I have posted a number of previous notes  defining and discussing Oracle diagnostics. This tool is enhanced because of new security model.Let's take a quick look on revisiting this utility.
Six reason why 'Everyone like Oracle Diagnostic'
Oracle E-Business Suite Diagnostics is a framework and a repository of diagnostic tests. These are six top reason why every one liked this product.
- This is shipped product within the box
- This is FREE ...
- This utility based out of common known problems
- Test Result with corrective actions information
- Available for most of the products
- You will get enough documentation on metalink.
Changes in R12.1
- Diagnostics now have role-based security
- Customizable security layer implemented using Role- Based Access Control (RBAC)
- The name got changed to "Oracle E-Business Suite Diagnostics" from 'Support Diagnostic Tools"
- The access is now taken care by Grant via Diagnostics Roles.
- 'Application Diagnostics' responsibility is new Navigational menu.
- Within new security model Sensitivity Levels is now being introduced which have three value 1,2,3.
- In other word Sensitivity is basically an attribute of the test that indicates the kind of data it is dealing with.
- Oracle Diagnostic is now a high performing tool coupled with Multi-threaded execution engine.
- Oracle Diagnostic have capability to includes Data masking.
- You can design your Custom roles based out of your business need.
- Oracle Diagnostic output is tagged with your SR, by passing SR number.
Oracle Diagnostics provides the ability to quickly identify and resolve problems by executing diagnostic tests, and here is how this looks in architectural view.
Diagnostic linked with SR.
A typically flow for diagnostic routed with SR.
New Security Model
You can understood as new model as:
A particular user’s access to diagnostic tests is determined by:
- What responsibilities are assigned to that user
- Which roles are granted to those responsibilities
Within New Security Model, important features are :
- Unrestricted execution and configuration access Application Super User Role
- Unrestricted execution on tests under own application and restricted access on other applications Application End User Role.
- Take a note, 'Own application' means any application in which your use rid has a valid responsibility tagged.
- Restricted access in own and other applications
- By default, all three roles have given to Application Diagnostics Responsibility
Company xylem has uptake EBS Diagnostics.
Requirement wise it can’t assign execution and setup access to the same resource/user;, therefore its required to increase/decrease sensitivity levels of the roles.
Lets say ‘GL Manager’ responsibility is assigned to ‘user and following activity is performed.
- ‘Application Super User’ role is granted to ‘GL Manager’ responsibility , where for other modules (AP,AR) sensitivity levels have been set.
- in That case, ‘User can execute below tests in diagnostics
- High, Medium, Low sensitivity tests in ‘General Ledger’ application
- Medium, Low sensitivity tests in other applications like AR, AP etch
Take a note,high sensitivity tests in other applications are not available for this user, as they are locked.
5 steps for creating custom Security
- First you need to create a new role
- Than, attach the responsibility to this role
- Create a new permission set
- Create a new grant
- Assign the role to the user
Instance Sets,Grants,Permissions and Permission Sets are some of the new keyword which need to revisit in term of new security model.
Usage demonstration : Diagnostics Made Easy : Oracle Diagnostic Tool 
Oracle E-Business Suite Diagnostics User's Guide,Part Number: E12895-01 Reel. 12.1