Oracle Applications release 12.2.x brings a new Separation of Duty feature - FLEXFIELD VALUE SET SECURITY. It controls who can create, view, insert or update values for a particular value set in the Flexfield Values Setup window (FNDFFMSV).
The effect of flexfield value set security is that a user of the Segment Values form will only be able to view those value sets for which the user has been granted access. Further, the user will be able to insert or update/disable values in that value set if the user has been granted privileges to do so. Note that where a value set is being used by multiple flexfield segments or report parameters, any changes made to a value set affect all segments or parameters that use the same value set, even if access is not explicitly granted for the flexfield that shares the value set.
Note: Flexfield value set security is not currently supported by the Account Hierarchy Manager in Oracle General Ledger, though the Account Hierarchy Manager only provides access to value sets that are used for the Accounting Flexfield. Flexfield value set security is also not currently supported by the Setup Workbench in the Oracle Product Information Management product. For both of these products, you should maintain tight control over who has access to these pages on their menus.
When you initially install or upgrade to Release 12.2.2, no users are allowed to view, insert or update any value set values. You must explicitly set up access for specific users by enabling appropriate grants and roles for those users.
Setting Up Flexfield Value Security : Setting up value security mostly consists of creating grants using the Functional Administrator responsibility.
Oracle Recommendation: To create roles and create grants to those roles rather than directly to individual users.
Our Strategy: What I 'have done in our environment is to assign all privileges to System Administrator Responsiblity and View only to all users. This way whoever have System Administrator responsiblity will be able to modify the Value Set.
Functional Administrator > Security Tab > Create Grant.
Create Grant: Define Grant
Name: XX_VALUE_SET_ACCESS_SYSADMIN
Security Context
Grantee Type: All Users
Responsibility: System Administrator
Data Security
Object : Flexfield Value Set Security Object (Code:FND_FLEX_VSET_OBJECT, Source:FND_FLEX_VALUE_SETS)
Create Grant: Select Object Data Context
Object Flexfield Value Set Security Object
Data Context Type: Instance Set
Name: All value sets (Code:FND_FLEX_VSET_OBJSET_ALL, Description:Give access to all value sets)
Create Grant: Define Object Parameters and Select Set
Data Security
Object Flexfield Value Set Security Object
Data Context
Type Instance Set
Name All value sets
Description Give access to all value sets
Predicate
1=1
Set
Name: Flexfield Value Set Security Insert/Update Set (Code:FND_FLEX_VSET_INSERT_UPDATE_PS, Description:Allow insert and update of values in a value set)
Create Grant: Review and Finish
Review the information and hit the Finish button.
There are two options to give users access to all value sets for backward compatibility
Reference:
Oracle E-Business Suite Release 12.2.3 Readme (Doc ID 1586214.1)
Oracle E-Business Suite Release 12.2.4 Readme (Doc ID 1617458.1)
Oracle® E-Business Suite Flexfields Guide, Release 12.2 (Part No. E22963) -'Flexfield Value Set Security'
No comments:
Post a Comment