Oracle Cloud offers a broad portfolio of software as a service applications, platform as a service, and social capabilities, all on a subscription basis. Oracle Cloud delivers instant value and productivity for end users, administrators, and developers alike through functionally rich, integrated, secure, enterprise cloud services.
 Get a Free Magzine ...Profit:The Executive's Guide to Oracle Applications

Subscribe to the OracleAppsHub to receive notifications when there are new posts:

 get RSS feed
 Oracle Fusion Applications (OFA) is a portfolio of next generation suite of software applications from Oracle Corporation. It is distributed across various product families; including financial management, human capital management, customer relationship management, supply chain management, procurement, governance, and project portfolio management
 Get a Free Magzine ...Profit:The Executive's Guide to Oracle Applications

Understanding Security in : Oracle Financials and Manufacturing

Posted on October 28th, 2007 by Sanjit Anand ||Email This Post Email This Post

Have you tried OracleappsHub in ipad/iphone/smart Phone? Don't wait. try it today

Understanding the data access implications at all organization levels is an important factor in designing your responsibility matrix. As we know whenever a user signs in to Oracle Applications, the first thing application enforce you is to select a responsibility. That chosen responsibility allows them access to a menu of screens and a list of reports and processes they wish to run, as well as the ability to view and/or update specific data. We can define your own responsibilities.

In real time scenario , normally these kind of implementions take place:

  1. Financial with HRMS (Shared Mode)
  2. Financial plus manufacturing
  3. Financial and HRMS(Full mode)
  4. Financial and Manufacturing & HRMS(Full mode)

I haven’ consider CRM modules in discussion here as they hardly requires any Extra security rule to understand. For the sake of understanding we would categorize my discussion into Financial & manufacturing and HRMS.Lets start first with financial and manufacturing.


Depending on the Oracle module accessed, a responsibility allows the user to view and process data associated with a set of books, operating unit , or inventory organization as follows:

• GL responsibilities allow access to one financial set of books via the GL Set of Books Name profile option.

Take a note if there is only one set of books, you can set this profile option at the site level, meaning it applies to the entire database instance. Those who is still using 10.7 and want to drilldown from GL to operating unit sub ledgers ,then you need to setup GL responsibilities by operating unit and assign the MO: Operating Unit profile option to these responsibilities.The biggest enhancement in recent years is in 11, you do not need operating unit specific GL responsibilities for drilldown.

• In PO, AP, OE, AR, and other operating unit modules, setup a separate responsibility for each operating unit.

You cannot access more than one operating unit in a particular responsibility. This is achieved by setting the MO: Operating Unit profile option at the responsibility level. If there is only one operating unit, you can set this profile option at the site level.

• before multiorg , Fixed Assets data was not partitioned at all in terms of security but In 11i we can assign the profile option FA: Security Profile to responsibilities giving them access to one or more FA books.

For details do refer my old post for security in FA.

• In the Manufacturing and Inventory modules, you can restrict a responsibility to one or more inventory organizations using the Organization Access setup form.

Take a note if you do not setup any responsibilities in this form,users will access to all inventory orgs. When a user signs in to any manufacturing or Inventory responsibility, the first screen displays a list of accessible inventory organizations and the user must select one.

Generally users can run reports only within the responsibility’s organization

  • Set of books
  • Operating unit
  • Inventory org

Beginning in 11i you can run some reports across operating units within a set of books. You control this by setting the MO: Top Reporting Level profile option to set of books, legal entity, or operating unit, typically assigning the profile option to responsibilities.

* If the MO: Top Reporting Level profile option is set to Set of Books, you can run your reports at the set of books level, legal entity, or
operating unit level.

* If the MO: Top Reporting Level profile option is set to Legal Entity, you can run your reports at the legal entity, or operating unit level.

* If the MO: Top Reporting Level profile option is set to Operating Unit, you can run your reports at the operating unit level only. You are
only allowed to view data in the operating unit assigned to your responsibility.

Users can then enter as a report parameter a Reporting Level of set of books or legal entity to report across operating units in their set of books.

Typical Reports that allow and uses the above functionality includes:

  • Payable
    • Accounts Payable Trial Balance
    • Posted Invoice Register
    • Posted Payment Register
    • Unaccounted Transactions
    • Tax Audit Trail
    • Use Tax Liability
  • Accounts Receivables
    • Aging 7 & 4 Bucket Reports
    • Aging Reports- Executable
    • Bills Receivable By Status Report
    • Bills Receivable Summary Report
    • Credit Hold Report
    • Customer Credit Snapshot Report
    • Tax Register
    • Tax Reconciliation
  • Report Exchange (RXi)
    • RXi for GL, AP, AR: Financial Tax Register
  • Various localizations and region-specific reports

What is the MO:Operating Unit profile option used for?

The MO:Operating Unit profile option must be set to the appropriate value at either the Responsibility or User level.This profile option is used to distinguish which Operating Unit will be used by the users that login into Oracle Applications.

Will continue with discussion..:)

Related Posts

Posted in 11i, Functional, Oracle Application | 12 Comments »Email This Post Email This Post |

Have you tried OracleappsHub in ipad/iphone/smart Phone? Don't wait. try it today
12 Responses
  1. pravez Says:

    nice post

  2. William Law Says:

    Excellent post!

    It helps a lot.

    Thank you very much.

  3. sanjit Says:

    Thanks Will ,for nice word.

  4. Sridhar Sattineni Says:

    Excellent explanation about Applications security for Financials and Mfg moudles.

    Thanks a lot.

  5. Nibedita Moitra Says:

    Really helpful. Thanks a lot

  6. Jay Says:

    Hi Sanjit,

    I have a few questions in regards to AR 7 bucket Aging report. Is it possible for your to e-mail me.


  7. Raghu kalavendi Says:

    Dear Sanjit

    No words to describe the level of satisfactin we get after browsing through this coloumns.

    Thanks for valuable information being shared.


  8. raghu Says:




  9. Sanjit Anand Says:

    just to note ,Shared is for the other modules to work with your employees. Full is to install the full suite of HRMS and still allow the other modules to work with your employees.

    There is no such mechism ou can check, but you can run the licence manager and see how many products are in installe mode.

    The table is fnd_product_installations, the column is status.

  10. Ramya Says:


    Thanks for the article it was very informative. I have a question on the XLA_MO_TOP_REPORTING_LEVEL profile option. I am not able to see this in R12 instance. This is erroring out reports during upgrade to R12. Could you please tell me if there is any other alternative for this?

    Thank you,

  11. Moses Says:

    Wonderful Site. Doing great things. Continue :) Thanks Thanks Thanks a ton

  12. Guest User Says:

    Excellent Articles!!

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.