Redwood: Refine Data Security for Sales Orders
Set up your own data access groups to control which users can create, view, and revise sales orders on Oracle Order Management's new and redesigned pages. Control access according to the user’s role, such as sales or order entry, or provide access to a single user regardless of role. Control access to each sales order according the order's attributes.
Realize these benefits:
- Streamline your workflow.
- Improve access.
- Make sure users can access only the data they need.
Before this update, you could restrict access to each sales order only according to business unit. Now you can set up a data access group to control which users can create, view, or revise sales orders according to values in these attributes on the sales order:
- Business Unit
- Order Type
- Customer
- Sales Channel
- Salesperson
You can set up precise access levels to select the members in your organization that you want to have access to specific data. For example:
- Some users need create, view, and revise access.
- Other users might need only view access.
A data access group includes:
- Members that you assign to the group according to job role or as individual users.
- Access rules that specify the order's attributes you want to use to access data.
- Permissions that specify the actions that members can do, such as create, view, and revise sales orders.
Example 1
Assume you need to set up access groups with various permissions for the Order Entry Specialist role in the North Region:
- Level 1 can create, view, and revise standard orders but only view confidential orders.
- Level 2 can create, view, and revise standard orders and confidential orders.
- Sue and Samuel are order entry specialists in the western region who occasionally assist the northern region when they enter standard orders but must not have access to confidential orders or to any orders for the top two northern customers, PennyPack Systems and Green Corp.
Here's your set up:
Group |
Members |
Attributes |
Permissions |
Order Entry, Level 1 North |
Order Entry Specialist Role, Level 1 |
Order Type equals Standard |
View Create Revise |
Order Type equals Confidential |
View |
||
Order Entry, Level 2 North |
Order Entry Specialist Role, Level 2 |
Order Type equals Standard or Confidential |
View Create Revise |
Order Entry, North Custom |
Sue Samuel |
Order Type equals Standard Customer doesn't equal:
|
View Create Revise |
Example 2
Assume you have two sales departments in the same business unit. All sales personnel need view access to all order types according to sales channel:
- Diane, June, and Joe are in the Inside Sales Team.
- Sherrie, Yin, Lily, Dhruv, and Rigo are in the Outside Sales Team.
- Each salesperson uses the Sales Representative role and needs to revise their own sales orders.
- Marie is VP of Sales and can view all sales orders.
Here's your set up:
Group |
Members |
Attributes |
Permissions |
Inside Sales Team |
Sales Representative Role, Marie, Diane, June, Joe |
Sales Channel equals Inside Sales |
View |
Salesperson equals:
|
Revise |
||
Outside Sales Team |
Sales Representative Role, Marie, Sherrie, Yin, Lily, Dhruv, Rigo |
Sales Channel equals Outside Sales |
View |
Salesperson equals:
|
Revise |
Steps to Enable
Use the Opt In UI to enable this feature. For instructions, refer to the Optional Uptake of New Features section of this document.
Offering: Order Management
Assume you need to set up the Inside Sales Team. Here's what your set up will look like:
Prepare:
- Opt in to the Redwood: Refine Data Security for Sales Orders feature. It's in the Order Management offering. If you opt in, you're committed to using this feature. You can't opt out after you opt in.
-
Sign out, sign in, go to your home page, click Order Management, then click the Data Access Groups for Sales Orders quick action. It's under Order Management Configuration.
-
This feature removes access to sales orders for all users when you opt in to the feature. To restore this access, you must create an access group for users and roles who need immediate access to all orders. You can then set up groups and add users when you refine access and privileges for your organization. On the Data Access - Sales Order page, click Create Group, then set up a rule that provides access to all orders with create, view, and revise permissions.
- Name your group and add the roles or users who must access all sales orders. On the Access Rules tab, select the All attribute and set it to Yes. For example:
Set these attributes for the rule:
Access Rule Name |
Description |
View |
Create |
Revise |
Status |
Valid From |
Valid Until |
All Access |
Group for users who will have access to all sales orders. |
Yes |
Yes |
Yes |
Active |
Today's date |
Leave empty |
Set up your main groups and rules:
- On the Data Access - Sales Order page, click Create Group.
- On the New Group page, enter a name and description, click Activate to activate the group, then enter the start date and end date.
- In the Group Members section, select roles or users. For example, select Order Entry Specialist and Sales Representative. You can also add single users in the Additions section, select your user name, then click Apply > Save.
- Click Access Rules, then add your first rule for the Sales Channel Attribute. Save the rule and enable the View option and Create option.
- Add your next rule for the Salesperson attribute. Make sure you enable the Revise option.
- Finish your setup, then notice that the Data Access - Sales Order page displays the number of access rules. Click the number to view your rules.
Tips And Considerations
- There are no predefined access groups. You must set up your own.
- This feature affects access when you use the salesOrdersForOrderHub REST API. You must make sure you set up your rules so you can continue to create, view, and revise data through salesOrdersForOrderHub.
Key Resources
Access Requirements
Users who are assigned a configured job role that contains these privileges can access this feature:
- Manage Security Access to Data for Sales Orders (FOM_MANAGE_DATA_SECURITY_PRIV)