Data Security for Tasks

This chapter covers the following topics:

Overview of Data Security for Tasks

When a task is created, who can view, update or delete the task is based on the security rules in Task Manager. Task Manager leveraging the Application Object Library (AOL) data security model provides you with four aspects of security protection (user, network, function, and data levels) for the data entered in the system. With the finest security controlled in the data level, a specific data record can be further customized and authorized to different users for the security access and modifications. This AOL security was initially used in HTML Tasks only.

To allow product specific security added to the existing AOL task security, and to extend the task data security offerings specifically for task related resource assignments to the Forms-based Tasks and to the Oracle Application Self-Service Framework based Tasks, Task Manager enhances the AOL data security based on Virtual Private Database (VPD) policy, a feature implemented in database to allow security dynamically created at runtime to all queries issued against a database table or view. This new security model with VPD feature provides more flexibility in task security for resource assignments by allowing any applications to set product specific security rules around the existing task security.

For example, not every resource can create, view, or update a service related task of certain types. Only the resources that have privileges to access certain types of service request can be assigned to the service related tasks of the same types as assignees. Therefore, with this enhanced security model, Oracle Service Online can pass its own security functions to Tasks in Forms or in Oracle Applications Framework to allow qualified resources to be retrieved from the resource list of values when assigning them to a task within the service request of certain types.

Note: This security model with VPD feature only applies to task security for resource assignments in the Forms-based and Oracle Applications Framework based Task Manager. It is not implemented in task security rules currently used in HTML Tasks.

For detailed information on AOL security framework, refer to Oracle E-Business Suite Security Guide.

HTML Task Security Rules

In addition to the task rules based on the AOL Data Security model, HTML Task Manager provides additional security rules for users to access the tasks of either standalone or context sensitive tasks. In addition, based on the group hierarchy defined in Resource Manager, group managers can have full access or read only access privilege to their directs' HTML tasks only if necessary privileges are granted to the group managers. Furthermore, Task Manager also allows different users to see various resource selections appearing in the resource list of values (LOV) while creating a task.

Scope of the HTML Task Security Rules

Task security rules are applied to Task Summary, Details, and Contextual Tasks screens. It will not secure task data accessed through non-Task modules, such as the Quick Find screen and Calendar View. These non-Task screens will continue to show the tasks for which the user is the owner or assignee.

In regard to the resource list of values security, it is applied to the major task screens. However, it will not be applied to the Customer/Contact LOV (organization, person, relationships) and References if not based on resources (such as customer/contact, and lead).

HTML Task Security Access Details

In general, HTML Task Manager provides the following security access rules:

Task Security in the Oracle Applications Framework and Forms based Tasks

Based on the existing task security rules used in HTML Tasks, users if they have appropriate privileges can view or update a task created in Oracle Applications Framework.

In addition, since Task Manager allows product specific security rules added to the existing AOL task security used for the resource list of values assignment in Forms and in Oracle Applications Framework, if service related security rules are used in a service request assignment, users may only see the resources that are qualified for the service rules from the resource list of values (LOV) when assigning them to a service related task.

Task Security Rules Access Details

Task Manager in Oracle Applications Framework provides the following security rules:

The only security rule currently available in Tasks Forms is the resource list of values security.