If you are setting up an Oracle application that uses HRMS windows (such as Organization or Position), you need to set up some features of HRMS security.
Note: If you have licensed Oracle HRMS, do not follow these setup steps. Instead, follow the steps in Implementing Oracle HRMS.
Using the following procedure you can either set up a responsibility that can view all records in the Business Group, or restrict access to the records for selected organizations or positions. You can also set up organization security for Financials and Manufacturing business views.
You can set up security for Oracle Financials and Manufacturing applications that use organizations and organization hierarchies in their business views.
To do this, you create a single security profile that secures data either by single operating unit or by operating unit and inventory organizations, as required. You must also set the MO:Security Profile profile option at site or application level, to point to this new security profile.
To establish multi-operating unit access for some business view users, you can create for each type of user a security profile that secures organizations by organization hierarchy, using the security profile functionality. You can then set the MO:Security Profile option at responsibility level for these users.
The show_bis_record function secures data according to the definition of the security profile that is referenced by the MO:Security Profile profile option. If this profile option is not set, the HR:Security Profile profile option is used. This function is called by financials and manufacturing business views.
In the Organization Security tab of the Security Profile window, select the Secure organizations by single operating unit option from the Security Type poplist. The operating unit is determined using the operating unit specified in the MO:Operating Unit profile option.
In the Organization Security tab of the Security Profile window, select the Secure organizations by operating unit and inventory organizations option from the poplist. The operating unit is determined using the operating unit specified in the MO:Operating Unit profile option. The inventory organizations you wish to include must exist within this operating unit.
Financial and manufacturing business view users who have not created security profiles have unrestricted access to their data.
Financial and manufacturing business view users can secure their business view data by security profiles identified by the HR:Security Profile profile option, as long as they have not set the MO:Security Profile profile option. If this has been set, they must modify their security setup to reflect the fact that the financial and manufacturing business views secure data using the MO:Security Profile profile option.
HRMS security is not affected by these options. The HRMS business views and forms secure data according to the setting of the HR:Security Profile profile option.
If you are setting up a restricted access responsibility, create a restricted security profile to define the organizations or positions the responsibility can access.
Note: Ensure your Application supports restricted access security. Not all Oracle Applications support this type of security.
If you are setting up a responsibility which can view all the records in the Business Group, you do not need to set up a security profile.
Note: A view-all security profile is automatically created when you set up a Business Group. The view-all security profile always has the same name as the Business Group.
Define a responsibility using the Responsibility window.
Select a security profile for the new responsibility.
In the System Profile Values window, enter a security profile at the responsibility level for the HR:Security Profile profile option.
Create a new user and link the user to a responsibility using the User window.
See: Users Window
If you are setting up restricted access security, run the Security List Maintenance Process (PERSLM) from the Submit a New Request Window. If you are setting up view-all security you do not need to run the Security List Maintenance process.
This process maintains the list of organizations, positions, employees and applicants that security profile holders can access. You should schedule it to run every night to take account of changes made during the day.