 'RESP', 'USER', 'SERVER', 'ORG') then
                      v_ret:=0; -- level acceptable for these users on these profiles
                 else
                      v_ret:=1; -- unknown level, so reject
                 end if;
            else
                 -- these users may not access these profiles, so reject
                 v_ret:=1;
            end if;
       else
            if s_lvl = 'SITE' then
            -- no way any other user than those above may modify site-level profiles
            v_ret:=1;
            else
                 -- any other user than those above may modify lower-level profiles, but
                 -- for now reject all
                 v_ret:=1;
            end if;
       end if;
  end if;
  return v_ret;
  end;
  Pls be aware that testing first on a test instance is always advisable.

• CC: Risk Resolution at user level.

  HI All,
  In CC 5.2 with latest patch level, I am facing an issue in Risk Resolution. When I do the Risk analysis at user level for a particular user and then do a detail Report and then try to do the risk resolution; there are standard three options:
  1. Mitigate.
  2. Remove Access.
  3. Delimit Access.
  from the user. Out of these three, the first one is working fine, but second and third are greyed out and I can not proceed with option 2&3. Have any one of you come accross such a situation or have any clues about the same. Also, my user has Admin rights to all the actions in the Admin role provided to me.
  Thanks a lot in advance.
  Have a nice day!!
  Regards,
  Hersh

  Hello Hersh,
  This functionality is not available in 5.2.
  Regards,
  Jagat
  Edited by: Jagat Bir Singh on Jul 31, 2008 3:16 PM
  Edited by: Jagat Bir Singh on Jul 31, 2008 3:17 PM
  Edited by: Jagat Bir Singh on Aug 1, 2008 6:52 AM

• Organization level authorization restrictions

  Hello All,
  Please can you let me know
  1) f it is possible to org level authorization restrictions for CLM documents and master data without any development?
  - E.g. while creating suppliers the user should only be able to create for the Company assigned to the user id?
  2) What is the significance of the company and organization unit fields in the user account information page?
  Regards,
  Subramaniam Iyer

  Hi ,
  Could you share about your solution ? I think I have face the same problem as yours.

• Changing The Validity Dates In Org Model in CRM- User Level

  Hi
  How can we restrict the Validity Dates in Organisation Structure at User Level.
  I need that the user should be given some specific dates<b> ( Valid till or assigned till )</b> while assigning in the org. And it should be visible always in the Org Model.
  We tried using Delimited Date Function, but the User gets ellapsed if the Validity is expired.With the business point of view, <b>the requirement is that all user should be listed in Org model with respect to any dates.this would mean that if a user is terminated we would want to change the Valid till date in the Org</b>

  Hi Amrita,
  Business partner number and Object ID is automatically determines by system when creating a org unit.
  I dont find any configuration to create org unit with your own BP number and object ID. You have option to make repairs to the existing org unit.
  Please find the below path to repair the org unit
  IMG -> CRM -> Master Data -> Business partner -> Integration Business partner -Org management -> Create Business partner initially
  Select the org unit and execute to get all the org units.
  You can select the org units with errors /warnings and click on start repair to get automatic assignment of BP.
  Hope it helps
  Reward points if it helps
  Regards,
  Madhu

• Organization Units Authorization on user level

  Hello experts,
  Is there a way to add authorization for an organization unit (i.e. Company Code) on a user (SU01) level and not on a authorization objects (PFCG) level?
  For example,
  I would like to create the following Role (profile):
  ZFI_AP_REPORT_DISPLAY
  This role should be able to display AP report from the Financial module.
  However our problem is, we would like to create authorization levels with organizational units for each user:
  For example:
  User Anson has ZFI_AP_REPORT_DISPLAY assigned but can only display Report from Company Code 3202.
  We know we can create this authorization creating several roles, like:
  ZFI_AP_REPORT_DISPLAY_3201
  ZFI_AP_REPORT_DISPLAY _3202
  ZFI_AP_REPORT_DISPLAY_3203
  but our idea is not create several roles, but to assign the Company Code authorization on a user level and leave just one role so we would only need ZFI_AP_REPORT_DISPLAY.
  Is there a way to do this?
  Thank you in advanced for your replies.
  Christine Tseng

  I agree with Jurjen.  There is no point creating a "new" authorisation concept for a few transactions.  If you use standard authorisation objects for the check in your custom tcodes then you will likely have very little work to do if you assign those tcodes to existing roles.
  Even using a custom auth object & creating the variants will take up no more time than doing something like repeating the variable functionality in BI or messing about with PIDs in the UMR (which I definitely do not recommend).  By sticking with the standard concept you ensure consistency, making it much easier to support and/or handover if you move on from the role.

• Information Regarding Essbase Security Except Filter Level and User Level

  I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
  Asia and America are defined in my location dimension.
  can any one explain about it without using user Level Security and Filter level security.
  Please tell me how to do it?
  Thanks in advance.

  Sandeep's reference the DBAG and the section on filters is the right direction. The filter is created in EAS.
  Let's use an example.
  You create a METAREAD filter (that is, it filters both data and dimensionality) that gives a user limited access to the Location dimension (I think I have that right), e.g., the British Isles, the UK and Ireland. You can also create a READ filter but it only limits data and, in my opinion at least, causes confusion because users can see metadata (the whole world) but only see data for the British Isles.
  NB -- filters can be assigned to individual usernames or to groups that users are members of. For a POC, I'd keep it simple and just assign it to a username, but it's your choice.
  Assign the filter to the user in Shared Services.
  Try connecting to the database in Excel through the Classic Add-In or SmartView to test what the user sees -- it should be: Total Location, British Isles, the UK, and Ireland. You will see Total Location (top of the dimension) because that's how Essbase navigates down -- it has to have the dimension name to find the limited children. You won't see any data there. But you will see data at the Location members that the METAREAD filter allows.
  That's it -- it's been around since the year dot, and is the way access is restricted. You shouldn't need to reinvent the wheel to get this to work in OBIEE. Essbase should do the work.
  Regards,
  Cameron Lackpour

• Printer Configuration - User Level

  Greetings to All,
  I have question.. Is it possible to set printer at user level (Default printer to EBS applicatioin users) in EBS r 12
  Environment:
  OS: OEL 5.3
  APP: EBS R 12
  Thanks in advance,
  Satish

  Hi Satish,
  Yes its possible
  Mainly u need to follow:
  - Setup the printer at the OS level
  - Add a valid entry in the hosts file (Printer Name and the IP Address)
  - Login to System Administrator responsibility
  - Navigate to Install > Printer > Register
  - Define a new printer by entering the Printer Name you have set in the hosts file
  - Save
  - Bounce the Concurrent Manager
  - Submit any standard concurrent request
  Also check
  Oracle Application Object Library Printer Setup Test [ID 200359.1]
  You can search printer issue on forum, you will find many good thread which is answered Hussein Sawwan
  Regard
  Helios

• Make all the forms at a user level or responsibility level to be read only

  Hi,
  Please suggest me to make all the forms at a user level or responsibility level to be read only. So that when a particular user logs in, he gets all the form in read only mode or at a particular responsibility all the forms are read only so that we can attach this responsibility to the user for the same purpose.
  Any ideas will be highly appreciated.

  check this blog,
  http://www.oracleappshub.com/11i/oracleapps-responsibility-vs-sap-functions/
  Re: How to change OM responsibility as read-only in oracle applications 11i
  read only responsibility-user

• How to create a profile value at user level programatically

  Dear all,
  I want to create a profile value at user level programatically, I refer to the developer guide and try to use fnd_profile.put() to create a new value.
  But I find out the value is just created in session level, not be inserted into base table.
  So is there anyone know how to realize this function in PL/SQL?
  Any idea is appreciated.
  Best Regards,
  Kenny

  Check Note: 364503.1 - How to Set a System Profile Value Without Logging in to the Applications
  https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=364503.1