Oracle Cloud Learning Center


9 Manage Product and Service Data: Manage Product Security

This button toggles the Table of Contents floating window

 

This chapter contains the following:

Data Security Privileges for Accessing Items: Explained

Data Security Privileges for Creating Items: Explained

Data Security Privileges for Updating Items: Explained

Data Security Privileges for Viewing Items: Explained

Data Security Privileges for Accessing Items: Explained

Using the data security privileges available for items, you can authorize users to create, view, and edit item details.

A product data steward or product manager is typically responsible for managing item data security through people privileges.

Access to an item and its details is controlled at the item class or item level, including item extensible flexfields (EFF).

Data Security and Function Security

Item information is controlled through function security and data security.

  • Function security is a statement of what tasks and actions users can perform in pages.

  • Data security is a statement of what action can be taken against which data. In product management, data security involves granting user item data grants to perform operations on one or more items.

Using function and data security privileges available for items, users or groups of users are authorized to create, edit, and view items

For complete information on function security, data security, and their associated privileges, please refer to Oracle Fusion Product Management Security Reference Manual and the Oracle Fusion Applications Security Guide.

Job Roles, Duty Roles, and Security

Privileges are associated with the different duty roles for the product manager and product data steward job roles.

Duty roles control who can grant data security privileges to users:

  • Product Data Stewards can manage user access to items at the item class level through the Class Management Duty.

  • Product Managers or Product Data Stewards manage user access at the item level through the Item People Management Duty.

For complete information on job roles, duty roles, and their associated privileges, please refer to Oracle Fusion Product Management Security Reference Manual and the Oracle Fusion Applications Security Guide.

Managing Item Extensible Attributes Data Security

The IT Security Manager job role provides access to the Oracle Authorization Policy Manager (APM) application where security is managed. Using this job role, the user can create data security privileges on the required item EFF tables.

  • The Application Data Security Administration Duty provides the user access to edit database resources in APM. Through this duty role, the user can create data security privileges on the required item EFF tables.

  • The Application Descriptive Flexfield Administration Duty provides the user access to manage item EFF attribute groups. The user can create required attribute groups and define security conditions. The data privileges created in APM can be associated with the EFF attribute groups.

  • Item Class Management and Item People Management Duty roles provide the user access to item classes and items to manage user's access to item EFF attribute groups.

Notes on Item Data Security Privileges

The following list contains important information on significant item data security privileges and granting privileges for items:

  • Create Item Class Item Data privilege is granted at the item class level and gives user access to create items within the item class.

  • View Item Basic Data is a basic privilege that a user should have in order to search for the item and access it.

  • For managing item details such as relationships, attachments, or associations, user must have View Item Basic Data and Maintain Item Basic Data privilege in addition to the required function privileges.

  • EFF Privilege is user-defined and controls access to item EFF attribute groups.

  • All operational attributes require specific attribute group level privileges to edit the attributes within the group. View Item Basic Data privilege provides access to view all the operational attributes.

    Note

    You can create separate and specific view and edit privileges for each group of extensible attributes for a more granular control through Oracle Authorization Policy Manager (APM).

  • View Item Structure Data and Maintain Item Structure Data privileges are required to view and manage item structures. In addition, user should have View Item Basic Data privilege to access the item.

  • View Item Pack Data and Maintain Item Pack Data privileges are required to view and manage item packs. In addition user should have View Item Basic Data privilege to access the item.

  • View Item People Data and Maintain Item People Data privileges allow users to view and manage item data security at the individual item level. In addition user should have View Item Basic Data privilege to access the item.

Note

For operational attribute groups, Maintain privileges do not include view access. Corresponding view privileges needs to be granted to user explicitly so users can view and make required updates.

Managing Data Security Privileges at the Item Class Level

Item access can be managed at the item class level. You can provide access to users at the item class level if the same set of users manage items within an item class.

  1. Navigate to the Security tab on the Edit Item Class page to add user and specify security privileges.

  2. For each user or user group, grant specific item security privileges allowing them to gain access to only relevant information.

Access can be granted to users by organizations allowing for different users to have access to the same items in different organizations as required.

Privileges granted at the parent item class are inherited by the child item classes. Inherited privilege grants cannot be altered. However, additional grants can be managed at the child item classes.

Managing Data Security Privileges at the Item Level

Item access can be managed the individual item level also.

Navigate to the Item People tab on the Edit Item page to add user and specify security privileges.

Important

Privileges granted at the item class cannot be altered at item level.

User can manage additional privilege grants at the item level.

Note

Organization stripping is not available at the item level as in case of item class level. This is because, you are managing grants at the individual item level which is always in context of an organization.

Data Security Privileges for Creating Items: Explained

When you create an item, you can enter the basic data required or add additional data to enrich item information. The following data security privileges are required to add various item details while creating an item. If you need to enter a combination of the item details identified below when creating an item, then you need the corresponding combination of data security privileges.

  • The following set of data security privileges are required to create an item by entering the minimum required data:

    • Create Item Class Item Data

      Required for the item class that the item is created under.

    • View Item Basic Data:

      Required to view the item details page.

    • Maintain Item Primary Data:

      Required to author the required attributes in Main attribute group such as Item Name, Description, or Primary Unit of Measure.

  • The following set of data security privileges are required to create items by entering additional operational attributes:

    • Create Item Class Item Data

    • View Item Basic Data

    • Maintain Item Primary Data

    • Maintain Operational Attribute Group Data

      Where Operational Attribute Group is the operational attribute group name.

      Note

      Each operational attribute group has a separate maintain privilege

  • The following set of data security privileges are required to create items by entering user-defined attributes:

    • Create Item Class Item Data

    • View Item Basic Data

    • Maintain Item Primary Data

    • View Additional Attribute Group Data

      Where Additional Attribute Group is the name of the user-defined attribute group.

    • Maintain Additional Attribute Group Data:

      Where Additional Attribute Groupis the name of user-defined attribute group.

      Note

      Privileges for user-defined attribute groups are created by the end user as part of the configured attributes setup and are based on end user security requirements

      Note

      Each user-defined attribute group can have separate maintain and view data privileges

  • The following set of data security privileges are required to create an item by entering item structures:

    • Create Item Class Item Data

    • View Item Basic Data

    • Maintain Item Primary Data

    • View Item Structure Data

    • Maintain Item Structure Data

  • The following set of data security privileges are required to create items by entering packs:

    • Create Item Class Item Data

    • View Item Basic Data

    • Maintain Item Primary Data

    • View Item Pack Data

    • Maintain Item Pack Data

  • The following set of data security privileges are required to create items by entering Item People (data security grants):

    • Create Item Class Item Data

    • View Item Basic Data

    • Maintain Item Primary Data

    • Maintain Item People Data

  • The following set of data security privileges are required to create items by entering any or all of the following:

    Attachments, relationships, associations and category assignments

    • Create Item Class Item Data

    • View Item Basic Data

    • Maintain Item Primary Data

    • Maintain Item Basic Data

    Note

    Supplier associations support user-defined attributes. To enter these attributes during item creation, users need the corresponding privileges for the user-defined attribute group.

Data Security Privileges for Updating Items: Explained

The following sets of data security privileges are required to update various item details. If you need to update a combination of the item details identified below when updating an item, then you need the corresponding combination of data security privileges.

  • The following set of data security privileges are required to update item operational attributes:

    • View Item Basic Data

      Required to view the item details page

    • Maintain Operational Attribute Group Data

      Where Operational Attribute Group is the operational attribute group name.

      Note

      Each predefined attribute group has a separate maintain privilege.

  • The following set of data security privileges are required to update user-defined attributes for an item:

    • View Item Basic Data

    • View Additional Attribute Group Data

      Where Additional Attribute Group is the user-defined attribute group name.

    • Maintain Additional Attribute Group Data

      Where Additional Attribute Group is the user-defined attribute group name.

      Note

      Each user-defined attribute group can have separate view and maintain privileges.

  • The following set of data security privileges are required to update item structures for an items:

    • View Item Basic Data

    • View Item Structure Data

    • Maintain Item Structure Data

  • The following set of data security privileges are required to update packs for an items:

    • View Item Basic Data

    • View Item Pack Data

    • Maintain Item Pack Data

  • The following set of data security privileges are required to update Item People (data security grants) for an items:

    • View Item Basic Data

    • Maintain Item People Data

  • The following set of data security privileges are required to update any or all of the following for an item:

    Attachments, relationships, associations and category assignments

    • View Item Basic Data

    • Maintain Item Basic Data

      Note

      Supplier associations support user-defined attributes. To update these attributes, you need the corresponding privileges for the user-defined attribute group.

Data Security Privileges for Viewing Items: Explained

The following data security privileges are required to view various item details. If you need to view a combination of the item details identified below, then you need the corresponding combination of data security privileges.

  • The following set of data security privileges are required to search and view item basic data.

    • View Item Basic Data

      Item basic data details include operational attributes, item people, attachments, relationships, associations, and category assignments.

  • The following set of data security privileges are required to view user-defined attributes:

    • View Item Basic Data

    • View Additional Attribute Group Data

      Where Additional Attribute Group is the name of the user-defined attribute group.

      Note

      Each user-defined attribute group has a separate maintain and view data privilege

  • The following set of data security privileges are required to view item structures:

    • View Item Basic Data

    • View Item Structure Data

  • The following set of data security privileges are required to view packs:

    • View Item Basic Data

    • View Item Pack Data

Note

Supplier associations support user-defined attributes. To view these attributes, you need the corresponding view data privilege of the user-defined attribute group


Previous Page Next Page

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices