- OracleApps Epicenter - http://www.oracleappshub.com -

Understanding Security in : Oracle Financials and Manufacturing

Understanding the data access implications at all organization levels is an important factor in designing your responsibility matrix. As we know whenever a user signs in to Oracle Applications, the first thing application enforce you is to select a responsibility. That chosen responsibility allows them access to a menu of screens and a list of reports and processes they wish to run, as well as the ability to view and/or update specific data. We can define your own responsibilities.

In real time scenario , normally these kind of implementions take place:

  1. Financial with HRMS (Shared Mode)
  2. Financial plus manufacturing
  3. Financial and HRMS(Full mode)
  4. Financial and Manufacturing & HRMS(Full mode)

I haven' consider CRM modules in discussion here as they hardly requires any Extra security rule to understand. For the sake of understanding we would categorize my discussion into Financial & manufacturing and HRMS.Lets start first with financial and manufacturing.

Depending on the Oracle module accessed, a responsibility allows the user to view and process data associated with a set of books, operating unit , or inventory organization as follows:

• GL responsibilities allow access to one financial set of books via the GL Set of Books Name profile option.

Take a note if there is only one set of books, you can set this profile option at the site level, meaning it applies to the entire database instance. Those who is still using 10.7 and want to drilldown from GL to operating unit sub ledgers ,then you need to setup GL responsibilities by operating unit and assign the MO: Operating Unit profile option to these responsibilities.The biggest enhancement in recent years is in 11, you do not need operating unit specific GL responsibilities for drilldown.

• In PO, AP, OE, AR, and other operating unit modules, setup a separate responsibility for each operating unit.

You cannot access more than one operating unit in a particular responsibility. This is achieved by setting the MO: Operating Unit profile option at the responsibility level. If there is only one operating unit, you can set this profile option at the site level.

• before multiorg , Fixed Assets data was not partitioned at all in terms of security but In 11i we can assign the profile option FA: Security Profile to responsibilities giving them access to one or more FA books.

For details do refer my old post for security in FA. [1]

• In the Manufacturing and Inventory modules, you can restrict a responsibility to one or more inventory organizations using the Organization Access setup form.

Take a note if you do not setup any responsibilities in this form,users will access to all inventory orgs. When a user signs in to any manufacturing or Inventory responsibility, the first screen displays a list of accessible inventory organizations and the user must select one.

Generally users can run reports only within the responsibility's organization

Beginning in 11i you can run some reports across operating units within a set of books. You control this by setting the MO: Top Reporting Level profile option to set of books, legal entity, or operating unit, typically assigning the profile option to responsibilities.

* If the MO: Top Reporting Level profile option is set to Set of Books, you can run your reports at the set of books level, legal entity, or
operating unit level.

* If the MO: Top Reporting Level profile option is set to Legal Entity, you can run your reports at the legal entity, or operating unit level.

* If the MO: Top Reporting Level profile option is set to Operating Unit, you can run your reports at the operating unit level only. You are
only allowed to view data in the operating unit assigned to your responsibility.

Users can then enter as a report parameter a Reporting Level of set of books or legal entity to report across operating units in their set of books.

Typical Reports that allow and uses the above functionality includes:

What is the MO:Operating Unit profile option used for?

The MO:Operating Unit profile option must be set to the appropriate value at either the Responsibility or User level.This profile option is used to distinguish which Operating Unit will be used by the users that login into Oracle Applications.

Will continue with discussion..:)

12 Comments (Open | Close)

12 Comments To "Understanding Security in : Oracle Financials and Manufacturing"

#1 Comment By pravez On October 30, 2007 @ 7:58 am

nice post

#2 Comment By William Law On January 23, 2008 @ 5:53 am

Excellent post!

It helps a lot.

Thank you very much.

#3 Comment By sanjit On January 23, 2008 @ 7:17 am

Thanks Will ,for nice word.

#4 Comment By Sridhar Sattineni On April 10, 2008 @ 8:29 am

Excellent explanation about Applications security for Financials and Mfg moudles.

Thanks a lot.

#5 Comment By Nibedita Moitra On June 4, 2008 @ 4:57 am

Really helpful. Thanks a lot

#6 Comment By Jay On June 12, 2008 @ 7:22 am

Hi Sanjit,

I have a few questions in regards to AR 7 bucket Aging report. Is it possible for your to e-mail me.

Thanks

#7 Comment By Raghu kalavendi On July 23, 2008 @ 9:51 pm

Dear Sanjit

No words to describe the level of satisfactin we get after browsing through this coloumns.

Thanks for valuable information being shared.

regards
raghu

#8 Comment By raghu On October 15, 2008 @ 2:22 am

HELLO hOW TO FIND THE hrms IS SHARED mODE OR NOT

rEGARDS

rAGHU

#9 Comment By Sanjit Anand On October 18, 2008 @ 8:00 am

just to note ,Shared is for the other modules to work with your employees. Full is to install the full suite of HRMS and still allow the other modules to work with your employees.

There is no such mechism ou can check, but you can run the licence manager and see how many products are in installe mode.

The table is fnd_product_installations, the column is status.

#10 Comment By Ramya On July 8, 2010 @ 10:23 am

Sanjith,

Thanks for the article it was very informative. I have a question on the XLA_MO_TOP_REPORTING_LEVEL profile option. I am not able to see this in R12 instance. This is erroring out reports during upgrade to R12. Could you please tell me if there is any other alternative for this?

Thank you,
Ramya

#11 Comment By Moses On July 11, 2010 @ 2:42 am

Wonderful Site. Doing great things. Continue :) Thanks Thanks Thanks a ton

#12 Comment By Guest User On December 8, 2010 @ 7:53 pm

Excellent Articles!!