To secure information about entities, a TCA data security administrator must define the data sharing groups that specify the criteria used to determine the data to be secured. Security criteria can be one or more of the following characteristics:
Classification
Relationship
E-Business Suite module used to create the data
After defining a data sharing group, the TCA data security administrator can assign access privileges to users who create, update, or delete information secured by the data sharing group. You can assign access privileges to users at the following levels:
Global or public (all users)
Responsibility
Individual user
Note: You cannot use the DSS feature to restrict users of an application from viewing information created and maintained in that application. The DSS feature limits the ability of users to create, update, or delete information that is secured based on that data sharing group definition.
For more information see the Oracle Applications System Administrator Guide Documentation Set and the user guides for the applications in the E-Business Suite.
Two responsibilities can access the Security Administration pages:
Trading Community Manager: The Trading Community Manager responsibility, allows users to create a setup or update data sharing and security. To get the Trading Community Manager responsibility users have to get the TCA Data Security Administrator responsibility.
TCA Data Security Administrator: The TCA Data Security Administrator responsibility alone, does not allow users to modify data sharing and security setup data. To create a setup or update data sharing and security, users must have both the TCA Data Security Administrator and Trading Community Manager responsibilities.
Consider the case of a hospital implementing Oracle applications powered by TCA. In this situation, the hospital could define different data sharing groups to secure patient information as well as hospital employee information. A security conflict might occur if a hospital employee falls ill and becomes a patient at the same hospital. Which privilege assignment scheme controls access to this entity?
The DSS feature addresses this issue by allowing administrators to create a third data sharing group that defines the privileges associated with creating, updating, and deleting records of parties that are both employees and patients. For the appropriate privilege assignment to take place, this third data sharing group must be assigned a rank that is higher than the rank assigned to the Employee Only or the Patient Only groups.
You can use the seeded data sharing groups listed in this table, in addition to the ones that you create.
| Group Name | Group Code |
|---|---|
| Public | PUBLIC |