18Security in Oracle Procurement

This chapter contains the following:

Implementing Security for Procurement: Overview

Oracle Procurement Cloud applications use the standard role-based security model. Predefined security roles are delivered for in the security reference implementation.

Some types of delivered roles are:

  • Common job roles.

  • Abstract roles, for common functionality that is not job-specific.

  • Duty roles, that can carry both function and data security grants.

  • Discretionary roles, are like duty roles but can be provisioned to users independent of job or abstract roles.

For each of the predefined roles, the included or inherited duties grant access to application functions that correspond to their responsibilities. In some areas of Procurement you must also grant data access directly to specific users. For example, you must directly set up users such as buyers, category managers and procurement managers as procurement agents.

Predefined Roles for Procurement

Predefined roles for Procurement are provided in the security reference implementation for these functional areas:

  • Requisitioning

  • Purchasing

  • Supplier

  • Supplier Portal

  • Sourcing

  • Supplier Qualification

  • Setup and Administration

  • Business Intelligence

The following table lists predefined requisitioning security roles and their descriptions.

Role Type Description

Advanced Procurement Requester

Abstract

Creates requests for goods or services for themselves and for others. Also has access to the Add Requisition Lines function which supports the quick creation of multiple requisition lines. This role must be directly assigned to a user.

Procurement Catalog Administrator

Abstract

Manages agreements and catalog content. This includes catalogs, category hierarchies, content zones, information templates, map sets, public shopping lists and smart forms.

Procurement Preparer

Abstract

Creates requests for goods or services for themselves and for others. This role must be directly assigned to a user.

Procurement Requester

Abstract

Creates requests for goods or services for themselves. This role is inherited by users whose primary worker assignment is Employee or Contingent Worker.

The following table lists predefined purchasing security roles and their descriptions.

Role Type Description

Buyer

Job

Performs transactional functions in procurement applications, such as for processing purchase agreements and purchase orders.

Category Manager

Job

Identifies savings opportunities. Determines negotiation strategies. Creates requests for quote, information, proposal or auction events on behalf of their organization. Awards future business, typically in the form of agreements and orders with suppliers.

Procurement Contracts Administrator

Job

Creates, manages and administers procurement contracts.

Procurement Manager

Job

Manages a group of buyers in an organization.

The following table lists predefined buying organization supplier security roles and their descriptions.

Role Type Description

Supplier Administrator

Abstract

Manages supplier information and user provisioning.

Supplier Manager

Abstract

Manages supplier information and authorizes promotion of prospective suppliers to spend authorized status.

The following table lists predefined supplier portal security roles and their descriptions.

Role Type Description

Supplier Accounts Receivable Specialist

Job

Submits invoices and tracks invoice and payment status for the supplier organization.

Supplier Bidder

Abstract

Represents a potential supplier. Responds to requests for quote, proposal, information and reverse auctions.

Supplier Customer Service Representative

Job

Manages inbound purchase orders. Communicates shipment activities for the supplier organization. Tracks, acknowledges or requests changes to new orders. Monitors the receipt activities performed by the buying organization.

Supplier Demand Planner

Job

Manages supplier scheduling, supplier managed inventory, and consigned inventory for the supplier organization.

Supplier Inventory Manager

Job

Manages inventory process control from beginning to end. Monitors available supplies, materials and products to ensure that customers, employees and production have access to the materials they need.

Supplier Product Administrator

Job

Uses retail external portal, and uploads and maintains supplier product and catalog data with the retailer. This catalog data is for both sell-side and buy-side transactions.

Supplier Product Design Engineer

Job

Views items and their related details such as a bill of material, attachments or approved manufacturers list. Reviews and acknowledges change orders, and initiates change requests against items they are providing or manufacturing for the customer.

Supplier Sales Representative

Job

Manages agreements and deliverables for the supplier organization. Acknowledges or requests changes to agreements. Adds catalog line items with customer-specific pricing and terms. Updates contract deliverables that are assigned to the supplier. Updates progress on contract deliverables for which the supplier is responsible.

Supplier Self Service Administrator

Abstract

Manages the profile information for the supplier company. Primary tasks include updating supplier profile information and requesting user accounts to grant employees access to the supplier application.

Supplier Self Service Clerk

Abstract

Manages the profile information for the supplier company. Primary tasks include updating supplier profile information and requesting user accounts to grant employees access to the supplier application.

The following table lists predefined sourcing security roles and their descriptions.

Role Type Description

Category Manager

Job

Identifies savings opportunities. Determines negotiation strategies. Creates requests for quote, information, proposal or auction events on behalf of their organization. Awards future business, typically in the form of contracts or purchase orders to suppliers.

Sourcing Project Collaborator

Abstract

Helps determine negotiation strategies, award decision criteria, and perform objective scoring. The role can be assigned to a key organization member helping to do these tasks.

The following table lists predefined supplier qualification security roles and their descriptions.

Role Type Description

Supplier Qualification

Discretionary

Allows a user to define the requirements a supplier should meet. Can qualify a supplier by performing verification and audits. Can assess and maintain supplier qualifications.

The following table lists predefined setup and administration security roles and their descriptions.

Role Type Description

Procurement Application Administrator

Job

Performs most setup tasks. Performs the technical aspects of keeping the procurement application functions available. Configures the applications to meet the business needs of the organization.

Procurement Catalog Administrator

Abstract

Manages agreements and catalog content. This includes catalogs, category hierarchies, content zones, information templates, map sets, public shopping lists and smart forms.

Procurement Contract Administrator

Job

Creates, manages and administers procurement contracts.

Procurement Integration Specialist

Job

Plans, coordinates, and supervises all activities related to the integration of the procurement applications.

Procurement Manager

Job

Manages a group of buyers in an organization.

Supplier Administrator

Abstract

Manages supplier profile and user provisioning.

Supplier Manager

Abstract

Manages supplier information and authorizes promotion of prospective suppliers to spend authorized status.

The following table lists predefined business intelligence security roles and their descriptions.

Role Type Description

Purchase Analysis

Abstract

Allows a user to perform line-of-business analysis on requisitions, purchase orders and suppliers. This role is only used to grant access to Oracle Business Intelligence, not the Oracle Procurement Cloud applications. The user is not a procurement agent. They are a person who owns the line-of-business and wants to do business intelligence analysis on procurement data.

The user who has this role has data access to the business unit associated with their primary worker assignment. You can assign additional business units to their data access. Use the Manage Data Access for Users task, in the Setup and Maintenance work area.

Procurement Requester

Procurement Requester Data Security

Your ability to create or view purchase requisitions is controlled by role-based data security.

Three abstract roles define procurement requester security:

  • Procurement Requester

  • Procurement Preparer

  • Advanced Procurement Requester

Procurement Requester

With the Procurement Requester role you can create requests for goods or services for yourself. This abstract role is inherited by the Employee and Contingent Worker job roles. As a procurement requester you can:

  • Create purchase requisitions.

  • View requisitions that have your name listed as the requester on the requisition line.

  • Edit requisitions that have your name listed as the person who entered the requisition.

With the Procurement Requester role you have implicit access to data for the business unit associated with your primary worker assignment. This determines the requisitioning business unit you belong to.

Procurement Preparer

With the Procurement Preparer role you can create requests for goods or services for yourself and for others. This role must be provisioned directly to you.

Advanced Procurement Requester

With the Advanced Procurement Requester role you can create requests for goods or services for yourself and for others. You also have access to the Add Requisition Lines function, which supports the quick creation of multiple requisition lines. This role must be provisioned directly to you.

Additional Business Units

To provide you requester access to additional business units, beyond your primary worker assignment, you must be provisioned explicit data access to them. A security administrator can do this using the Manage Business Unit Data Access for Users task, in the Setup and Maintenance work area, Users and Security functional area. For example, consider the following scenario:

  • Your primary employee assignment is to US business unit.

  • You have also been directly provisioned with data access to the France business unit.

As a result, you have access to data for both the US and France business units.

How You View Requisitions Owned by Other Users

By default, you can only see:

  • Requisitions you create.

  • Requisitions you didn't create, in which you're listed as the requester on one of the lines.

A security administrator can use function security to provide you the ability to view requisitions owned by other users. They can assign you the privilege View Requisitions - All. This provides you access to requisitions for which you're not the preparer or requester, in the business units you have access to.

Some additional purchase requisition-related privileges are available in the security reference implementation, aren't assigned to predefined roles, but can be assigned as needed.

  • Edit Requisition as Approver: Allows you to modify requisitions as an approver.

  • Reassign Requisition: Allows you to reassign requisitions entered by others.

  • Reassign Requisition Data: Allows you data access for reassigning requisitions entered by others.

Note: Never edit the predefined roles. You can make a copy of a predefined role to create a custom role, if needed.

For more information about procurement requester security roles refer to the Oracle Procurement Cloud Security Reference guide in the Oracle Help Center.

Procurement Agent

Use the Manage Procurement Agents task to create and maintain a procurement agent's access to procurement functionality for a business unit. Find the task in the Procurement Foundation and Payables functional areas.

You can implement document security for individual document types such as purchase orders, purchase agreements, and requisitions. You can also control a procurement agent's access to manage activities for suppliers, negotiations, catalog content, and business intelligence spend data.

Key aspects for managing procurement agents are:

  • Understanding what a procurement agent is.

  • Implementing document security.

  • Navigating to the Manage Procurement Agents task.

Understand What A Procurement Agent Is

Procurement agents are typically users with procurement roles such as:

  • Buyer

  • Catalog Administrator

  • Category Manager

  • Procurement Contract Administrator

  • Procurement Manager

  • Supplier Administrator

  • Supplier Manager

  • Supplier Qualification

They have procurement job responsibilities in the buying organization, such as creating purchase agreements, purchase orders, and related procurement functions. You must set up these users as procurement agents for them to manage procurement documents and perform other procurement actions.

Key Elements for Setting Up Procurement Agent Document Security

The key elements for setting up procurement agent document security are:

  • Assigning the agent to a procurement business unit.

  • Enabling the agent's access to procurement actions.

  • Defining the agent's access levels to other agents' documents.

Use the Manage Procurement Agents task to manage procurement agents, including defining an agent's access to procurement functionality within a procurement business unit.

Find the task in the Procurement Foundation and Payables functional areas.

The following predefined procurement roles are controlled by procurement agent access configuration:

  • Buyer

  • Catalog Administrator

  • Category Manager

  • Procurement Contracts Administrator

  • Procurement Manager

  • Supplier Administrator

  • Supplier Manager

  • Supplier Qualification

Procurement BU

Assign the agent to one or more procurement business units (BU).

Action

Enable the agent with access to one or more procurement actions for each procurement business unit.

  • Manage Requisitions: Enable access to purchase requisitions.

  • Manage Purchase Orders: Enable access to purchase orders.

  • Manage Purchase Agreements: Enable access to blanket purchase agreements and contract agreements.

  • Manage Negotiations: Enable access to Sourcing negotiations, if implemented by your organization.

  • Manage Sourcing Programs: Enable access to track and manage sourcing programs.

  • Manage Catalog Content: Enable access to catalog content. This includes local catalogs, punchout catalogs, content zones, smart forms, information templates, and collaborative authoring.

  • Manage Suppliers: Enable access to create and update supplier information.

  • Manage Supplier Qualifications: Enable access to initiatives, qualifications, and assessments, if Supplier Qualification is implemented by your organization.

  • Manage Approved Supplier List Entries: Enable access to create and update approved supplier lists.

  • Analyze Spend: Used by the business intelligence functionality to enable access to view invoice spend information.

Access to Other Agents' Documents

Assign an access level to documents owned by other procurement agents for each procurement business unit.

Note: An agent can perform all actions on their own documents as long as they have procurement BU access.
  • None: The agent has no access to documents owned by other agents.

  • View: Permits the agent to search and view other agents' documents.

  • Modify: Permits the agent to view, modify, delete, and withdraw other agents' documents.

  • Full: Permits the agent full control of other agents' documents. This includes the view, modify, delete, withdraw, freeze, hold, close, cancel, and finally close actions.

Supplier User

Supplier user provisioning refers to the process of establishing supplier users with access to the Supplier Portal work area. Your buying organization can create and maintain user accounts, job roles, and data access controls for supplier contacts.

The content supplier users can access, and tasks they can perform, are controlled by your buying organization. You can allow trusted supplier users to request and manage user accounts for their fellow employees that require access to the Supplier Portal work area.

User Provisioning Job Roles

You provision supplier users with job roles, giving them the ability to perform business tasks and functions using the Supplier Portal work area. The predefined job roles that can perform supplier user provisioning are:

  • Supplier Administrator: This is a buying organization job role. Users with this role are responsible for maintaining supplier profile information as well as administering user accounts for supplier contacts.

  • Supplier Manager: This is a buying organization job role. Users with this role are responsible for authorizing new suppliers for spending. They control the addition of new spend authorized suppliers into the supply base. In smaller organizations, you can assign this job role and the Supplier Administrator role to the same individual.

  • Supplier Self Service Administrator: This is a supplier organization job role. Supplier users with this role can maintain company profiles and request user accounts for their fellow employees. All profile changes and user account requests made by the supplier self service administrator require approval by the buying organization.

  • Supplier Self Service Clerk: This is a supplier organization job role. Supplier users with this role can maintain company profiles and request user accounts for their fellow employees. All profile changes and user account requests made by the supplier self service clerk require approval by the buying organization.

You can perform user provisioning from the following procurement flows:

  • Supplier registration review and approval.

  • Supplier profile change request review and approval.

  • Suppliers work area, Manage Suppliers task, Edit Supplier flow where supplier profiles are maintained.

  • Suppliers work area, Import Suppliers task.

  • Supplier Portal work area where suppliers can perform user provisioning on behalf of their company using the Manage Profile task.

In each of these flows a user with one of the appropriate job roles can:

  • Create or request a user account.

  • Assign job roles.

  • Set data security access for supplier contacts.

Manage Supplier User Roles Setup Page

The IT security manager can go to the Setup and Maintenance work area and use the Manage Supplier User Roles task in the Procurement offering and Supplier Portal functional area.

The Procurement Application Administrator can go to the Setup and Maintenance work area and use the Manage Supplier User Role Usages task in the Procurement offering and Supplier Portal functional area.

Your buying organization uses the Manage Supplier User Roles page to perform the following setup actions. These actions are performed by two different job roles: IT Security Manager, and Procurement Application Administrator.

  • IT Security Manager: Define the list of roles that can be granted to supplier users in Supplier Portal provisioning flows. Only the IT Security Manager job role can add and remove roles. This helps your organization avoid the risk of adding an internal application job role inadvertently. It prevents suppliers from gaining unauthorized access to internal data. The supplier roles are added from the central Oracle LDAP roles repository which stores all Oracle Fusion application job roles. Once they add a role to the table, the role is immediately available for provisioning to supplier contacts by the Supplier Administrator.

  • Procurement Application Administrator: Define the supplier role usages. The Procurement Application Administrator is responsible for this setup task. They manage settings for how the supplier job roles are exposed in provisioning flows.

The IT Security Manager can also set supplier role usages, as they can access all functions on the setup page. However, this task is typically performed by the Procurement Application Administrator. The Procurement Application Administrator can't add or remove roles from the table.

Your buying organization can establish default roles which expedite supplier user account requests. To do this, identify the minimum set of job roles that a supplier contact can be granted. Use default roles so that approvers don't have to explicitly review and assign job roles for each user account request.

When the role default setup is done correctly, the Supplier Administrator (or approver) can review supplier contact user account requests. This allows them to:

  • Review requests with job roles selected based on the source of the request.

  • Approve user account requests with appropriate role assignments.

The two role usages relevant to supplier user provisioning are:

  • Default for Oracle Fusion Supplier Portal: If selected, the role is automatically added to supplier user requests in the core user provisioning flows, such as supplier profile maintenance.

  • Default for Oracle Fusion Sourcing: If selected, the role is automatically added to supplier user requests generated in sourcing flows such as Create Negotiation.

A role in the table can be marked for one or more of the two usages.

The buying organization's supplier administrator provisions user accounts to provide supplier contacts access to the Supplier Portal work area. The administrator performs user account maintenance for a specific supplier contact in the Suppliers work area, on the Edit Supplier page, Contacts tab. The administrator assigns a user account with roles that determine what functions the supplier contact can perform in the Supplier Portal work area.

The following are Oracle Procurement Cloud flows where a supplier administrator can request and manage a user account for a supplier contact:

  • Create Supplier Contact: When creating a supplier contact, the administrator can also request to create a user account for the contact, request roles and grant data access. A supplier user can also request for a supplier contact and user account to be created.

  • Edit Supplier Contact: The supplier administrator can make changes to supplier contact information as well as create or maintain the user account for the contact. A supplier user can also request a user account to be created for an existing contact.

  • Import Supplier Contact: When importing supplier contacts, the administrator can also use the User Account Action column to create or update a user account for specified contacts.

  • Approve supplier registration request: When approving a supplier registration, an approver can create and edit supplier contacts. A user account is part of a supplier contact. The approver has the ability to create a user account and assign roles within this flow.

Note: Creating a user account for a supplier contact can't be reversed. Once a user account is created it can't be deleted, but it can be inactivated.

The Supplier Administrator is responsible for:

  • Creating and inactivating supplier user accounts.

  • Assigning job roles.

  • Assigning data access.

Create and Inactivate Supplier User Accounts

Select the Create User Account option for a contact to send a request to the identity management system to provision the account. Status is displayed to communicate provisioning status during this process. When the process is complete, the identity management system sends notification to the supplier contact with the user name and temporary password for the Supplier Portal work area. If the process fails, a notification is sent to the Supplier Administrator that a user account wasn't successfully provisioned.

Assign Job Roles

Use the Roles subtab to control function security. This determines the business objects and task flows the supplier user can access. Supplier job roles should be assigned based on the job that the contact performs within the supplier organization. For example, Customer Service Representative or Accounts Receivable Specialist.

Assign Data Access

Use the Data Access tab to control data security. This determines which transactions the user can access for the specific business objects their job role is associated with. The two levels of data security are: Supplier and Supplier Site. By default, all supplier user accounts start with Supplier level, meaning they can access all transactions belonging to their supplier company only. For more restrictive access, the Supplier Site level limits user access to transactions for specific supplier sites only.

The following simple examples illustrate selecting and managing roles for supplier user provisioning.

Select Roles for Supplier User Provisioning:

Vision Corporation decides to expand their Supplier Portal work area deployment and allow supplier customer service representatives to access orders and agreements.

The IT security manager navigates to the Setup and Maintenance work area and uses the Manage Supplier User Roles task in the Procurement offering and Supplier Portal functional area. They search for the supplier job role Supplier Customer Service Representative, and add the role to the table.

The Procurement Application Administrator then navigates to the Setup and Maintenance work area and uses the Manage Supplier User Role Usages task in the Procurement offering and Supplier Portal functional area. For the Supplier Customer Service Representative role, they select the following option: Default for Supplier Portal.

Manage Default Roles for Supplier Users and Supplier Bidders:

Vision Corporation decides the Supplier Sales Representative role should not be marked as a default role for the Supplier Portal work area. The Procurement Application Administrator navigates to the Manage Supplier User Role Usages task. They ensure the Default for Supplier Portal option is not selected for that role.

Vision Corporation also recently implemented Oracle Fusion Sourcing. They must provision the Supplier Bidder role to suppliers invited to sourcing events. The IT Security Manager navigates to the Manage Supplier User Roles page. They add the Supplier Bidder role to the table. For the newly added role, they select the Default for Sourcing option.

Supplier Administration

Use the Personally Identifiable Information (PII) framework to protect tax identifiers for suppliers classified as individuals.

PII refers to the framework in Oracle Fusion Applications for protecting sensitive data for an individual. Additional security privileges are required for users to view and maintain such data.

The predefined job roles Supplier Administrator and Supplier Manager include data security polices to maintain tax identifiers for suppliers classified as individuals. Only users with these roles can view and maintain the following tax identifiers for individual suppliers:

  • Taxpayer ID

  • Tax Registration Number

  • National Insurance Number

Individual suppliers are defined as suppliers with a Tax Organization Type of Individual or Foreign Individual.

Other users without these roles can still search and access individual suppliers. They are restricted from viewing or updating the tax identifiers for these suppliers.

Similar PII data security is also enforced in the Supplier Registration flows. Only users with the Supplier Administrator and Supplier Manager roles can view or maintain the tax identifier information for an individual supplier's registration approval request.

To view, but not edit, a supplier contact's mobile phone, you must have the View Trading Community Person Mobile Phone Number data security privilege. To view and edit a supplier contact's mobile phone, you must have the Manage Trading Community Person Mobile Phone Number data security privilege.

If you have neither privilege, and if there is a mobile phone, the number is masked with asterisks. If there is no mobile phone, the field is blank.

Business Intelligence

Overview of Security for Oracle Procurement Cloud Business Intelligence

Users with the appropriate roles can view, create or edit business intelligence analytics and reports in Oracle Procurement Cloud.

Security for viewing, creating, and editing business intelligence analytics and reports includes these concepts:

  • Access to business intelligence functionality

  • Access to the data that you want an analytic or report to return

  • Access to the folders where the analytics or reports are stored

  • Secured list views

  • Personally identifiable information (PII)

Business Intelligence Roles

Business intelligence security roles apply to both Oracle Business Intelligence Publisher and Oracle Transactional Business Intelligence. They grant access to business intelligence functionality, such as the ability to run or author analytics and reports. Users need one or more of these roles. In addition, users need the roles that grant access to the following:

  • Functional folders, analytics and reports

  • Subject areas

  • Oracle Procurement Cloud data

Access to Subject Areas in the Business Intelligence Catalog

Access to subject areas in the Business Intelligence Catalog is secured by OTBI Transactional Analysis Duty roles. The following table lists the procurement subject areas by functional area, and the corresponding job roles and OTBI Transactional Analysis Duty role needed for each subject area.

Subject Area Job Role OTBI Transactional Analysis Duty Role

Procurement - Implemented Change Orders Real Time

  • Category Manager

  • Buyer

  • Procurement Contract Administrator

  • Procurement Manager

Implemented Change Order Transaction Analysis Duty

Procurement - Pending Change Orders Real Time

  • Category Manager

  • Buyer

  • Procurement Contract Administrator

  • Procurement Manager

Pending Change Order Transaction Analysis Duty

Procurement - Procure To Pay Real Time

  • Accounts Payable Manager

  • Accounts Payable Specialist

  • Accounts Payable Supervisor

  • Buyer

  • Procurement Manager

Spend Transaction Analysis Duty Role

Procurement - Purchasing Agreements Real Time

  • Category Manager

  • Buyer

  • Procurement Contract Administrator

  • Procurement Manager

Agreement Transaction Analysis Duty

Procurement - Purchasing Real Time

  • Category Manager

  • Buyer

  • Procurement Contract Administrator

  • Procurement Manager

  • Purchase Analysis

Purchase Order Transaction Analysis Duty

Procurement - Requisitions Real Time

  • Buyer

  • Procurement Contract Administrator

  • Procurement Manager

  • Purchase Analysis

Purchase Requisitions Transaction Analysis Duty

Procurement - Spend Real Time

  • Accounts Payable Manager

  • Accounts Payable Specialist

  • Accounts Payable Supervisor

  • Buyer

  • Procurement Manager

Spend Transaction Analysis Duty Role

Sourcing - Supplier Awards Real Time

  • Category Manager

  • Procurement Contract Administrator

  • Procurement Manager

Sourcing Transaction Analysis Duty

Sourcing - Supplier Negotiations Real Time

  • Category Manager

  • Procurement Contract Administrator

  • Procurement Manager

Sourcing Transaction Analysis Duty

Sourcing - Supplier Responses Real Time

  • Category Manager

  • Procurement Contract Administrator

  • Procurement Manager

Sourcing Transaction Analysis Duty

Supplier - Profile Change Request Real Time

  • Supplier Administrator

  • Supplier Manager

Supplier Master Data Transaction Analysis Duty

Supplier - Supplier Real Time

  • Purchase Analysis

  • Supplier Administrator

  • Supplier Manager

Supplier Master Data Transaction Analysis Duty

Supplier Import - Supplier Real Time

  • Purchase Analysis

  • Supplier Administrator

  • Supplier Manager

Supplier Master Data Transaction Analysis Duty

Supplier Qualification - Supplier Eligibility Real Time

  • Category Manager

  • Supplier Qualification

Supplier Eligibility Transactional Analysis Duty

Supplier Qualification - Supplier Eligibility History Real Time

  • Supplier Qualification

Supplier Eligibility History Transaction Analysis Duty

Supplier Qualification - Qualifications and Assessments Real Time

  • Supplier Qualification

Supplier Qualification Analysis Duty

Supplier Qualification - Question Responses Real Time

  • Category Manager

  • Supplier Qualification

Supplier Question and Responses Analysis Duty

Supplier Registration - Supplier Real Time

  • Purchase Analysis

  • Supplier Administrator

  • Supplier Manager

Supplier Master Data Transaction Analysis Duty

Access to Reports in the Business Intelligence Catalog

Access to functional folders in the Business Intelligence Catalog is secured using the same duty roles that secure access to the subject areas. Functional folders contain delivered analytics and reports. For example, a user who inherits the Purchase Order Transaction Analysis Duty has access to the:

  • Purchasing folder in the Business Intelligence Catalog

  • Procurement-Purchasing Real Time subject area

Reports are secured based on the folders in which they're stored. You can set permissions against folders and reports for Application Roles, Catalog Groups, or Users. The following table lists the procurement functional area folders, and the corresponding job roles and OTBI Transactional Analysis Duty role for each folder..

Functional Area Folder Job Role OTBI Transactional Analysis Duty Role

Procure To Pay

  • Accounts Payable Manager

  • Accounts Payable Specialist

  • Accounts Payable Supervisor

  • Buyer

  • Procurement Manager

Spend Transaction Analysis Duty Role

Purchasing

  • Category Manager

  • Buyer

  • Procurement Contract Administrator

  • Procurement Manager

  • Purchase Analysis

Purchase Order Transaction Analysis Duty

Sourcing

  • Category Manager

  • Buyer

  • Procurement Manager

Sourcing Transaction Analysis Duty

Spend

  • Accounts Payable Manager

  • Accounts Payable Specialist

  • Accounts Payable Supervisor

  • Buyer

  • Procurement Manager

Spend Transaction Analysis Duty Role

Supplier

  • Supplier Administrator

  • Supplier Manager

Supplier Master Data Transaction Analysis Duty

Supplier Qualification

  • Category Manager

  • Supplier Qualification

Supplier Question and Responses Analysis Duty

Supplier Question and Responses Analysis Duty, and Supplier Qualification Analysis Duty

For a list of predefined analytics and reports, see Oracle Procurement Cloud View Procurement Reports and Analyses on the Oracle Help Center.

Reporting Data

The data that's returned in reports is secured in a similar way to the data that's returned in Oracle Procurement Cloud pages. Each of the transaction analysis duty roles grants access to subject areas and Business Intelligence Catalog folders. To view the roles click Navigator > Security Console.

If you can't see buyer or requester names in analyses or reports, add the View All Workers security profile to your user role. Use the Assign Security Profiles to Role task, in the Setup and Maintenance work area.

Secured List Views

You have two options to obtain access to data using a data model that uses a SQL Query as the data source:

  • Select data directly from a database table. The data you return isn't subject to data-security restrictions. Because you can create data models on unsecured data, you should minimize the number of users who can create data models.

  • Join to a secured list view in your select statements. The data returned is determined by the security profiles that are assigned to the roles of the user who's running the report.

PII Data

Personally identifiable information (PII) tables are secured at the database level using virtual private database policies. Only authorized users can report on data in PII tables. This restriction also applies to Business Intelligence Publisher analytics and reports. The data in PII tables is protected using data security privileges that are granted by means of duty roles in the usual way.

For more information about delivered roles, see the Oracle Procurement Cloud Security Reference guide in the Oracle Help Center.

For more information about business intelligence, see the Oracle Procurement Cloud Creating and Administering Analytics and Reports guide in the Oracle Help Center.

Setting Up Security Profile to View Employee Names in Procurement Analyses

Use the Assign Security Profiles to Role task to obtain access to buyer and requester names in your analyses.

Setting Up Security Profile

If you create or run a report and can't see buyer or requester names in the report, check your person data security profile. Follow these steps to add the View All Workers security profile to your user role.

Note: A Security Manager can open and use the Assign Security Profiles to Role task.
  1. From the Navigator, click Setup and Maintenance.

  2. In the Setup and Maintenance work area, search for and open the Assign Security Profiles to Role task.

  3. On the Manage Data Roles and Security Profiles page, search for the user role to which you want to grant access. For example, Buyer.

  4. In the Search Results region, select the role and click Edit.

  5. On the Edit Data Role: Role Details page, click Next.

  6. Select View All Workers when prompted for a Public Person security profile.

  7. Click Review.

  8. Click Submit.