Oracle Approvals Management uses roles and responsibilities to define access levels. It provides security at two levels:
Data security, which enables you to define access to transaction types for a limited user role.
Function security, which enables you to define access to AME functions (modules) for a business analyst and administrator.
To implement function security, AME predefines
Permissions, which are a security function that can be used to determine access permissions of an user to an object.
Permission sets, which are groups of permissions or navigation functions and permission sets. These sets are used to create hierarchy of permissions.
Roles, which are generalized set of functions which can be assigned to a user or group of users.
Permission Sets
If you create your own roles, then use the following predefined permission sets to allow or prevent users from navigating to respective pages:
Note: You must specifically grant individual permission sets to enable users access to multiple pages. For example, if you want a user to access update pages and also want the user to view the details, then you must specifically grant view permissions.
Attributes Tab
| Permission Set | Functions |
|---|---|
| AME Attribute Viewer | Attribute tab access and view attribute details |
| AME Attribue Create | Attribute create, copy, and use existing |
| AME Attribute Update | Attribute update |
| AME Attribute Delete | AME Attribute Delete |
| AME Attribute Modifier | AME Attribue Create AME Attribute Update AME Attribute Delete AME Attribute Viewer |
Conditions Tab
| Permission Set | Functions |
|---|---|
| AME Condition Viewer | Conditions tab access and view condition details |
| AME Condition Create | Condition Create (both regular and list mod) |
| AME Condition Update | Condition Update (both regular and list mod) |
| AME Condition Delete | AME Condition Delete |
| AME Condition Modifier | AME Condition Create AME Condition Update AME Condition Viewer AME Condition Delete |
Action Types
| Permission Set | Functions |
|---|---|
| AME Action Viewer | Actions tab access and view all details |
| AME Action Type Create | Action Type Create permission, and also action type config create |
| AME Action Type Update | Action Type update and action type config create |
| AME Action Type Delete | Action Type Delete |
| AME Action Type Modifier | Action Type Create Action Type Update Action Type Delete |
| AME Action Create | Action Create |
| AME Action Update | Action Update |
| AME Action Delete | Action Delete |
| AME Action Modifier | AME Action Create AME Action Update AME Action Delete AME Action Viewer |
| AME Action Type Config Create | Add action type config |
| AME Action Type Config Update | Action Type Config Update |
| AME Action Type Config Update | Action Type Config Update |
| AME Action Type Config Delete | Action Type Config Delete |
| AME Action Type Config Modifier | AME Action Type Config Create AME Action Type Config Update AME Action Type Config Delete AME Action Viewer |
Approver Groups Tab
| Permission Set | Functions |
|---|---|
| AME Approver Group Viewer | Approver Group Tab access and view all details |
| AME Approver Group Create | Approver group Create in transaction type specific create page |
| AME Approver Group Update | Approver Group Update in both transaction type specific update and global update page |
| AME Approver Group Delete | Approver group Delete |
| AME Approver Group Config Create | Add config to existing groups |
| AME Approver Group Config Update | Approver Group Config Update |
| AME Approver Group Config Delete | AME Approver Group Config Delete |
| AME Approver Group Modifier | AME Approver Group Create AME Approver Group Update AME Approver Group Delete AME Approver Group Viewer |
Test Workbench Tab
| Permission Set | Functions |
|---|---|
| AME Test Viewer | Test Workbench tab, view test details, run real and stored test cases, view approval process stages access |
| AME Test Create | Test Case Create/Save |
| AME Test Update | Test Case Update |
| AME Test Delete | Test Case Delete |
| AME Test Modifier | AME Test Create AME Test Update AME Test Delete AME Test Viewer |
Rules Tab
| Permission Set | Functions |
|---|---|
| AME Rule Viewer | Rules tab access, view rule details, rules table view in dashboard page |
| AME Rule Create | Rule Create/Duplicate/Use Existing |
| AME Rule Update | Rule Update |
| AME Rule Delete | Rule Delete |
| AME Rule Modifier | AME Rule Create AME Rule Update AME Rule Delete AME Rule Modifier |
Administrator Dashboard
| Permission Set | Functions |
|---|---|
| AME Admin Dashboard Viewer | Administrator dashboard access with view page of transaction type |
| AME Admin Create | Transaction Type Create |
| AME Admin Update | Transaction Type Update |
| AME Admin Delete | Transaction Type Delete |
| AME Admin Modifier | AME Admin Create AME Admin Update AME Admin Delete AME Admin Dashboard Viewer |
Business Dashboard
| Permission Set | Function |
|---|---|
| AME Business Dashboard Viewer | View Dashboard page: Includes business dashboard and transaction type view page |
Miscellaneous
| Permission Set | Function |
|---|---|
| AME Setup Report Viewer | Access to Setup Report to view details |
| AME Exceptions Log Viewer | Access to Exceptions Log page to view details and purge permission |
| AME Config Variable | Access to configuration variables page with permission to create/Modify transaction type specific values |
| AME Calling Applications | Permission set to be used for data security grant on AME Transaction Types object |
Responsibilities
An Oracle Applications' user must have one of the two available AME end-user responsibilities to use AME. One responsibility is for non-technical (business) users while the other is for technical (administrative) users. The remainder of this guide indicates when AME user-interface functionality requires administrative privileges. Otherwise, you may assume that the business-user responsibilities can access the functionality that this guide describes.
AME predefines the following responsibilities:
Approvals Management Business Analyst responsibility enables you to access areas of the user interface that do not require expertise in SQL or PL/SQL programming, or technical knowledge of Oracle Applications.
Approvals Management Administrator, which has full access to AME's user interface. You typically must grant at least one user administrative privileges in AME, to perform technical tasks such as setting AME's configuration variables.
Note: If you are an existing customer, then you must ensure to assign these responsibilities to the existing users. You must run the Approvals Management Post Upgrade Process to migrate existing users to the new responsibilities. See: Implementing Oracle Approvals Management
Roles
The following roles are predefined:
Approvals Management Process Owner - has view only access to Business dashboard, Attributes, Conditions, Action Types, Approver Groups, Test Workbench, Rules. Also access to the setup report page.
Approvals Management System Viewer - has view only access to the Admin dashboard and Setup Report.
Approvals Management Business Analyst - has Business dashboard view access, attributes, conditions, groups, test, rules access with create, update, delete permissions. Access to setup report page and configuration variables page with permission to change transaction specific configuration values. Can create, update, delete actions; create, update, delete action type configuration values but cannot create, update, delete action types.
Approvals Management System Administrator - Admin dashboard access, setup report, exceptions log access, configuration variables access with permission to define transaction type specific values. Can create, update, delete transaction types.
Approvals Management Administrator - Has all access rights of Business Analyst and System administrator. Can create, update, delete action types. Can modify default configuration values.