Redwood: Refine Data Security for Sales Orders

Set up your own data access groups to control which users can create, view, and revise sales orders on Oracle Order Management's new and redesigned pages. Control access according to the user’s role, such as sales or order entry, or provide access to a single user regardless of role. Control access to each sales order according the order's attributes.

Realize these benefits:

Streamline your workflow.
Improve access.
Make sure users can access only the data they need.

Before this update, you could restrict access to each sales order only according to business unit. Now you can set up a data access group to control which users can create, view, or revise sales orders according to values in these attributes on the sales order:

Business Unit
Order Type
Customer
Sales Channel
Salesperson

You can set up precise access levels to select the members in your organization that you want to have access to specific data. For example:

Some users need create, view, and revise access.
Other users might need only view access.

A data access group includes:

Members that you assign to the group according to job role or as individual users.
Access rules that specify the order's attributes you want to use to access data.
Permissions that specify the actions that members can do, such as create, view, and revise sales orders.

Example 1

Assume you need to set up access groups with various permissions for the Order Entry Specialist role in the North Region:

Level 1 can create, view, and revise standard orders but only view confidential orders.
Level 2 can create, view, and revise standard orders and confidential orders.
Sue and Samuel are order entry specialists in the western region who occasionally assist the northern region when they enter standard orders but must not have access to confidential orders or to any orders for the top two northern customers, PennyPack Systems and Green Corp.

Here's your set up:

Group	Members	Attributes	Permissions
Order Entry, Level 1 North	Order Entry Specialist Role, Level 1	Order Type equals Standard	View Create Revise
		Order Type equals Confidential	View
Order Entry, Level 2 North	Order Entry Specialist Role, Level 2	Order Type equals Standard or Confidential	View Create Revise
Order Entry, North Custom	Sue Samuel	Order Type equals Standard Customer doesn't equal: PennyPack Systems Green Corp.	View Create Revise

Example 2

Assume you have two sales departments in the same business unit. All sales personnel need view access to all order types according to sales channel:

Diane, June, and Joe are in the Inside Sales Team.
Sherrie, Yin, Lily, Dhruv, and Rigo are in the Outside Sales Team.
Each salesperson uses the Sales Representative role and needs to revise their own sales orders.
Marie is VP of Sales and can view all sales orders.

Here's your set up:

Group	Members	Attributes	Permissions
Inside Sales Team	Sales Representative Role, Marie, Diane, June, Joe	Sales Channel equals Inside Sales	View
		Salesperson equals: Diane June Joe	Revise
Outside Sales Team	Sales Representative Role, Marie, Sherrie, Yin, Lily, Dhruv, Rigo	Sales Channel equals Outside Sales	View
		Salesperson equals: Sherrie Yin Lily Dhruv Rigo	Revise

Steps to Enable

Use the Opt In UI to enable this feature. For instructions, refer to the Optional Uptake of New Features section of this document.

Offering: Order Management

Assume you need to set up the Inside Sales Team. Here's what your set up will look like:

xxxxxxxxx

Prepare:

Opt in to the Redwood: Refine Data Security for Sales Orders feature. It's in the Order Management offering. If you opt in, you're committed to using this feature. You can't opt out after you opt in.
Sign out, sign in, go to your home page, click Order Management, then click the Data Access Groups for Sales Orders quick action. It's under Order Management Configuration.
This feature removes access to sales orders for all users when you opt in to the feature. To restore this access, you must create an access group for users and roles who need immediate access to all orders. You can then set up groups and add users when you refine access and privileges for your organization. On the Data Access - Sales Order page, click Create Group, then set up a rule that provides access to all orders with create, view, and revise permissions.
Name your group and add the roles or users who must access all sales orders. On the Access Rules tab, select the All attribute and set it to Yes. For example:

All Access Rule Example

Set these attributes for the rule:

Access Rule Name	Description	View	Create	Revise	Status	Valid From	Valid Until
All Access	Group for users who will have access to all sales orders.	Yes	Yes	Yes	Active	Today's date	Leave empty

Set up your main groups and rules:

On the Data Access - Sales Order page, click Create Group.
On the New Group page, enter a name and description, click Activate to activate the group, then enter the start date and end date.
In the Group Members section, select roles or users. For example, select Order Entry Specialist and Sales Representative. You can also add single users in the Additions section, select your user name, then click Apply > Save.
Click Access Rules, then add your first rule for the Sales Channel Attribute. Save the rule and enable the View option and Create option.
Add your next rule for the Salesperson attribute. Make sure you enable the Revise option.
Finish your setup, then notice that the Data Access - Sales Order page displays the number of access rules. Click the number to view your rules.

Tips And Considerations

There are no predefined access groups. You must set up your own.
This feature affects access when you use the salesOrdersForOrderHub REST API. You must make sure you set up your rules so you can continue to create, view, and revise data through salesOrdersForOrderHub.

Key Resources

Access Requirements

Users who are assigned a configured job role that contains these privileges can access this feature:

Manage Security Access to Data for Sales Orders (FOM_MANAGE_DATA_SECURITY_PRIV)