| Oracle® Retail Merchandising Security Guide Release 16.0 E76966-03 |
|
 Previous |
 Next |
The following sections provide application specific guidance for securing data for use with the Oracle Retail Invoice Matching application.
Quite often application users need to have access to a subset of locations within the Location Hierarchy. Retailers can assign a sub-tree of a location hierarchy to the application user group. Application users will have access only to the data (documents, discrepancies, etc.) associated with the locations that are assigned to the user's group. Data security is defined with the principle that the user just cannot act upon inaccessible data, but also cannot see that inaccessible data.
For example, if the application user User1 belongs to the group Group1 and the group has Store1, Store2, and Warehouse1 assigned to it, then the application user can see and act upon the documents related to those locations only. Document1 for Store1 can be found. Document2 for Store3 cannot even be found. Store3 also will not be listed anywhere in the location lists, LOVs, etc. when viewed by user User1. Another application user User2 that has access to the Store3 will be able to access and act on that document.
To assign the set of locations to the application user group, retailers would need to use standard Merchandising System mechanisms for data security.
Assignment of stores can be done at:
Chain
Area
Region
District
Organizational Unit
To define store level security, the FILTER_GROUP_ORG table needs to be populated with a record associating the user's security group ID (from SEC_USER_GROUP) with the FILTER_ORG_LEVEL representing the location hierarchy level and FILTER_ORG_ID representing ID at that level. For example, to allow the user from the secure group 1 access to the stores in the district 123, a record would be created in FILTER_GROUP_ORG with '1', 'D', '123'.
Assignment of warehouses can be done at:
Warehouse
Organizational Unit
To define warehouse level security, FILTER_GROUP_ORG table needs to be populated with a record associating the user's security group ID (from SEC_USER_GROUP) with the FILTER_ORG_LEVEL representing the location hierarchy level and FILTER_ORG_ID representing ID at that level. For example, to allow the user from the secure group 1 access to the warehouse 123, a record would be created in FILTER_GROUP_ORG with '1', 'W', '123'.
