Scribd Logo
Upload

Welcome to Scribd!

  • MOAC

    Uploaded by

    Sai Yakkala
    52 views4 pages
    Multi Org Access COntrol

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Multi Org Access COntrol

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    52 views4 pages

    MOAC

    Uploaded by

    Sai Yakkala
    Multi Org Access COntrol

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    MultiOrganizationsAccessControl(MOAC)

    ThenewfeatureinR12enablescompanieswantingtoimplementasharedservicesoperating
    modeltoefficientlyprocessbusinesstransactionsbyallowingthemtoaccess,processand
    reportondataforanunlimitednumberofoperatingunitswithinasingleapplications
    responsibility.

    WithMOAC,userscan:
    PerformmultipletasksacrossOperatingUnitswithoutchangingresponsibilitiessuchas
    invoiceentry,orderprocessing,bankpaymentsetc.thusimprovingtheefficiencyoftransactions
    forcompaniesthathavecentralizedbusinessfunctionsoroperateSharedServiceCenters
    Obtainbetterinformationfordecisionmakingsuchas,accessingsupplierandcustomersite
    levelsdetailsacrossmultipleOUs
    Speedupdataentry
    Reducesetupandmaintenanceofmanyresponsibilities

    HowMOACworkstechnically:
    MOACisinitializedwhenyouopenaForm,OracleEBSpageoraReportorsubmitthe
    concurrentprogram.ThefirstMOACcallchecksiftheprofileMO:SecurityProfilehasavalue.If
    Yes,thenthelistofoperatingunitstowhichaccessisallowedisfetchedandthelistofvalues
    (LOV)ispopulated.ThislistofvaluesisnothingbutlistofOUsassociatedwiththeSecurity
    ProfileattachedtoMO:SecurityProfile.SecurityprofilesaredefinedwiththehelpoftheHR
    responsibility.Then,defaultvalueoftheLOVissettotheoperatingunitspecifiedinMO:Default
    OperatingUnit.

    WhentheprofileMO:SecurityProfiledoesnothaveavalue,MOACswitchestothe11isingle
    organizationmode.Asin11i,theprofileMO:OperatingUnitischeckedandtheoperatingunitis
    initializedtotheonedefinedinit.

    TheimportantpointtonotehereisthattheprofileMO:OperatingUnitisignoredwhenthe
    profileMO:SecurityProfileisset.

    MOACsetups:
    FollowingarethebasicstepstobeperformedinordertoenableMOACfeature:

    1. DefineSecurityProfiles(usingformfunctionDefineGlobalSecurityProfile)
    Enterauniquenameforthesecurityprofile.
    Torestrictaccessbydiscretelistoforganizations,selectSecureorganizationsby
    organizationhierarchyand/ororganizationlistfortheSecurityType.
    ChecktheExcludeBusinessGroupcheckboxtoremovethebusinessgroupinthelistof
    organizations.
    UsetheClassificationfieldtolimitthelistofvalues(LOV)intheOrganizationNamefield.
    Forexample,ifyouselecttheclassificationtoOperatingUnit,onlyoperatingunitswill
    displayintheLOV.
    Intheorganizationnamefield,selecttheOperatingUnitforwhichyouwantaccess.

    Repeatuntilyouhaveincludedallorganizationstowhichyouneedaccess.
    2. RuntheconcurrentprogramSecurityListMaintenanceProgramfromthestandard
    requestsubmissionform.TheSecurityListMaintenanceProgramcanberunforasingle
    namedsecurityprofiletopreventimpacttoothersecurityprofiles.
    3. AssignappropriatesecuritytotheprofileoptionMO:SecurityProfileforyourusersand
    responsibilities
    NavigatetotheSystemAdministratorresponsibility>SystemProfileOptions
    AssignthesecurityprofilestoMO:SecurityProfileforyourresponsibilitiesand/orusers.


    4. AssignavalueforprofileoptionMO:DefaultOperatingUnit(Optional)
    NavigatetoSystemAdministratorResponsibility>SystemProfileOptions
    AssignadefaultoperatingunittoMO:DefaultOperatingUnitprofileoptionforyour
    responsibilitiesand/oruser.
    5. AssignMO:OperatingUnit(MandatoryforonlySingleOrgorifMO:SecurityProfileisnot
    defined)
    NavigatetoSystemAdministratorResponsibility>SystemProfileOptions
    AssigntheOperatingunittoMO:OperatingUnitprofileoptionforyourresponsibilityor
    user.
    NoteFromtheabovescreenshotswecanconcludethatuserwithpurchasingresponsibilitywillbeable
    toaccessdatafromtwoOperatingUnitsVisionOperationsandVisionServices.

    DevelopersInsight:
    Toincreasetheflexibilityandperformanceinamultipleorganizationsenvironmentand
    providethesamelevelofdatasecurity,theDBMSVirtualPrivateDatabase(VPD)featurereplaces
    theCLIENT_INFOfunction.

    TheVirtualPrivateDatabase(VPD)featureallowsdeveloperstoenforcesecuritybyattachinga
    securitypolicytodatabaseobjectssuchastables,viewsandsynonyms.Itattachesapredicate
    functiontoeverySQLstatementtotheobjectsbyapplyingsecuritypolicies.Whenauserdirectly
    orindirectlyaccessesthesecureobjects,thedatabaserewritestheusersSQLstatementto
    includeconditionssetbysecuritypolicythatarevisibletotheuser.

    MOACChangestoCustomCodewhileupgradingtoR12from11i-DuringR12upgradethemajor
    taskistoenabletheMOACfeaturetocustomcode.Followingistherecommendedapproachto
    achieveMOACimplementedinrealaspecttocustomcode:

    1) MultipleOrganizationsViews/TablesChangesSingleOrganizationView
    Dropthesingleorganizationview
    Createasynonymwiththesamenameastheobsoletesingleorganizationview
    Attachapolicyfunctiontothesynonym

    ReferenceViews
    AddtheORG_IDcolumnifitdoesnotexist
    Replacesingleorganizationviewswith_ALLtablesforallexceptone,whichmustbea
    securedsynonym
    IncludetheORG_IDfilterinthewhereclauseoftheviewtoavoidthecartesianproduct,if
    theORG_IDisthedrivingkeyorpartofthecompositekey
    IncludetheORG_IDparameterinthecolumnsbasedonfunctions,ifnecessary

    2) EnhancementstoFormsThemultipleorganizationssetupandtransactionformsmust
    displaytheOperatingUnitfield.Thisallowsuserstoselecttheoperatingunitandenter
    thesetuportransactionfortheoperatingunit.Oraclerecommendsderivingtheoperating
    unitsfromthetransactionattributes.

    1. EnhancementstoReportsandConcurrentPrograms
    YoumustremovereferencesofCLIENT_INFOandNVLfunctiontotheORG_IDcolumnin
    thereports.
    SingleOrganizationReportsTheoperatingunitmodeforsingleorganizationreportsare
    flaggedasSINGLEintheDefineConcurrentProgramspage.
    CrossOrganizationReportsTheOperatingUnitmodeforcrossorganizationreportsare
    flaggedasMULTIPLEintheDefineConcurrentProgramspage.
    2. EnhancementstoPublicAPIs
    DonotusethemultipleorganizationstemporarytabledirectlyintheSQLquery.
    RewritetheSQLjoinswithtwoormoreviewstousejustonesecuredsynonymdepending
    onthedrivingtableforthequeryandreplacetheremainingviewsby_ALLtables.
    AddtheORG_IDtotheWHEREclauseoftheSQLtoavoidcartesianjoinsfortablesthat
    includeORG_IDthecompositeordrivingkey.
    UseMO_GLOBAL.Set_Policy_Context.
    ThisAPIhas2parameters1.Operatingunit2.Context
    Contexthas2values1.M2.S
    WhenpolicycontextissettoM,datafromallaccessibleOperatingUnitswillbereturned.
    WhenpolicycontextissettoS,thenonlydatafromthespecifiedOrg_Idwillbereturned.
    ProductsmustcalltheMO_GLOBAL.init()APItoexecutethemultipleorganizations
    initialization.
    3. EnhancementstoWorkflows
    Withmultipleorganizationsaccesscontrol,youmustsetthecurrentorganizationIDand
    nottheCLIENT_INFOorgcontext.YoumustderivethecurrentorganizationIDfromitem
    keys.DonotrelyonMO:SecurityProfile,MO:DefaultOperatingUnit,andMO:Operating
    Unitprofileoptionswhensettingtheorganizationcontextbecausetheoperatingunit
    mustbevalidatedbeforeinitiatingtheworkflow.

    You might also like