Oracle Apps R12 MOAC and its impact
Oracle R12 MOAC and its impact
Setup the Security Profile:
1.Create a Security Profile in HRMS Responsibility
HRMS Manager>Security>Profile
In this setup specify different Operating Units that you want to Access.
2.Run the Security List Maintenance
This is a required step when you create a new Profile or modify existing one.
3.Setup the MO: Security Profile value to above created security profile.
This "MO: Security Profile" Profile option has to be setup at the responsibility level.This will ensure that
Responsibility will have access to the data of all the Operating units under the Security Profile.
Important profile option
MO: Security Profile:
MO: Operating Unit:
This comes from 11i and is still valid only its evaluated, if there is no value setup at MO:Security
Profile.
MO: Default Operating Unit
If the security profile is setup to access multiple operating units, this requires users to select
the Operating Unit every time user access the Sub ledger pages. To avoid this the Default Operating Unit profile can be setup.
How MOAC impacts the way we work in TOAD
11i
To set the Org id in TOAD
1. Get the Org_id from HR_ORGANIZATION_UNITS
2. In toad execute the below code
begin
fnd_client_info.set_org_context(&org_id);
end;
To set the responsibility context in TOAD
1. Get the User id, Responsibility Id and Application id from Front end
Help>Diagnostic>Examine and select BLOCK as "$PROFILES$" and then get the respective IDS
2. Using the IDs execute the below code in TOAD
begin
FND_GLOBAL.APPS_INITIALIZE(user_id in number,resp_id in number,resp_appl_id in
number);
end;
R12:
To set the Org id in TOAD
1. Get the Org_id from HR_ORGANIZATION_UNITS
2. In toad execute the below code
--Sets the 201 as single Org id
exec MO_GLOBAL.SET_POLICY_CONTEXT('S',201);
Pass a value "S" in case you want your current session to work against Single ORG_ID
Pass a value of "M" in case you want your current session to work against multiple ORG_ID's
To set the responsibility context and initiate MOAC in TOAD
1. Get the User id, Responsibility Id and Application id from Front end
Help>Diagnostic>Examine and select BLOCK as "$PROFILES$" and then get the respective IDS
2. Using the IDs execute the below code in TOAD
a. exec FND_GLOBAL.INITIALIZE
This will set your responsibility id, user_id etc
b. call MO_GLOBAL.INIT('AR')
This will read the MO profile option values for your responsibility/user, and will initialize the
Multi Org Access.
MOAC for table access
In 11i _ALL Tables where non Org specific and Org specific views were created on these tables.
But in R12 its different concept
a. For the table AP_INVOICES_ALL a synonym AP_INVOICES_ALL is created in APPS.
b. Also another synonym AP_INVOICES is created which refers to AP_INOICES_ALL.
c. A Row Level security is applied to AP_INVOICES, using package function
MO_GLOBAL.ORG_SECURITY.
This can be double-checked by running SQL select * from all_policies where
object_name='AP_INVOICES'
e. The effect of this policy is that,whenever you access AP_INVOICES, Oracle RLS will
dynamically append WHERE CLAUSE similar to below
SELECT * FROM AP_INVOICES
WHERE EXISTS (SELECT 1 FROM mo_glob_org_access_tmp oa WHERE oa.organization_id =
org_id)
Setup the Security Profile:
1.Create a Security Profile in HRMS Responsibility
HRMS Manager>Security>Profile
In this setup specify different Operating Units that you want to Access.
2.Run the Security List Maintenance
This is a required step when you create a new Profile or modify existing one.
3.Setup the MO: Security Profile value to above created security profile.
This "MO: Security Profile" Profile option has to be setup at the responsibility level.This will ensure that
Responsibility will have access to the data of all the Operating units under the Security Profile.
Important profile option
MO: Security Profile:
MO: Operating Unit:
This comes from 11i and is still valid only its evaluated, if there is no value setup at MO:Security
Profile.
MO: Default Operating Unit
If the security profile is setup to access multiple operating units, this requires users to select
the Operating Unit every time user access the Sub ledger pages. To avoid this the Default Operating Unit profile can be setup.
How MOAC impacts the way we work in TOAD
11i
To set the Org id in TOAD
1. Get the Org_id from HR_ORGANIZATION_UNITS
2. In toad execute the below code
begin
fnd_client_info.set_org_context(&org_id);
end;
To set the responsibility context in TOAD
1. Get the User id, Responsibility Id and Application id from Front end
Help>Diagnostic>Examine and select BLOCK as "$PROFILES$" and then get the respective IDS
2. Using the IDs execute the below code in TOAD
begin
FND_GLOBAL.APPS_INITIALIZE(user_id in number,resp_id in number,resp_appl_id in
number);
end;
R12:
To set the Org id in TOAD
1. Get the Org_id from HR_ORGANIZATION_UNITS
2. In toad execute the below code
--Sets the 201 as single Org id
exec MO_GLOBAL.SET_POLICY_CONTEXT('S',201);
Pass a value "S" in case you want your current session to work against Single ORG_ID
Pass a value of "M" in case you want your current session to work against multiple ORG_ID's
To set the responsibility context and initiate MOAC in TOAD
1. Get the User id, Responsibility Id and Application id from Front end
Help>Diagnostic>Examine and select BLOCK as "$PROFILES$" and then get the respective IDS
2. Using the IDs execute the below code in TOAD
a. exec FND_GLOBAL.INITIALIZE
This will set your responsibility id, user_id etc
b. call MO_GLOBAL.INIT('AR')
This will read the MO profile option values for your responsibility/user, and will initialize the
Multi Org Access.
MOAC for table access
In 11i _ALL Tables where non Org specific and Org specific views were created on these tables.
But in R12 its different concept
a. For the table AP_INVOICES_ALL a synonym AP_INVOICES_ALL is created in APPS.
b. Also another synonym AP_INVOICES is created which refers to AP_INOICES_ALL.
c. A Row Level security is applied to AP_INVOICES, using package function
MO_GLOBAL.ORG_SECURITY.
This can be double-checked by running SQL select * from all_policies where
object_name='AP_INVOICES'
e. The effect of this policy is that,whenever you access AP_INVOICES, Oracle RLS will
dynamically append WHERE CLAUSE similar to below
SELECT * FROM AP_INVOICES
WHERE EXISTS (SELECT 1 FROM mo_glob_org_access_tmp oa WHERE oa.organization_id =
org_id)
No comments:
Post a Comment