Role Based Access Control(RBAC)
- Roles
- Duty role
- Abstract role
- Job role
- Privileges
- Function Security Privilege
- Data Security Privilege
- Implementation Users
- Application Implementation Consultant
- IT Security Manager
- Can have abstract roles like Employee, or Manager
- Application Users
- Should have abstract roles like Employee, or Manager
- MyTeam -> Manage Users
- Job Role -> Roles performed at a job function
- Abstract Roles -> for common functions like employee role
- Duty Role -> Individual duty functions like Invoice creation, payment creation
Data Roles vs Data access
- When a Ledger is created, Data Access Set is created with same name
Role Provisioning
- Employee Role assigned when
- Person type is Employee & HR assignment status is Active
- Manager Role assigned when
- Person type is Employee, HR assignment status is Active & Manager with reports
Payables Security
- Function Security
- Edit Access
- Accounts Payable Manager
- Accounts Payable Specialist
- Accounts Payable Supervisor
- View Only access
- Financial Application Administrator
- Cost Accountant
- Project Accountant
- Data Security
- Secure access based on BU
- Invoices & Payments
Security Console
- This task is made available by adding role IT_SECURITY_MANAGER role
- Roles Management
- User Management
Practicals
- Setup & Maintenance -> Manager Users ->
- Data Security
- Setup & Maintenance-> Manage Data Access Set and Access for Users
select * from per_users where username like ‘AP%CUS%’;
select * from fusion.fnd_object_instance_sets where INSTANCE_SET_NAME like ‘FNDDOCUMENTCATEGORIESPOZ55%’;
select * from fusion.fnd_object_instance_sets where INSTANCE_SET_NAME like ‘FNDDOCUMENTCATEGORIESPOQ15%’;
select * from fnd_grants where instance_set_id in ( 300100110431046, 300100110431049)
--and ROLE_NAME in ( select role_name from fusion.FND_SESSION_ROLE_SETS where SESSION_ROLE_SET_KEY like ‘dQkIylMsQMB5KTs8rSmeEQ==’ ) ;
--and ROLE_NAME in ( select role_name from fusion.FND_SESSION_ROLE_SETS where SESSION_ROLE_SET_KEY like ‘dQkIylMsQMB5KTs8rSmeEQ==’ ) ;
select * from FND_SESSIONS where user_guid like ‘C7A5D1052374BB05E050F80A98291B75’ order by last_connect desc ;
-- C7A68D683CB2235FE0539929F80AAE3E
-- C7A68D683CB2235FE0539929F80AAE3E
select * from fusion.FND_SESSION_ROLE_SETS where SESSION_ROLE_SET_KEY like ‘dQkIylMsQMB5KTs8rSmeEQ==’ ;
----
select /*3-25921486741*/
Distinct bu_id,
bu.BU_NAME,
u.username,
role.ROLE_NAME,
role.START_DATE_ACTIVE,
role.END_DATE_ACTIVE,
role.ACTIVE_FLAG
from fusion.hz_parties h,
fusion.per_users u,
fusion.per_all_people_f f,
fusion.FUN_ALL_BUSINESS_UNITS_V bu,
fusion.FUN_USER_ROLE_DATA_ASGNMNTS role
where 1=1
and h.user_guid = u.user_guid
and u.person_id = f.person_id
and sysdate between f.effective_start_date and f.effective_end_date
and role.org_id = bu.bu_id
and u.USER_GUID = role.USER_GUID
and u.username='WH6066'
--and role.ACTIVE_FLAG='Y'
and bu_id=300000031108373
Distinct bu_id,
bu.BU_NAME,
u.username,
role.ROLE_NAME,
role.START_DATE_ACTIVE,
role.END_DATE_ACTIVE,
role.ACTIVE_FLAG
from fusion.hz_parties h,
fusion.per_users u,
fusion.per_all_people_f f,
fusion.FUN_ALL_BUSINESS_UNITS_V bu,
fusion.FUN_USER_ROLE_DATA_ASGNMNTS role
where 1=1
and h.user_guid = u.user_guid
and u.person_id = f.person_id
and sysdate between f.effective_start_date and f.effective_end_date
and role.org_id = bu.bu_id
and u.USER_GUID = role.USER_GUID
and u.username='WH6066'
--and role.ACTIVE_FLAG='Y'
and bu_id=300000031108373
REST resource types
- Transaction resource
- Reference
- Lov resource
- Register in ADR- Application Design Repository
- http://fadr.us.oracle.com:7777/adrv1/SetupTaskList/faces/ADRDashboard
- PM to log request on fin-security-cr
- Create rest/soap resource
- Register the service as jazn resource either as RestServiceResourceType or
WebserviceResourceType in jazn-data.xml - Add resource to required privilege as member-resource
- eg: https://orareview.us.oracle.com/88788650/diff_nowhite/88788651/88788705
