Concurrent processing-configuration file "concurrency: Report access layer" Settings (Doc ID 1625757.1)

Document Content

Target

Solution

Applicable to: Oracle concurrent processing-versions 12.0.0 to 12.2 [releases 12 to 12.2]
The information contained in this document applies to all platforms
* ** Checked for relevance on 21-sep-2012 ***
Target

How can I authorize a user to view the output of requests run by other users under the same responsibilities?

Solution

In 11i, the configuration file "concurrency: Report access layer" defines who can access the output of concurrent requests. Can be set to 'user 'or 'responsibility '. When set as a responsibility, the responsibility for creating a report must be assigned to the user who wants to view the report.

The R12 function is replaced by Role-Based Access Control. Role-Based Access Control (RBAC) is used to control who can view report output files.

For more information, see:

Oracle E-Business Suite security guide release 12.2

• Chapter 2-Access Control with Oracle user management
• Chapter 3-Oracle user management setup and administration

Oracle E-Business Suite Setup Guide release 12.2

• Chapter 4-concurrent processing-sections:
  • Controlling access to concurrent programs with request security groups
  • Controlling access to concurrent programs using role-based access control (RBAC)

"Administrators can assign individual programs/sets, all programs/sets in a request group, programs/sets belonging to one or more applications, and so on, either to
User directly or to a role that can then be assigned to one or more users. "" If applications are stored in the request groups, all programs/requests sets that are created in these applications will also be automatically inserted ded. please note that
Request submission applies to both programs and request sets ."

The following types of "instance sets" can be used for allocation (but the administrator can create new instance sets as needed ):

? All programs in a specific request security group
? All request sets in a specific request security group

To enable this function, the following is built-in:

• Permission "submit request"
• Permission "view request"
• Permission set "request operation" includes permission "submit request" and "view request"
• Object "concurrent program"
• Object instance set "accessible programs"
• Object instance set "accessible request set"

To authorize a role to access a security group, follow these steps:

1. Define roles (user management responsibilities)
2. Define request Security Group (System Administrator responsibility)
3. Define authorization (function administrator's Responsibilities ):

1. (Optional) Name and description for authorization ).
2. Enter the authorization security context.
3. In data security, select "concurrent program" or "request set" as the object and click Next.
4. For the object data context, select "instance set" for the data context type, select "accessible programs" or "accessible request set", and click Next.
5. View instance set information. In the instance set details, enter the request group and application. Specifically, enter the request group in parameter 1 and the short name of the application in parameter 2.
6. In "set", select "request operation" as the permission set and click Next.
7. View authorization information and save the work.

Note that there are two built-in authorizations for all users. They are required to access the request group reports for the duties upgraded from the 11i system. They are:

? Programs-grant defaults
? Request sets-grant defaults


View requests
You can use RBAC to control the user's permission to view the request.

Note:In earlier versions, the configuration file "concurrency: Report access layer" is used to control the permissions of report output files and log files generated by concurrent requests. This configuration file is no longer in use.

The built-in "instance set" allows administrator authorization:

• All requests submitted by the user
• All requests submitted by users in a specific application
• All requests submitted by the user to a program
• All requests submitted by the user belong to a request group are sent to another user (or a group of users-pass the role ).

The system administrator can create a new "set" based on requirements ". They can authorize all requests submitted by users (specific programs/sets) to specific user sets. For example, an application Administrator Group wants to track all requests or programs of a specific type submitted by a feature user. You can use the following method to authorize requests of specific programs to a group of users:

1. Create an instance set that selects all requests that belong to a specific program and does not have to be submitted to the user.
For example,

& Amp; table_alias.request_id in
(Select Cr. request_id
From fnd_concurrent_requests Cr, fnd_concurrent_programs CP
Where Cr. concurrent_program_id = CP. concurrent_program_id
And Cr. program_application_id = CP. application_id
And CP. concurrent_program_name = & grant_alias.parameter1)

If you want to authorize a series of programs rather than a separate program, you can use the subquery that returns all programs in a specific request group to replace '& grant_alias.parameter1 '.

2. Create authorization to grant (existing) roles to the set, for example,
Role "<Application> administrator", and use the "concurrent request" data object to assign the program name to authorization when creating authorization.

3. Ensure that the role is assigned to all users who can access these requests.

Concurrent processing-configuration file "concurrency: Report access layer" Settings (Doc ID 1625757.1)