1. Readiness Demos Transcripts
  2. Redwood: Control Access to Work Definition Pages Using Data Security

Redwood: Control Access to Work Definition Pages Using Data Security

Welcome to the demo of the 25C feature Redwood control access to work definition pages using data security in Oracle Fusion Cloud Manufacturing. With this feature, you can control a user's ability to view, create, update, and delete manufacturing work definitions in Redwood pages using data security policies.

You can define a policy using seeded conditions, such as user item type, item category and work definition name or user defined custom conditions. Manufacturing work definitions are currently secured by organization access and function security privileges. You can either maintain, create, update, delete, work definitions or view all work definitions. With this new update, you can now administer data security policies to enable more granular control on a user's access to maintain, create, update, delete or view manufacturing work definitions using Redwood Experience.

For example, a set of users can maintain work definitions of the engine product line, but they can only view work definitions of the transmission product line. Therefore, data security for manufacturing work definitions enables granular control on the authoring, maintenance, and visibility of work definitions to align with business policies.

Now, let's walk through a short demo of this feature. First, IT security manager will set up the data policies to maintain access to work definitions of the item category "Cardio Fitness Machine" but only view access to work. Definitions of the item category "Virtual Reality Trainer." IT security manager sets up the data policies by item category code.

The maintain access data policy allows maintain, and view actions on work definitions and for items of the category "Cardio Fitness Machine" and to custom job role that is wis_manufacturing_engineer_job_custom_maintain.

And the view access data policy allows only view action on work definitions for items of category "Virtual Reality Trainer" to wis_manufacturing_engineer_job_custom_view role. Next, manufacturing engineer is assigned the custom job roles wis_manufacturing_engineer_job_custom_maintain and wis_manufacturing_engineer_job_custom_view. Next data security is enabled for manufacturing work definition business object.

Once the data policies are set up and data security is enabled on work definition. In work definitions work area, manufacturing engineer can now view work definition of item category "Cardio Fitness Machine" and assign an item structure component to work definition operation to maintain it. However, manufacturing engineer can only view work definitions of item category "Virtual Reality Trainer" but cannot create new work definition and receive security access error.

Here is the data that we would be using in the demo. The work definition is to manufacture item Fit3001 cardio fitness machine. Given are the operations, items and resources for its production.

Next, here is the work definition to manufacture item Fit5001 virtual reality trainer. Given are the operations, items and resources for its production.

Now, let's go to the demo. Sign into the application as IT security manager. Click on the Navigator at the upper-left corner of the screen. Expand the tools section and click on Security Console task. Now, navigate to the Administration tab and then click on the button Manage Database Resources.

As presented, the Manage Database Resources and policies task displays the maintain and view data security policies set up by item category code for the work definition object. Data policy rule is being set up by item category code "Cardio Fitness Machine." The data policy actions allowed for item category cardio fitness machine are view and maintain action.

The maintain action allows user to create, update, delete and copy work definitions. It also allows to edit priority, deactivate and reactivate work definitions. Whereas the view action allows user to search, view and print work definitions. View action allows the ability to export operation item assignments for ATO model work definitions.

As shown here, the data policy for item category "Cardio Fitness Machine" is assigned to a custom job role wis_manufacturing_engineer_job_custom_maintain. Similarly, data policy rule is being set up for item category code "Virtual Reality Trainer." The data policy action allowed for item category "Virtual Reality Trainer" is view action.

Next, the data policy is assigned to a custom job role, wis_manufacturing_engineer_job_custom_view.

Lastly, assign the view and maintain custom job roles to the user MFG engineer.

Next, in application dashboard, navigate to Settings and Actions at the upper-right corner and click on Setup and Maintenance task. Click on the Search task in the task list on the right side. Search and navigate to the task manage data security controls for manufacturing. Enable data security for manufacturing work definition.

The data policies setup is complete and data security is enabled. Now, sign in as manufacturing engineer. Now,

Navigate to the home page and click on the Quick Action manufacturing work definitions under the Supply Chain Execution tab. Since the user has maintain and view access on the item category for the item Fit3001 cardio fitness machine, the user can now search, view and maintain the work definitions for the item Fit3001.

Presented here is the work definition for the item Fit3001 in work definition search results. Click on the Work Definition Name Main for the item Fit3001 to view the work definition. As shown in the Operations tab, the work definition has three operations, that is assemble, test, and pack.

Navigate to item structure page in operation items tab. Listed are the item structure components for item Fit3001. Since the user has maintain access, user can assign the component cardio fitness packaging to an operation.

Navigate to operation items tab. Listed are the item structure components assigned to operation. As shown here, the component cardio fitness packaging is assigned to operation. Save and close the work definition.

Now, search the item Fit5001 of item category "Virtual Reality Trainer." Since the user has view access to the item, the item appears as part of search results as presented here, but the user cannot create work definition of item Fit5001 since it does not maintain access for its item category.

Click on the Create Work definition button to verify if user with view access can create work definition. As shown here, since user has only view access for category of item Fit5001, a security access error is thrown when you click on the Create button.

This completes the demo of Redwood control access to work definition pages using data security.

To recap, using this feature, IT security manager sets up data security policies for work definitions by item category code, providing view access for item category "Virtual Reality Trainer" and maintain access for item category "Cardio Fitness Machine."

View and maintain data policies are assigned to custom job roles such as wis_manufacturing_engineer_job_custom_view and wis_manufacturing_engineer_job_custom_maintain, respectively. View and maintain custom job roles are assigned to user manufacturing engineer.

Data security is enabled on the manufacturing work definitions object. Manufacturing engineer can now maintain and view the work definitions of item category "Cardio Fitness Machine" but can only view the work definitions of item category "Virtual Reality Trainer."

This concludes the demo of this feature. Thanks for watching.