An Oracle White Paper June Oracle Fusion Applications Creation of a View Only Role in Procurement

Size: px
Start display at page:

Download "An Oracle White Paper June Oracle Fusion Applications Creation of a View Only Role in Procurement"

Transcription

1 An Oracle White Paper June 2012 Oracle Fusion Applications Creation of a View Only Role in Procurement

2 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. Warning This document is intended to provide an introduction to the setup of a Shared Services Enterprise Structure and is not a comprehensive setup document.

3 Executive Overview... 1 Background... 2 Case Study... 4 Introduction... 4 The View Only Role... 6 Conclusion References... 14

4 Executive Overview Fusion Applications are packaged with a seeded Role Based Access Control reference implementation consisting of over 180 Roles that represent a wide variety of enterprise business job functions. In certain cases, customers have within their organizations auditor roles that assume oversight responsibilities over transactional systems and require View Only access to various system transactions. This document aims to show an example of how such a Role can be defined. 1

5 Background In this document we will use the Procurement Applications as an example of how View Only Roles are defined in Fusion Applications. It should be noted that the ability to do the same type of setup in other product families depends on the availability within those products of duties similar to the ones we will use in this example to model our View Only Role. Procurement Agents in Fusion Applications are primarily responsible for the generation and management of purchasing documents such as purchase orders and purchasing agreements. Depending on their roles they could also be responsible for the management of the RFx process and the awarding of supply contracts. Fusion Procurement provides the following Agent RBAC seeded roles Seeded Role Description Buyer Category Manager Procurement Manager Procurement Application Administrator Procurement Catalog Administrator Procurement Contract Administrator Procurement professional responsible for transactional aspects of the procurement processes. Procurement professional responsible for identifying savings opportunities, determining negotiation strategies, creating request for quote, request for information, request for proposal, or auction events on behalf of their organization and awarding future business typically in the form of contracts or purchase orders to suppliers. Procurement professional responsible managing a group of buyers in an organization. Responsible for technical aspects of keeping procurement applications systems available as well as configuring the applications to meet the needs of the business. Manages agreements and catalog content including catalogs, category hierarchy, content zones, information templates, map sets, public shopping lists, and smart forms. Procurement professional responsible for creating, managing, and administering procurement contracts. 2

6 In addition to the Agent Roles listed above, Fusion Procurement provides: Requester Roles provisioned to Employees and Contingent Workers to create requisitions for themselves or for others. External Supplier Roles provisioned to Supplier Users. The main Purchasing Duties and their corresponding Privileges are listed below. The highlighted entries represent the seeded View Only Duty and Privileges. In order to create a View Only Role we will need to have our custom Role inherit this Duty to the exclusion of other Duties which provide broader access to Purchasing Functionality. DUTIES Purchase Order Administration Duty Purchase Order Changes Duty Purchase Order Control Duty Purchase Order Creation Duty Purchase Order Creation from Requisition Lines Only Duty Purchase Order Overview Duty Purchase Order Viewing Duty PRIVILEGES Communicate Purchase Order and Purchase Agreement Generate Purchase Order Import Purchase Order Purge Purchasing Document Open Interface Reassign Purchasing Document Retroactively Price Purchase Order Change Purchase Order Communicate Purchase Order and Purchase Agreement Acknowledge Purchase Order Cancel Purchase Order Change Purchase Order Line Negotiated Flag Change Supplier Site Close Purchase Order Finally Close Purchase Order Freeze Purchase Order Hold Purchase Order Cancel Purchase Order Create Purchase Order Create Purchase Order from Requisitions Create Purchase Order Line from Catalog Cancel Purchase Order Create Purchase Order from Requisitions Search Purchase Order View Purchase Order View Purchasing Workarea View Purchase Order 3

7 Case Study Introduction This example illustrates the process of creating a View Only Role for a procurement auditor. Before we outline the setup steps, let us examine the Menu entries available in the Fusion Navigator to a user with the Buyer Role. Figure 1. Menu Items of a User Provisioned with the Buyer Role 4

8 The figure above traces the Menu Items available to the Buyer Role to the Privileges contained in their assigned Duties. The Buyer however has several additional Duties that provide access to multiple tasks as seen in the Figure 2 illustrating the Purchasing Workarea s Tasklist in the left pane of the page. Of note also is the list of Actions that the Buyer can take on a Purchasing Document, notably the creation of a Document as seen in Figure 2 and the Editing Actions seen in Figure 3 Navigation: Navigator > Procurement> Purchasing Select Orders > Manage Orders from the Tasklist Tree Figure 2. Tasklist and Actions in the Purchasing Workarea for a User Provisioned with the Buyer Role 5

9 Navigation: Navigator > Procurement> Purchasing Select Orders > Manage Orders from the Tasklist Tree Search for a Purchase Order > Select Record > Click on Edit > Open the Actions Drop Down Menu Figure 3. Available Actions on a Purchasing Document for a User Provisioned with the Buyer Role The View Only Role We will now proceed to createe a custom View Only Role that inherits the Purchase Order Overview Duty and provision that Role which we will name ECW Purchasing Only Role to a user who serves as the auditor in the enterprise. Figure 4 shows the Custom Role in the Authorization Policy Manager Dashboard. Navigation: Navigator > Tools > Setup and Maintenance Search for Manage Job Roles Task and go to task Click Create Role link Provide Name and Display Name, e.g., Purchasing View Only Role Associate role with a Category, e.g., Procurement Job Roles Click Save button Close Identity Manager Page Navigation: Search for Manage Duties Task and go to task Search for your newly created Job role and View it Click the Application Role Mapping tab Click the Map icon Select Application: fscm > Display: Purchase Order Overview Duty 6

10 Click Search button Select Duty Role and click Map Roles button Figure 4. Custom Role that inherits the Purchase Order Overview Duty Once the Role is created and the hierarchy mapped, our next step is to assign that Role to a user through the HCM Manage Users task. Navigate: Manage HCM Role Provisioning Rules and go to task Click Create icon Provide a Mapping Name In the Associated Roles region, click the Add icon Figure 5 below shows the provisioned role in the Oracle Identity Manager dashboard. 7

11 Figure 5. Assigned View Only Role visible in OIM To allow access to purchasing documents, we need to define the user as a purchasing agent and determine that user s access to procurement business units and within these business units to determine the level of access the user will have to purchasing documents Navigate: From Setup and Maintenance Search for Manage Procurement Agent and go to task Click Create icon Select your User, and a Default Procurement Business Unit. Select the desired Access Level Save and Close 8

12 Figure 6. Agent Setup The auditor user is now ready to use the system to view purchase orders. As we can see in the following three figures, the user has the Purchasing Menu item in their Fusion Navigator but are not able to either create or edit any of the purchasing document they can view Figure 7. Navigator Menu Items for the Auditor user Navigation: Navigator > Procurement> Purchasing 9

13 Select Orders > Manage Orders from the Tasklist Tree Figure 8. No Create Document capability for the Auditor user Navigation: Navigator > Procurement> Purchasing Select Orders > Manage Orders from the Tasklist Tree Search for a Purchase Order > Select Record > Click on Edit > Open the Actions Drop Down Menu Figure 9. No Edit Document capability for the Auditor user 10

14 Additional Considerations The Manage Orders task in the Purchasing workarea points to the following taskflow: /WEB- INF/oracle/apps/prc/po/manageDocument/publicUi/searchDocument/flow/PurchaseOrderSearc hmainflow.xml#purchaseordersearchmainflow This taskflow is one of the resources available in the Search Purchase Order Privilege itself included in the Purchase Order Overview Duty we have assigned to our custom role and which is also in the hierarchy of the Buyer Role. This explains the availability of the Manage Orders Entry for both users referenced in this document. Figure 10. Search Purchase Orders Privilege 11

15 On the other hand, creating purchase orders is available to the Buyer role but not to our custom role. Of the two roles outlined in this case study section of this document, only the Buyer role has in its hierarchy the Purchase Order Creation Duty. This explains why the user with the Buyer role can create orders but the user with our custom role cannot. Figure 11. Create Purchase Order Privilege 12

16 Conclusion In this document we have shown how to create a view only role for an auditor of purchasing documents. We were able to do so without the creation of new privileges or the manipulation of resources but simply by creating a custom role and assigning to it an existing view only duty. In the reference implementation, the view only duty we used is available to many roles within and outside of Procurement; however these roles have other duties that might not be relevant to a procurement auditor. 13

17 References Roles, Duties & Privileges My Oracle Support Note Menu to privilege mapping My Oracle Support Note

18 White Paper Title Aug 2012 Authors: Elie Wazen Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA U.S.A. Worldwide Inquiries: Phone: Fax: oracle.com Copyright 2011, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd. 1010