This chapter covers the following topics:
In Oracle Applications, a basic level of security called functional security is used to manage users' access to each application and control their access to windows, functions, and reports within an application.
Typically, the system administrator administers function security and assigns operating unit, responsibility, and system access to users. See the Oracle E-Business Suite Security Guide for more information about function security.
In addition to the existing function security, Oracle Advanced Pricing provides an additional level of security called pricing security. Pricing security enables you to restrict pricing activities such as updating and viewing pricing entities to users who are granted specific access privileges. Pricing entities include price lists, pricing agreements, and modifiers.
Pricing security can be set up and maintained in the HTML user interface by a user who is assigned the Oracle Pricing Administrator responsibility. The Oracle Pricing Administrator has the authorization to access and update all pricing entities for all functional users. With pricing security, you can implement a higher level of control by:
Assigning pricing entities to operating units: A pricing entity can be assigned ownership to a specific operating unit. You can restrict usage to one operating unit or allow usage by all operating units.
Assigning privileges that control which grantee (Global, Operating Unit, Responsibility, or User level) can view or maintain the specified entity: You can use security privileges to control users' access to pricing entities in the following ways:
Grant view-only or maintain access privileges to functional users at the Global, Operating Unit, Responsibility, or User level.
Grant temporary access - for example, to auditors or temporary employees - for a specified date range.
Assign or reassign Operating Unit ownership to price lists and modifiers and control which operating units can use them for pricing transactions.
Create entity sets (a set consists of grouped pricing entities) and assign access privileges to the entire set. The Entity Set function is available only with license to Advanced Pricing.
Setting default rules for security access for new pricing entities.
Warning: Before turning on pricing security, you must create privileges for existing pricing entities.
A responsibility defines a level of authority in an application. Each responsibility lets you access a specific set of Oracle Applications windows, menus, reports, and data to fulfill your role in an organization. Several users can share the same responsibility, and a single user can have multiple responsibilities.
You can assign users the following seeded responsibilities to enable access to pricing windows, menus, reports, and data:
Oracle Pricing Administrator
The user who is assigned the Oracle Pricing Administrator responsibility has complete access to all pricing entities without restriction and is responsible for the global setup and administration of pricing security. Pricing security features include privileges, entity sets, and entity usage. The Oracle Pricing Administrator has unrestricted access and can select any operating unit and can access pricing entities across all operating units. For more information about access privileges by operating unit, see Pricing Security and Operating Units.
Oracle Pricing Manager
The user who is assigned the Oracle Pricing Manager responsibility can access all features for setting up, using, and maintaining pricing features and functions (except pricing security) such as price lists, pricing formulas, modifiers, attribute management, and item and category management.
Oracle Pricing User
This responsibility provides access to the HTML user interface where you can create price lists and modifiers (Deal, Discount, Promotion, Surcharge), access the price list maintenance feature, and attach qualifiers and qualifier groups to modifiers and price lists.
The following terms are used in Oracle pricing security:
Pricing Entity Security: The highest level of security administration for Oracle Pricing. This level of security is in addition to functional security and pricing transaction entity (PTE) plus source system code security. Functional security is established for each user by responsibility setup. The Oracle Pricing Administrator responsibility has complete access to all pricing entities without restriction and is used for the global administration of pricing entities. This security is administered in the Oracle HTML user interface.
Pricing Entity: A pricing entity can be a price list, modifier list, or pricing agreement.
Entity Set: A set of pricing entities that can be used as an Entity Type to which you can grant privileges with Maintain or View-Only access levels.
Entity Type: A term used to describe one of the following pricing entities: Standard Price list, Modifier List, Pricing Agreement, and Entity Set.
Entity Usage: Grants the usage of the entity to one or all operating units so that it can be used during pricing engine calls.
Global Usage: When Global Usage is set to Yes for a pricing entity, it can be used across all operating units for processing orders. If No is selected, the usage of the entity is restricted to the operating unit that created or owns it.
When security is turned on, a Global box indicating Global Status is dynamically added to the header region of all price lists and modifiers. A user with Maintain access privileges can update the Global box. The Oracle Pricing Administrator can also update the Global Usage settings in the Entity Usage pages.
Grantee: The specific user or users for a Grantee Type who are given permission to view or maintain a pricing entity. Used in combination with a Grantee Type.
Grantee Type: The level to which privileges are granted:
Global: Includes all users with access to pricing menus.
Operating Unit: Includes users who have the named operating unit as the default operating unit (as specified in MO: Default Operating Unit profile).
Responsibility: Includes users within the named responsibility.
User: Specifies a named user.
Access Level: Provides Maintain or View-Only access to a pricing entity:
View-Only: Enables the user to view but not update the pricing entity.
Maintain: Enables the user to view and update pricing entities. Not all of the entities support delete capabilities.
Pricing Security allows you to create pricing data that is specific to an operating unit. The multi-organization access control (MOAC) feature further enables users to access multiple operating units within one responsibility, and to create multiple pricing entities (price lists, modifiers) for different operating units without changing responsibility. This feature is controlled by the profile option MO: Security Profile. When MOAC is enabled, you can enable pricing security to provide centralized control of pricing entities for use by operating unit or across all operating units for pricing orders. Pricing security is still used to assign access roles at Global, Organization, Responsibility, or User levels with roles of View Only or Maintain. However, when MOAC is enabled, you should review the following changes in pricing security action:
Note: See the Oracle Applications Multiple Organizations Implementation Guide for information about setting the profiles MO: Security Profile and MO: Default Operating Unit.
Profile option MO: Default Operating Unit automatically creates pricing security privileges
When you create a price list or modifier list, the default pricing security privileges are created for the operating unit that is set in the MO: Default Operating Unit regardless of whether the price list or modifier list is created as Global or for a different operating unit. This occurs when:
Profile option MO: Default Operating Unit is enabled (MO: Security Profile is set)
Pricing security is ON (profile option QP: Security Control is ON)
One of the pricing profile options, QP: Security Default ViewOnly Privilege or QP: Security Default Maintain Privilege, is set to Operating Unit
For example, suppose you are assigned the Pricing Manager responsibility with access to the following operating units - OU1, OU2, and OU3 - and the following conditions exist:
Pricing security is ON.
MO: Default Operating Unit profile is set to OU1.
QP: Security Default Maintain Privilege and QP: Security Default View Only Privilege profiles are set to Operating Unit.
If you then create a global price list (PL1) or price list for OU2 (PL2), the view and maintain privileges will be created for OU1 because the operating unit defaults from the MO: Default Operating Unit profile (the default operating unit that is set for the responsibility) for both PL1 and PL2.
Update to Operating Unit field allowed if users have Maintain access
In Oracle Advanced Pricing, the operating unit on the price list or modifier list must match the operating unit of the transaction (for example, a sales order) that is being priced. If pricing security is ON, any user who is granted maintain access to the price list or modifier list can update the Operating Unit field of the modifier or price list.
For example, suppose you have a price list PL1 from operating unit OU1 that is assigned a maintain privilege of Global, but you log into a responsibility with access to only OU2, OU3 as assigned by the MO: Security Profile. You could update the price list PL1 due to Global security privilege and update it from OU1 to OU2; however, you cannot change it back to OU1 through the same responsibility because the security profile does not provide access to OU1.
After you upgrade to pricing security, pricing security is not switched on automatically. Pricing users with functional access can still fully view and maintain existing price lists and modifiers as before the upgrade.
Before turning security on, you should review and complete the following setup steps for implementing pricing security, otherwise, pricing users may be unable to query any price lists or modifiers in the pricing windows. After you have completed the security setup steps, you can run the concurrent program QP: Security Control with Views Conversion to turn on pricing security.
Note: The profile option QP: Security Control (read-only) displays the current setting of the security option for your entire installation (either on or off).
You must be assigned the Oracle Pricing Administrator responsibility to set up and maintain the pricing security features for all functional pricing users.
Step 1: Map security access requirements
Identify and map all price lists, modifiers, and agreement price lists to:
Operating units that should own and maintain them.
The users in those operating units who require View-Only or Maintain access (view and update) to pricing entities.
Operating units that use them when pricing transactions.
Step 2: Assign ownership of pricing entities (Entity Usage page)
The next step is to assign preexisting price lists and modifiers to an operating unit. Use Global Usage settings to restrict the entity to a specific operating unit or make it available across all operating units.
Step 3: Create privileges (Privileges page)
The next step is to create access privileges for all users in all operating units. You can assign view or maintain access to a pricing entity.
Optionally, you may want to create entity sets that enable you to group multiple entities of the same entity type, and then grant access to the entity set. For example, you may want to create a set called Summer Set that contains all active modifiers with Summer Promotion in the modifier name. Then you can assign privileges to the entity set rather than to each entity separately.
Note: You must have a license for Advanced Pricing to use entity sets.
Step 4: Set security profile options
Use the following security profile options to set the default security privileges for pricing entities that are newly-created:
QP: Security Default ViewOnly Privilege: Sets the default Viewing privileges for newly-created pricing entities.
QP: Security Default Maintain Privilege: Sets the default Maintain privileges for newly-created pricing entities.
QP: Security Control (read-only): This profile option displays the current setting of the security option for your entire installation (either on or off). This profile option value cannot be directly updated - only the concurrent program QP: Security Control with Views Conversion can turn pricing security on and off.
These profile options are delivered in default settings that maintain the existing functional security features of Oracle Pricing. Before you can change these profile settings, the Oracle Pricing Administrator must map the complete security access requirements for each pricing entity. No security profile option should be changed until these steps have been completed.
Step 5: Turn on pricing security
To activate pricing security, set the concurrent program QP: Security Control with Views Conversion to ON. This is the "switch" that turns security on or off for your installation. Before setting the program to ON, ensure you have completed all the preceding implementation steps.
Related Topics
Assigning Pricing Entity Usage (Entity Usage page)
Setting Security Profile Options
This section summarizes the changes that occur to pricing entities after you upgrade to pricing security and turn on security. Some of the changes, such as the new Global check box on price lists and modifiers, are visible only to users after pricing security is turned on.
Entity Usage
After the upgrade to security, all existing price lists and modifiers are assigned the default entity usage of Global Usage. Global usage enables the pricing entity to be used across all operating units. When security is turned on, a Global box is added to the header of all modifiers and price lists to indicate the global usage status for the entity. If the Global check box is:
Selected, then global usage is enabled for the entity.
Cleared, then global usage is not enabled for the pricing entity, and an operating unit must be assigned to the entity.
The Global check box is not visible to users until the concurrent program Security Control is turned ON. When the check box is visible, a user with Maintain access privileges can select or clear the Global check box. However, users with view-only privileges cannot change the Global check box. If a user creates a new pricing entity (such as a price list) and clears the Global check box, then an operating unit must be assigned to that entity. If MOAC is not enabled, the operating unit defaults to the value of the profile MO: Operating Unit.
With MOAC, this operating unit will default to the value in the MO: Default Operating Unit profile. You can override this default and select from any operating unit that is assigned to the MO: Security Profile option. If the Global check box is left selected (the default value), then the entity can be used across all operating units when transactions are priced.
Alternatively, the Pricing Administrator can also update the Global check box for one entity at a time or in bulk using the Bulk Update Entity Usage page, which is available from the Entity Usage page.
Changes to Price Lists
After the upgrade, you can review the operating unit and global usage settings for an entity on the Entity Usage page. An example of the information that appears for a selected entity is outlined in the following table:
Entity Name | Type | Global Usage | Owned by Operating Unit |
---|---|---|---|
Name of the entity (for example, Summer Pricelist) | Type of entity (for example, Standard Pricelist) | Yes | Blank (not assigned to an operating unit) |
The following price list changes occur after the upgrade to pricing security:
Price lists that are assigned Global usage cannot be assigned to an operating unit as well. Any such global price lists will be updated to clear out the operating unit.
Once security is turned on, all new price lists have their view and update properties determined by the pricing security profile options.
You need at least view-only access privileges to display or query price lists in the price list windows. With view-only access, you cannot change header or any associated information such as price list lines, pricing attributes, qualifiers, or secondary price lists.
Users who have view-only privileges on a price list as per pricing security rules will be in view-only mode on the price list window. To update a price list, the user requires specific maintain-access privileges.
For secondary price lists, you can select only the price lists with view-only or maintain privileges for the secondary price list. In addition, secondary price lists are also restricted by the entity usage that is assigned to the primary price list: if the primary price list is global, you can select any secondary price list (global or assigned to any operating unit). If an operating unit is assigned to the primary price list, you can select a global price list for secondary price list or a secondary price list that has the same operating unit as the primary price list.
The Public API, QP_PRICE_LIST_PUB.PROCESS_PRICE_LIST
, will update only price lists as per price list security rule.
You can select Price Lists > Copy Price Lists to copy price lists. A copied price list is assigned the default privilege from the security profile options. During copying, you can override defaults that are derived from Copy From price list and specify your own settings for global flag and operating unit for the Copy To price list. However, if the default security privilege is set to Operating Unit, the copied price list is still assigned the default privilege based on the MO: Default Operating Unit profile.
Changes to Modifier windows
The following modifier changes occur after the upgrade to pricing security:
Modifiers that are assigned Global usage cannot be assigned to an operating unit. Any such global modifiers will be updated to clear the Operating Unit field.
After pricing security is turned on, the default view and maintain properties for all new modifiers are determined by the security profile options.
You need at least view-only access privileges to display or query modifiers in the Define Modifier window. With view-only access privileges, you can view all list and line limits for a modifier that include attributes and transactions for the limit.
With view-only access privileges, you cannot modify the header information, lines, list or line qualifiers, pricing attributes, and related modifier information. A message will appear to advise you about the view-only status.
Modifier lines of the type Promotional Goods can attach to price lists that are viewable, as per pricing security, in the Get Price column list of values (LOV) in the Get region.
In addition, the list of values in the Get Price column on Promotional Goods is also restricted by entity usage that is assigned to the modifier:
If the modifier is global, you can select only a global price list in the Get Price column.
If an operating unit is assigned to the modifier, you can select a global price list or a price list that has the same operating unit as the modifier.
The Public API, QP_MODIFIERS_PUB.PROCESS_MODIFIERS
, will update only modifiers as per modifiers security rule.
In the Modifier Incompatibility Setup window, only those modifier lines belonging to a modifier list that can be viewed or maintained will get queried as per pricing security rules. Modifiers that are opened by clicking the Modifiers button can be viewed or maintained depending on the privileges that are defined by the Pricing Security Administrator.
With view-only access to a modifier, you can copy the modifier by choosing modifiers > Copy Modifiers.
Assign the default privileges from the security profile options. If the profile option is set to Operating Unit, the default privileges are always by the MO: Default Operating Unit profile regardless of the operating unit that is assigned to the copied modifier.
Global flag and operating unit value for the copied modifier defaults from the Copy From modifier. But you can override these defaults, and select new values for global flag and operating unit for the Copy To modifier.
Changes to Calling Applications
All calling applications that display a list of values for price lists can use the pricing view QP_PRICELISTS_LOV_V
to display the valid global and operating unit (OU) price lists that are specific to their transaction. This view displays the either the global price lists and price lists that are specific to the OU on the transaction or all price lists depending on whether the pricing security feature is turned ON or OFF.
Changes to Other Pricing windows
The following table outlines the impact of pricing security and security privileges on various windows in Advanced Pricing:
For the following: | Security Privileges are enforced: |
---|---|
Copy Price Lists | Yes. You need at least view-only access. |
Copy Modifier | Yes. You need at least view-only access. |
Modifier Incompatibility setup | Yes, can be updated if you have maintain access. |
Pricing Organizer | Yes. You can view and access the modifier if it appears. |
Pricing Mass Maintenance | Yes. You need maintain access. |
Adjust Price List | Yes. You need maintain access. |
Add Items to Price Lists | Yes. You need maintain access. |
Multi-currency conversion | No security at present. |
Formulas | No security at present. |
Agreement Header | Agreement inherits security rules of attached price list. |
Price List report | Yes. You must have at least view-only access. |
Modifier Detail report | Yes. You must have at least view-only access. |
Archive and Purge | Yes, you must have maintain access. |
By default, a new price list or modifier is assigned Global usage. If the Global check box is deselected for a pricing entity such as a modifier, the Operating Unit field is enabled. The operating unit defaults from the profile option MO: Default Operating Unit if MOAC is enabled. If MOAC is not enabled, the value defaults from the profile option MO: Operating Unit.
This operating unit field value appears in the Owned by Operating Unit field on Pricing Entity Usage user interfaces. A pricing entity that is assigned to an operating unit can be used only for that operating unit and not across all your operating units. However, pre-existing price lists and modifiers are not assigned a default operating unit, so you can use the entity usage feature to:
Assign or reassign ownership of pre-existing price lists and modifiers to the appropriate operating unit.
Grant or revoke Global Usage for pricing entities. Global usage enables the pricing entity to be accessed across all operating units.
When assigning pricing entity usage to a pricing entity such as a price list or modifier, you should consider the following:
Identify which entities are to be used across all operating units (Global Usage ) in pricing transactions.
Identify which entities are to be restricted to only one operating unit (Owned by Operating Unit).
Identify pricing entities that are used by multiple operating units but not all operating units:
Select Yes for Global Usage.
Create modifier or price list qualifiers for the specific operating units. Qualifiers need to be created using the price list or modifier user interfaces.
Based on the security policy of your organization, the Oracle Pricing Administrator can then grant access privileges to the pricing entities, once entity usage has been set up.
Warning: The Oracle Pricing Administrator should assign ownership to all price lists and modifiers prior to upgrading or implementing Oracle Pricing Security. This can also be done using the Bulk Update Entity Usage feature on the Entity Usage page.
To assign pricing entity usage
On the Entity Usage page, search for the entities and assign the following entity usage values:
Note: For fresh upgrades or new installations, the Global Usage check box is Yes (selected) and the Owned by Operating Unit field is blank.
Global Usage: To make the entity available across all operating units, select Yes for Global Usage. If this is not selected (cleared), global usage is not enabled for the pricing entity, and the usage of the entity is restricted to the assigned operating unit. The Global Usage status is also displayed to users through the Global box on price list and modifier windows.
Owned by Operating Unit: To restrict the entity's usage to a specific operating unit, select the operating unit name.
To make bulk changes to multiple pricing entities, click Bulk Update Entity Usage.
To use bulk update entity usage
Use the Bulk Update Entity Usage page to quickly apply settings for global usage and operating unit assignment across multiple pricing entities; for example, to assign the same operating unit across all price lists.
From the Entity Usage page, find the pricing entities to be updated. Alternatively, to select all pricing entities on a page, click Select All. If additional entities are listed on subsequent pages, click the Next link, and then click Select All. Repeat this process until all the entities to be updated are selected. Click Bulk Entity Usage to update the following settings:
Notes
Global Usage: Select Yes or No to update the global usage for the entities.
Owned by Operating Unit box: Select this box (and an Operating Unit) to assign the entity to a specific operating unit.
Complete the following planning and implementation steps before turning on pricing security. This mapping should be completed by someone with complete knowledge about the following: the pricing users and their operating units; all price lists; modifier lists; and any specific business requirements for granting access to any of the many pricing entities.
Identify and list all users with functional access to Advanced Pricing menu.
Identify all responsibilities within your installation that have functional access to the Oracle pricing menus. This helps to determine whether a pricing entity can be granted access by users with these responsibilities. When an access privilege is granted by responsibility, then all users with this responsibility will have this privilege.
Add to the listing of all responsibilities with access to pricing menus, all individual users, by name. Some users may not require Maintain privileges to any pricing entities, but may actually require view-only access. These users should be identified and associated with the pricing entities to which they require view access.
This mapping assists in granting an access privilege to a specific user. A user may have access privileges by virtue of their responsibility. If the user, whose responsibility has been granted an access privilege of ViewOnly to a pricing entity, needs to have Maintain access, a privilege may be granted to the user for Maintain that is a higher privilege than that granted to his or her Responsibility.
List all users by new access privileges.
A listing of all users and their access privileges should be maintained by the Pricing Administrator. Once mapping has been completed and access privileges granted, you can query the privileges that are granted in a variety of ways using the Privileges page of the Security pages. A search by entity type such as Standard Price List displays all standard price lists by entity name, grantee type, grantee name, access level (ViewOnly or Maintain), and effective dates. Your listing of new access privileges can be checked against the results.
Security privileges enable you to define who can access each pricing entity and the level of access that is permitted: View Only or Maintain. You can grant the following access privileges:
Grant access privileges to functional users at the Global, Operating Unit, Responsibility, or User level:
Global: Includes all users with access to pricing menus.
Operating Unit: Includes users that have the named operating unit as the default operating unit (as specified in MO: Default Operating Unit profile).
Responsibility: Includes users within the named responsibility.
User: Specifies a named user.
Grant access level of View Only or Maintain.
Grant temporary access - for example, to auditors or temporary employees - and give them automatic start and end effective dates.
Assign privileges to entity sets. You can create entity sets to group similar entities (for example, modifiers for a specific customer) and assign privileges to that entity set rather than assign a privilege separately to each entity. The entities that are contained within that entity set inherit the privileges that are assigned to the entity set. For more information, see Creating Pricing Entity Sets.
Note: You must be assigned the Oracle Pricing Administrator responsibility to grant privileges.
You can assign privileges using the following pages:
Privileges page: To search for and update existing privileges.
Express Create Privilege page: To create an access privilege for one specific pricing entity.
Bulk Create Privileges page: To select multiple pricing entities and create access privileges for a grantee.
To assign default security privileges for newly-created pricing entities, see Setting Default Security Profile Options.
Precedence Levels for Multiple Privileges
A user belonging to a responsibility classification such as Pricing User will typically have the access privileges that are associated with that responsibility. However, if a user has only View Only access to a pricing entity by virtue of his or her responsibility, but requires Maintain access, you can assign a Maintain access privilege to the user. A Maintain access privilege is a higher privilege than View Only, and therefore, the higher Maintain privilege prevails for the named user.
If a user has a Maintain access privilege to a given entity at any level of his or her user hierarchy (Responsibility, Operating Unit, and Global), the user will have Maintain access regardless of any other privileges. For example, if a user has Maintain access at his operating unit level but a view-only access at his user level, his Maintain access privilege will have precedence.
To create privileges (directly in Privileges page)
In the Search region, search by Entity Type to view and assign privileges directly on the Privileges page:
To revoke privileges, select the line to delete and click Delete.
To assign or update an access level, select Maintain or View Only.
Enter or update the effective start and end date, and click OK to save your changes.
Note: If the message No data exists appears in the Results: Privilege(s) region then no privileges exist for the entity.
Alternatively, select the entities and click either Express Create Privilege or Bulk Create Privileges.
To create a privilege for one specific pricing entity (Express Create Privilege)
To create a privilege for one specific pricing entity, select the entity and click Express Create Privilege.
Select the entity type and entity name of the pricing entity to be granted privileges.
Select from the following Grantee Types and, if applicable, select a Grantee Name:
Responsibility: Grants the privilege to a specific responsibility such as Pricing User, Guest User (the specific Grantee Names depend on the setup for your specific business).
User: Grants the privilege to a specific user such as John Smith in the Pricing Department.
Global: If Grantee Type is Global, leave Grantee Name blank. This makes the privilege available to all users with functional access to pricing menus.
Operating Unit: Grants the privilege to a specific operating unit. For example, select Vision1 to give a privilege to all users who have Vision 1 as the default operating unit.
Access Level: Select the access level to be granted to the grantee:
Maintain: Enables users to delete, view, and update pricing entities.
View Only: Enables users to view but not update the pricing entity.
Start and End Dates: Select the start and end dates. For example, to provide temporary access to a temporary employee, you could enter a start date of 02-Jul-2007 and an end date of 31-Aug-2007. Alternatively, accept the system dates.
To create privileges to multiple pricing entities (Bulk Create Privileges)
Use the Bulk Create Privileges page to quickly create and assign privileges to multiple entities such as price lists or modifiers. For example, you could search for all price lists belonging to the operating unit of Vision France and then use the bulk create privileges feature to grant them all Maintain access. Alternatively, as a shortcut, you could create an entity set for the entities to be changed, and use the bulk update to update the entity set. The changes are then applied to all entities within that entity set.
Do a search by entity type, then select the pricing entity or entities to be granted privileges.
Click Next to display the Bulk Create Privileges: Provide Additional Privileges Information page, and complete your entries:
Entity Type and Entity Name: Select the Entity Type and Entity Name of the pricing entity to be granted privileges.
Grantee Types/Grantee Name: Select one of the following:
Responsibility: Grants the privilege to a specific responsibility such as Pricing User, Guest User (the specific Grantee Names depend on the setup for your specific business).
User: Grants the privilege to a specific user such as John Smith in the Pricing Department.
Global: If Grantee Type is Global, leave Grantee Name blank. This makes the privilege available to all users with functional access to pricing menus.
Operating Unit: Grants the privilege to a specific operating unit. For example, select Vision1 to give a privilege to all users that have Vision1 as the default operating unit.
Access Level: Select the access level to be granted to the grantee:
Maintain: Enables users to delete, view, and update pricing entities.
View Only: Enables users to view but not update the pricing entity.
Start and End Dates: Select the start and end dates. For example, to provide temporary access to a temporary employee, you could enter a start date of 02-Jul-2007 and an end date of 31-Aug-2007. Alternatively, accept the system dates.
You can create a set of pricing entities that contain multiple pricing entities of the same entity type; for example, an entity set for price lists and an entity set for modifiers. This facilitates assigning privileges to the entire entity set rather than to each separate entity. Here are some examples of entity set usage:
You could create an entity set to give Maintain access to a few individual users. You can then use the same set to give view-only access privilege to all other users.
You could create an entity set consisting of all price lists for a specific customer, then grant maintain access to a specific user who is responsible for maintaining those price lists. Only that user would be authorized to view and maintain the price lists for that entity set.
To use entity sets, you need to:
Create an entity set using the Create Entity Set page. On this page, you can select only header level criteria to create the set.
Use the entity set as the grant object (with object type as ENTITY SET) and grant access roles to any grantee type and grantee.
You should identify the selected criteria in the description of the entity set. Once an entity set is created, you cannot copy or update it. If changes are required, a new entity set must be created.
Note: You can revoke or add privileges as needed. However, the entity set cannot be deleted if any existing privileges are on that entity set. The Entity Set feature is available only to licensed users of Oracle Advanced Pricing.
For entity sets, consider the following guidelines:
You can create an entity set for a specified set of criteria that does not currently exist in the system.
You can create access privileges for this entity set even when no records currently exist in the system.
Any new records that are created that meet the set criteria are automatically assigned to the set and inherit the privileges that are assigned to the set.
If this entity set is used in an access privilege, the newly created entity will be included in the set and will have those privileges.
Example of Entity Set Usage
You create a new entity set named SET1 for all active modifiers for USD currency containing Wireless in the customer name. Next you query on the set name SET1 on the Entity Sets page. After clicking the Go button, no records are displayed in the Results region. This occurs because there are no records that currently exist meeting these criteria.
Next, you create a privilege for entity set SET1 and assign view-only access for the Vision Operating Unit. Next, a user creates a new modifier - MOD 1 in the USD currency for the customer Totally Wireless - and makes the modifier active.
The MOD 1 modifier will automatically be assigned to the SET1 entity set and will inherit view-only access.
To create an entity set
In the Create Entity Set page, define your set criteria:
Set Name and Description: Enter a name that uniquely identifies the entity set that you are creating, and a description that is simple, meaningful, and includes all the criteria that is selected for this entity set. The criteria to define the set should be included in the description for the set.
Pricing Entity Types: Select a pricing entity type to be included in the entity set. Only one pricing entity type can be included in an entity set.
Note: An entity set can contain only one unique pricing entity type. For example, Entity Set1 cannot contain entity types of both Standard Price List and Modifier.
Pricing Entity Name: Select an operator - is, is not, contains, starts with, ends with - and then enter specific details about the pricing entity name to be included in the set. For example, if you select Pricing Entity Name is Summer Price List, then the price list that is named Summer Price List will be included in the entity set. (Assuming Standard Price List was selected as the pricing entity type.)
Optional Qualifier Criteria: Select criteria from the Add Criteria field to add additional criteria, and click the Add button. Add only the criteria that you need for your new entity set. Remember to add the additional criteria to the Set Description. Your entity set will include only those pricing entities exactly matching your criteria.
To delete an entity set
To delete an entity set, you must first revoke all privileges on this set and then delete it.
Navigate to the Entity Sets page and do a search for an existing entity set.
In the Results: Entity Set(s) region, click the Delete icon to delete a specific entity set.
If the Delete icon is grayed out, the entity set still has privileges assigned to it. Before the entity set can be deleted, you must first revoke the privileges, and then delete the entity set.
You can set security profile options to define the default security privileges that are assigned to newly-created price lists and modifiers. These profiles should be left in default setting (maintaining current functionality) and not be changed until you have decided which users should have automatic privileges of View Only or Maintain whenever a pricing entity is newly created. These privileges are automatically created as soon as the creating user saves the new entity. Security access for existing pricing entities is set by the Oracle Pricing Administrator using pricing security.
The two security profile options, QP: Security Default Maintain Privilege and QP: Security Default ViewOnly Privilege, control the default access privileges that are assigned to newly-created price lists or modifiers only:
QP: Security Default ViewOnly Privilege
Controls the default view-only privileges for newly created price lists and modifiers. View and maintain responsibilities are controlled separately by different profile options. This profile option enables you to set view-only privileges at one of the following levels: Global (Default), Operating Unit, Responsibility, User, or None. This controls which users (if any) can view newly-created price lists and modifiers.
QP: Security Default Maintain Privilege
Controls the default maintain privileges for NEWLY CREATED price lists and modifiers. This profile option enables you to set maintain privileges at one of the following levels: Global (Default), Operating Unit, Responsibility, User, or None.
Note: If either of these default privileges is set to Operating Unit, the privilege is created for the operating unit that is specified in MO: Default Operating Unit profile and not the operating unit that is assigned to the pricing entity.
QP: Security Control
The profile option QP: Security Control (read-only) displays the current setting of the security option for your entire installation (either on or off). This profile option value cannot be directly updated and can only be turned on using the concurrent program Security Control.
Before setting the security profile options and changing the defaulting privilege profiles, complete all security setup requirements. To change the access privileges for pre-existing price lists and modifiers, use the Security Privileges window.
The following discussion will assist you in choosing the combination of profile option settings to meet your security policy.
Resolving conflicts between multiple access levels
If the user has two different access privileges to the same pricing entity, the access level of Maintain always prevails. For example, if a pricing user has Maintain access at the User level to certain price lists, and view-only access at the Responsibility level, the user has Maintain privileges to those price lists.
In all cases, the highest access level (the Maintain access privilege) prevails over the View-Only privilege. This rule applies regardless of what operating unit ID the user is in.
Security profile option settings compared
The following section lists possible combinations of security profile option settings that define the default view and maintain access privileges for newly created pricing entities. Review the combinations of profile option settings and select the combination that suits the requirements for your installation. When security is turned on, a price list and modifier that is newly created will be assigned the default view and maintain security privileges from the profile option settings.
Security Profile ON: Behavior when you are creating a new pricing entity
The following table shows behavior by combinations of profile settings when you are setting up new price lists and modifiers. Available values are None, User, Responsibility, Operating Unit, and Global.
QP: Default View Only Privilege | QP: Default Maintain Privilege | Behavior while being created | After saving and exiting the Entity's (Price list or Modifier) setup windows |
---|---|---|---|
None | None | Entity can be viewed and updated while being created. | 1. The new entity cannot be viewed or updated by anyone. |
None | User | Entity can be viewed and updated while being created. | 2. The new entity can be viewed and updated only by the user who created it only. |
None | Responsibility | Entity can be viewed and updated while being created. | 3. The new entity can be viewed and updated only by users with the same responsibility as the user who created it only. |
None | Operating Unit | Entity can be viewed/updated while being created. | 4. The new entity can be viewed and updated by all users with the same default operating unit as the user who created the entity only. |
None | Global | Entity can be viewed and updated while being created. | 5. The new entity can be viewed and updated by all users. |
Security Profile ON: Behavior when you are creating a new pricing entity for combination: values for User
The following table shows behavior by combinations of profile settings when you are setting up new price lists and modifiers. Available values are: None, User, Responsibility, Operating Unit, and Global.
QP: Default View Only privilege | QP: Default Maintain Privilege | Behavior while being created | After saving and exiting the Entity's (Price list or Modifier) setup windows |
---|---|---|---|
User | None | Entity can be viewed and updated while being created. | The user who created it can view the new entity. Nobody can update it. |
User | User | Entity can be viewed and maintained by user who created it. | The new entity can be viewed and updated only by the user who created it only. |
User | Responsibility | Entity can be viewed and maintained by user who created it. | Similar to the None/Responsibility settings, except that the user can still view the entity even if he or she is exempted from the responsibility. |
User | OU | Entity can be viewed and maintained by user who created it. | Similar to None/Operating Unit settings, except that, the user can still view the entity even if he or she has a different default operating unit. |
User | Global | Entity can be viewed and maintained by user who created it. | Same as None/Global settings. The new entity can be viewed and updated by all users. |
Security Profile ON: Behavior when you are creating a new pricing entity for combination: values for Responsibility
The following table shows behavior by combinations of profile settings when you are setting up new price lists and modifiers. Available values are: None, User, Responsibility, Operating Unit, and Global.
QP: Default View Only Privilege | QP: Default Maintain Privilege | Behavior while being created | After saving and exiting the Entity's (Price list or Modifier) setup windows |
---|---|---|---|
Responsibility | None | Entity can be viewed and maintained by user who created it. | All the users can view the new entity with the same responsibility as the user who created it. Nobody can update it. |
Responsibility | User | Entity can be viewed and maintained by user who created it. | All the users can view the new entity with the same responsibility as the user who created it. And, only the user who created it can update it. |
Responsibility | Responsibility | Entity can be viewed and maintained by user who created it. | Same as None/Responsibility settings. The new entity can be viewed and updated only by users with the same responsibility as the user who created it only. |
Responsibility | Operating Unit | Entity can be viewed and maintained by user who created it. | All the users can view the new entity with the same responsibility as the user who created it. And, all the users with the same default operating unit as the user who create it can also update it. |
Responsibility | Global | Entity can be viewed and maintained by user who created it. | Same as None/Global. The new entity can be viewed and updated by all users. |
Security Profile ON: Behavior when you are creating a new pricing entity for combination: values for Operating Unit
The following table shows behavior by combinations of profile settings when you are setting up new price lists and modifiers. Available values are: None, User, Responsibility, Operating Unit, and Global.
QP: Default View Only Privilege | QP: Default Maintain Privilege | Behavior while being created | After saving and exiting the Entity's (Price list or Modifier) setup windows |
---|---|---|---|
Operating Unit | None | Entity can be viewed and maintained by user who created it. | All the users with the same default operating unit as the user who created it can view the new entity. Nobody can update it. |
Operating Unit | User | Entity can be viewed and maintained by user who created it. | All the users with the same default operating unit as the user who created it can view the new entity. Only the user who created it can update it. |
Operating Unit | Responsibility | Entity can be viewed and maintained by user who created it. | All the users with the same default operating unit as the user who created it can view the new entity. All the users with the same responsibility as the user who created it can update it. |
Operating Unit | Operating Unit | Entity can be viewed and maintained by user who created it. | Same as None/OU settings. The new entity can be viewed and updated only by users with the same default operating unit as the user who created the entity. |
Operating Unit | Global | Entity can be viewed and maintained by user who created it. | Same as None/Global settings. The new entity can be viewed and updated by all users. |
Security Profile ON: Behavior when you are creating a new pricing entity for combination: values for Global
The following table shows behavior by combinations of profile settings when you are setting up new price lists and modifiers. Available values are: None, User, Responsibility, Operating Unit, and Global.
QP: Default View Only Privilege | QP: Default Maintain Privilege | Behavior while being created | After saving and exiting the Entity's (Price list or Modifier) setup windows |
---|---|---|---|
Global | None | Entity can be viewed and maintained by user who created it. | All the users can view the new entity. But nobody can update it. |
Global | User | Entity can be viewed and maintained by user who created it. | All the users can view the new entity. Only the user who created it can update it. |
Global | Responsibility | Entity can be viewed and maintained by user who created it. | All the users can view the new entity. All the users with the same responsibility as the user who created it can update it. |
Global | Operating Unit | Entity can be viewed and maintained by user who created it. | All the users can view the new entity. All the users with the same default operating unit as the user who created it can update it. |
Global | Global | Entity can be viewed and maintained by user who created it. | Same as None/Global. The new entity can be viewed and updated by all users |
The Oracle Pricing Administrator can assign or change ownership of a pricing entity using the Entity Usage page (or the Bulk Update Entity Usage feature from the Entity Usage page).
WARNING: The concurrent program QP: Security Control with Views Conversion turns pricing security on or off for your entire installation. If you are upgrading or freshly installing the security feature for the first time, ensure that you have completed the following setup and implementation steps before turning pricing security on or setting the default security profile options; otherwise, users will be unable to query any price lists or modifiers in the pricing windows.
Assess and map out the behavior that your business requires when a new price list or modifier is created.
Assign an operating unit owner for existing pricing entities.
Grant privileges at all levels based on your security policy and needs.
When security control is first turned ON, a Global check box appears in the header region of all price lists and modifiers. If the Global check box is enabled for the entity, then that entity is available across all operating units in your organization. The Global check box is visible to end-users and can be updated (cleared or selected) by users with Maintain access privileges.
You can update the Global check box for each price list and modifier one at a time, or do bulk updates in the Bulk Update Entity Usage page. For more information, see Assigning Pricing Entity Usage.
Prior to your turning security on, pricing entities are not identified by an operating unit. It is very important that the Oracle Pricing Administrator assigns ownership to all price lists and modifiers prior to upgrading to or implementing pricing entity security. You can use the Bulk Update Entity Usage feature in the Entity Usage page to assign or reassign global usage values.
After you turn pricing security on, the default operating unit is used if the Global check box is deselected.
The following table shows the behavior of existing pricing entities when pricing security is turned ON and no pre-security is assigned:
QP: Default View Only Privilege | QP: Default Maintain Privilege | Privileges from Pricing Security Administrator | Behavior |
---|---|---|---|
Not applicable | Not applicable | No privileges granted | Entity cannot be viewed or updated by anybody except the Oracle Pricing Administrator through the security management pages that are selected from the Oracle HTML user interface. |
Not applicable | Not applicable | Maintain | Entity can be viewed and updated by the user with Maintain access privileges. |