Redwood: Control Access to Work Definition Pages Using Data Security
Control a user's ability to view, create, update, and delete manufacturing work definitions in Redwood pages using data security policies. You can define a policy using seeded conditions, such as user item type, item category, and work definition name, or user-defined conditions.
Manufacturing work definitions are currently secured by organization access and function security privileges. You can either maintain (create, update, delete) work definitions or view all work definitions.
With this new update, you can now administer data security policies to enable more granular control on a user's access to maintain (create, update, delete) or view manufacturing work definitions, using Redwood experience. For example, a set of users can maintain work definitions of the engine product line, but they can only view work definitions of the transmission product line.
The following screenshot shows the error message that is displayed when the user tries to create a work definition for an item category, for which the user has only view access.
Work Definition Data Security Error
A data security policy is defined by specifying a predefined or configured condition and one or more actions. The data security policy is assigned to predefined or configured job roles.
The following screenshot shows data security policies that have been defined for various conditions for a configured role.
Data Security Policies
The following conditions are predefined. You can also define your own conditions.
- By User Item Type, such as finished good or purchased item.
- By Item Category, such as engine or transmission.
- By Work Definition Name, such as Main or Rework.
The following actions are predefined. You can't define your own actions.
- Maintain: Allows access to create, update, and delete work definitions, including deactivate and reactivate work definitions. The Maintain action doesn't encompass the View action.
- View: Allows access to search and view work definitions, includes access to print the work definition report.
After defining data security policies in the security console, you must also enable data security for manufacturing work definitions using the Manage Data Security Controls for Manufacturing task in the Setup and Maintenance work area.
Data security for manufacturing work definitions enables granular control on the authoring, maintenance, and visibility of work definitions to align with business policies.
Here's the demo of these capabilities:
Steps to Enable
Enabling data security for manufacturing work definitions is a 2-step process. The first step is to define data security policies, and the second step is to enable data security for the manufacturing work definition business object. If you have already enabled these in a prior update, you don't need to perform any additional actions.
To define data security policies, use the following steps:
- In the Setup and Maintenance work area, navigate to the following:
- Offering: Manufacturing and Supply Chain Materials Management
- Functional Area: Users and Security
- Task: Manage Data Security Policies
- Navigate to the Administration page, then to the Manage Database Resources page.
- Search for object name WIS_WORK_DEFINITIONS.
- Create a new policy by specifying a predefined or configured condition, one or more actions, and job roles.
To enable data security for the manufacturing work definition business object, use the following steps:
- In the Setup and Maintenance work area, navigate to the following:
- Offering: Manufacturing and Supply Chain Materials Management
- Functional Area: Manufacturing Master Data
- Task: Manage Data Security Controls for Manufacturing
- Select the Enable Data Security checkbox for the Manufacturing Work Definition business object.
Manage Data Security Controls for Manufacturing
Tips And Considerations
- Once the feature is enabled, data security for work definition is enabled for all interfaces, including the Redwood user experience. It's applicable for all manufacturing work methods.
- If data security for manufacturing work definition is enabled, but data security policies aren't defined, then users won't have access to any work definitions.
- To maintain work definitions using the user interface and ADFdi, you must assign both the View and Maintain actions, whereas using FBDI and REST, you need to assign only the Maintain action.
- The most restrictive access between the privilege and action applies to the user. For example, if the user has the Manage Work Definitions function privilege, but the data security policy allows only View action, then the work definitions that the user can assess based on the data security policy will be in view-only mode.
- Organization access will continue to be granted using the Manage Manufacturing Plant Data Access for Users task in the Setup and Maintenance work area.
- Refer to the documentation on managing data security policies at: https://docs.oracle.com/cd/E25054_01/fusionapps.1111/e20839/datasecurity.htm
- For an improved, end-to-end user experience, you can enable the following Redwood pages that use data security:
- Work Definition landing page
- Use the Redwood Work Definition Landing Page Enabled profile option. Refer to the 25A feature Redwood: Model Plant Setups and Work Definitions Using a New Home Experience for more information.
- Work Definition pages
- Use the Redwood Work Definitions Enabled profile option. Refer to the following features:
- Work Definition landing page
Key Resources
- Watch the Redwood: Control Access to Work Definition Pages Using Data Security demo.
- Refer to Manage Data Security Policies.
- Refer to Data Security for Work Definitions
- Refer to 23D Control Access to Manufacturing Work Definitions Using Data Security
Access Requirements
Users who are assigned a configured job role that contains these privileges can access this feature:
- Manage Application Data Security Policy (FND_APP_MANAGE_DATA_SECURITY_POLICY_PRIV)
- Configure Manufacturing Data Security (WIS_CONFIGURE_DATA_SECURITY_PRIV)