Redwood: Secure Workflows Using Access Control Lists

You can now define what actions a user can perform on the workflow using criteria-based access control. Access can be granted to individual users, or based on filtered lists that group users by location or business unit to the Team. You can control access to each workflow by creating conditions based on basic and extensible flexfield attributes and assigning permissions to various workflow groups.  Additionally, you have the flexibility to selectively hide or display attribute groups, including extensible attribute groups.

Previously, a user's permissions and actions within a workflow were solely determined by the configuration in the Manage Change Order Types task. This setup task, at the change type level, defined whether a user could act as a Creator, Requestor, Assignee, or another role. 

With the implementation of access control lists (ACLs), the application now validates both the additional workflow controls (AWC) and ACL to determine permissions for the actions within a workflow. A user must be explicitly granted both access controls and additional workflow controls  to perform a specific action on the workflow. If either of this isn’t available, the user will be unable to access or perform an action.

Administrators within an organization will now have the capability to establish specific teams and permission sets, with tailored conditions, for workflow objects. This allows them to control and grant access permissions for various actions, including creating, discovering, deleting, viewing, managing, changing status, and publishing. The admin can assign these permissions to ensure a controlled and organized workflow process.

Access can be controlled through Teams:

  • Team – A team comprises a set of users, filtered lists, and one or more permission sets.
    Members can be added to the team individually, or derived from a filtered list of workers who match certain membership conditions. 

  • Permission Sets - Each permission set contains individual permissions. Each permission identifies the object for which permission is given, the conditions that must be met, the type of access to be granted, and the attribute groups the team can access.

For example- The administrator wants to give component engineers based out of New York City or Houston permission to view all Engineering Change Orders and restrict manage permission to some Commercial Change Orders.

To enable criteria-based access control, you must perform these configuration tasks. 

  1. Create team members.
  2. Create permission sets with data access conditions.
  3. Create teams, add users or filtered lists, and apply permission sets.

You can add the following members (or users) in your team.

  • Users: These are individual users created in Security Console.
  • Filtered Lists: These are workers added to a group using a condition on the Worker attribute.

NOTE: If you're assigning users directly, there's no need to convert users into workers. However, if you plan to use filtered lists, then the user must be converted to a worker. For details on how to create filtered list refer to Redwood: Secure Manufacturers Using Access Control Lists.

Link for Teams on Product Management Landing Page

Link for Teams on Product Management Landing Page

Configure Teams

Navigate to Product Management home page > In Actions > click Teams.

On the Search Teams page, you can search for existing teams or create new teams. For each team, you can add users and select the applicable permission sets.

Search Page for Teams

Search Page for Teams

To create a new team:

  1. In the Teams Search page, click Create.
  2. In the Create Team page, provide these details:
    • Name- Unique name for the team
    • Description- A short description of the team.
    • Status- Set the status of the team to Active.
  3. In Filtered Lists:
    • Add individual users you want in your team.
    • Add members based on the membership conditions defined for your filtered list.
  4. In the Permission Set tab:
    • Add the permissions you created in the Permission Set page.
  5. Click Save and Close.

Members Tab on the Create Team Page

Members Tab on the Create Team Page

Permission Sets Tab on the Create Team Page

Permission Sets Tab on the Create Team Page

Create Permission Sets with Access Conditions

Permission sets enable you to define access on workflows and other objects. In each of the permission set you can add multiple permissions on workflows granting access to the workflow for the team members. 

You can provide access to workflows conditionally using permissions such as, create, view, manage, discover, delete, change status and publish.

Using a permission set you can control the visibility of tabs appearing on the workflow details page, thereby controlling the shape of the workflow object. This can be done by configuring access to an attribute group or table using the Access To column, where you can specify which tabs are accessible to the user. For example, if a user is granted access only to Basic Attributes, Attachments, and Relationship, they will only be able to see these three tabs, while the others will remain hidden.

On the Search Permission Sets page, you will see a listing of the permission sets that have already been created. Here’s what you can do:

  • Search for specific permission sets. 
  • See details of the permission set by clicking the name of the permission set .
  • Sort the permission sets by the columns.

Search Page for Permission Sets

Search Page for Permission Sets

To create a permission set, click Create on the Search Permission Sets page and add these details:

  1. Name- Unique name of the permission set.
  2. Description- Short description on the permission set.
  3. Add permissions:
  • Object- contains a list of objects in the application. Select Workflow. 
  • Condition- helps narrow down the object by applying filters on object attributes. Select a condition from the list of available conditions or click Create Condition to create a new condition.
  • Permission- select one of CreateDeleteDiscoverViewManageChange Status, and Publish, depending on what the team should be able to do. The assigned permissions on the parent change order type will be inherited by its corresponding child change order types.

    • Create - allows the user to create a workflow. On a create permission user can setup a condition with a change type and organization only, where the change order type is required. Once the user enables the access control list, the application  will ignore the Creator list defined in the Manage Change Order Type setup task  and only honor the create permission (in the access control list).

    • Delete - allows the user to assign a workflow to a delete group, facilitating its deletion.

    • Discover - allows the user to view only the change number of the workflow in relationships, item changes tab and so on. The workflows with only discover permission can’t be searched.

    • Manage - allows the user to edit the workflow including its attribute groups and perform actions on tabs. A user’s actions on the workflow are governed by a combination of the additional workflow controls in the change type setup and the access control list. When a user is granted the manage permission, the application checks the additional workflow controls to determine the specific actions the user is authorized to perform.
      Here are the actions a user can perform depending on the configuration in the permission set and additional workflow controls.

      In Permission Set

      In Additional Workflow Controls (Manage Change Order Types Task)

      Manage Permission + Access To Tasks

      Add Task Configuration

      Remove Task configuration

      Update Task configuration

      User Actions in Tasks tab on Change Orders

      No

      Yes

      Yes

      Yes

      Can’t add, update, or remove tasks.

      Yes

      No

      No

      No

      Can’t add, update, or remove tasks.

      Yes

      Yes

      Yes

      Yes

      Users can update tasks

      Yes

      No

      No

      Yes

      Users can update tasks. They can’t add or remove tasks.

      Yes

      Yes

      No

      No

      Users can add  new tasks. They can’t update or remove tasks.

      Yes

      No

      Yes

      No

      Users can remove tasks. They can’t add or update tasks.

    • View - allows the user to view and examine the workflows detail. Users can selectively view the change header, descriptive flexfields, extensible flexfields, and individual workflow tabs.

    • Change Status -  allows the user to promote or demote the workflow status, which also checks the additional workflow control named Cancel Change Orders or Lines is set to Yes for cancelling the workflow.

    • Publish - allows the user to publish the workflow. 

  1. Access To: control the workflow attribute groups and entities by selecting the groups and entities you want the teams to access. 
    Note that:

  • You can control access to attribute groups when using the View and Manage permissions.
  • You can’t control access to attribute groups when using the Create, Discover, Delete, Change Status, and Publish permissions.

New Permission Set Page Showing All Permissions Applicable for Workflows

New Permission Set Page Showing All Permissions Applicable for Workflows

Select the Attribute Groups for the Workflow

Select the Attribute Groups for the Workflow

Example of a Permission Set 

You can create a permission set for a workflow that allows you to:

  1. Create workflow in the change type Design Change Orders.
  2. Discover all workflows in the application.
  3. Delete all Engineering Change Orders.
  4. View basic attributes, affected items, and relationships on all engineering change orders.
  5. Manage only Basic Attributes on all Engineering Change Orders.
  6. Change the status on all problem reports.
  7. Publish all commercial change orders.

Create a Condition

A condition is used to define restrictions on workflows based on the workflow attributes. Users can create a condition on one or more workflow attributes.

Click Create Condition on the New Permission Set page to create a new condition for the workflow. 

Add these details:

  1. Rule Name- A unique name for the condition.
  2. Description- A short description of the condition
  3. Active- By default, this is set to Yes.
  4. Add Rule
  • Attribute- Select the attribute on which you want the rule to be set up. You can add a rule on basic attributes or extensible flexfield attributes of the workflows.
  • Operator- Select an operator such as equals, is, or not equal to.
  • Value- Provide the attribute value.

Here’s what you can use to group workflows:

  • Change header attributes.
  • Customer, source, supplier, and manufacturer attributes.
  • Change extensible flexfield attributes - single row.
  • Workflow presence indicators, has attachments, has tasks, and has relationships.

Here’s a screen showing a condition for filtering the workflow where the Priority attribute is set to High. This condition is to ensure the user can view only high priority workflows in the Engineering Change Order change type.

Create a Condition for Engineering Change Orders with High Priority

Create a Condition for Engineering Change Orders with High Priority

NOTE: Rebuild the workflow index after creating permission sets and activating your teams to ensure data security is applied the first time you enable the profile option Enable Access Control List for Workflows.

Example of Data Access Groups for Workflow

Consider that you want to create teams that function as data access groups for users located in the US.

  • Team 1: Component Engineers who can create and manage Engineering Change Orders but only view Change Requests. They can manage all attributes except Change Cost extensible flexfield attributes.
  • Team 2: Change Analysts who have permission to add and edit workflow approvers and participants, add affected objects, modify relationships, change status, and publish the workflow in the respective statuses. They can only see the workflow number for workflows in the CHIP Design Update, as they hold only the discover permission for this Workflow Type.
  • Team 3: Suppliers who are U.S. based can add and edit the supplier comments of a problem report for which they are the suppliers, and the extensible flexfield attribute Location is set to US.
  • Team 4: John and Sam are the Product Change Approvers, who only require viewing the Changes Order Header and Product Design related extensible flexfield attributes, affected object redlines, and summary report before approval.

Example of Filtered Lists and User-Based Access

Organizations can maintain a clear hierarchy of permissions, enhancing security and efficiency in their SCM operations. 
Team A grants view-only access to all company users, ensuring visibility. 
Team B, a more exclusive group, empowers top management, managers, component engineers, and product engineers to manage workflows.
Team C is tailored for product engineers, enabling them to create new workflows.

Team Name

Users and Filtered Lists

Permission

Condition

Access Groups

Team 1

Component Engineers

Create

Type = Engineering Change Order

Not Applicable

Component Engineer

Manage

Type = Engineering Change Order

All attributes and Tabs

Component Engineer

View

Type = Change Request

All attributes and Tabs

Team 2

Change Analysts

Manage

Type = Commercialization Change Order
EFF. Compliance = Yes

Basic Attributes
Affected Objects
Workflow Activity
Relationship

Change Analysts

Change Status

Type = Commercialization Change Order
EFF. Compliance = Yes

Not Applicable

Change Analysts

Publish

Type = Commercialization Change Order
EFF. Compliance = Yes

Not Applicable

Change Analysts

Discover

Type = CHIP Design Update

Not Applicable

Team 3

US Suppliers

Manage

Muletiselect.EFF.Location= US

EFF.Supplier Comments

Team 4

John, Sam

View

Type = Engineering Change Order

Basic Attributes
EFF.AG.ProductDesign data
Affected Objects

Team A

All Users

View

Type = Engineering Change Order
Priority - Medium and High

Access To All attributes and Tabs

Team B

Manager Gorup
Component Engineers
Product Engineers

Manage

Type = Engineering Change Order
Priority - Medium and High

Access To All attributes and Tabs

Change Status

Type = Engineering Change Order
Priority - Medium and High

Not Applicable

Publish

Type = Engineering Change Order
Priority - Medium and High

Not Applicable

Team C

Product Engineers

Create

Type = Engineering Change Order

Not Applicable

Setting up Access Control Lists Along with Additional Workflow Controls

With the introduction of criteria-based access control for workflows, a new validation process now governs user actions within a specific workflow. The process evaluates a user’s permissions based on two main factors:

  • The access control configured for the specific workflow.
  • The additional workflow control set up associated to the user’s role for the specific workflow type, configured through the Manage Change Order Types task.

For instance, a user who is also the requestor of a specific workflow instance can add, remove, and update workflow attachments only if the following conditions are met:

  • The user is included in an access control team, either as part of a filtered list, or individually, and has been granted the Manage permission for workflow attachments. This permission contains the specific condition that includes the current workflow instance.
  • In the additional workflow control, Manage Change Header Attachments is set to Yes for requestors.

From this update onward, new permissions must be included in a permission set for actions in additional workflow controls (AWC) to remain effective. The  table lists AWC and the corresponding permissions required for the AWC actions to be effective.

Workflow Status

Actions in Additional Workflow Controls

Permission + Selections in the Access To Column of Permission Set

Open

Promote Manually - To Any Status

Change Status Permission

Promote Manually - To Next Status

Change Status Permission

Add Participants for Current Status

Manage Permission - Workflow Activity

Remove Participants for Current Status

Manage Permission - Workflow Activity

Manage Change Header Attributes - All

Manage Permission - Basic Attributes + EFF + DFF + Customer/Manufacturer/Supplier/Supp)

Manage Change Header Attributes - Standard

Manage Permission - Basic Attributes + (Customer/Manufacturer/Supplier/Supp)

Manage Change Header Attributes -Addition information

Manage Permission - EFF Attribute Group and Additional Attributes

Manage Attachments

Manage Permission - Attachments

Manage Affected Objects

Manage Permission - Affected Objects

Cancel Change Orders or Lines

Change Status Permission for Cancel Change Orders

Manage Permission - Affected objects for Cancel Change Lines

Move Change Lines

Manage Permission - Affected Objects

Add Participants for Future Status

Manage Permission - Workflow Activity

Remove Participants for Future Status

Manage Permission - Workflow Activity

Manage Relationships

Manage Permission - Relationships

Add Tasks

Manage Permission - Tasks

Remove Tasks

Manage Permission - Tasks

Update Tasks

Manage Permission - Tasks

Approval

Demote Manually - To Any Status

Change Status Permission

Demote Manually - To Next Status

Change Status Permission

Add Participants for Current Status

Manage Permission - Workflow Activity

Remove Participants for Current Status

Manage Permission - Workflow Activity

Manage Change Header Attributes - All

Manage Permission - Basic Attributes + EFF + DFF + Customer/Manufacturer/Supplier/Supp

Manage Change Header Attributes - Standard

Manage Permission - Basic Attributes + (Customer/Manufacturer/Supplier/Supp)

Manage Change Header Attributes -Addition information

Manage Permission - EFF Attribute Group and Additional Attributes

Manage Attachments

Manage Permission - Attachments

Terminate or Restart Approvals

Manage Permission - Workflow Activity

Cancel Change Orders or Lines

Change Status Permission for Cancel Change Orders

Manage Permission - Affected objects for Cancel Change Lines

Move Change Lines

Manage Permission - Affected Objects

Add Participants for Future Status

Manage Permission - Workflow Activity

Remove Participants for Future Status

Manage Permission - Workflow Activity

Manage Relationships

Manage Permission - Relationships

Add Tasks

Manage Permission - Tasks

Remove Tasks

Manage Permission - Tasks

Update Tasks

Manage Permission - Tasks

Scheduled

Add Participants for Current Status

Manage Permission - Workflow Activity

Remove Participants for Current Status

Manage Permission - Workflow Activity

Manage Change Header Attributes - All

Manage Permission - Basic Attributes + EFF + DFF + (Customer/Manufacturer/Supplier/Supp)

Manage Change Header Attributes - Standard

Manage Permission - Basic Attributes + (Customer/Manufacturer/Supplier/Supp)

Manage Change Header Attributes -Addition information

Manage Permission - EFF Attribute Group and Additional Attributes

Manage Attachments

Manage Permission - Attachments

Cancel Change Orders or Lines

Change Status Permission for Cancel Change Orders

Manage Permission - Affected objects for Cancel Change Lines

Move Change Lines

Manage Permission - Affected Objects

Reschedule Change Orders

Manage Permission - Affected Objects

Add Participants for Future Status

Manage Permission - Workflow Activity

Remove Participants for Future Status

Manage Permission - Workflow Activity

Manage Relationships

Manage Permission - Relationships

Add Tasks

Manage Permission - Tasks

Remove Tasks

Manage Permission - Tasks

Update Tasks

Manage Permission - Tasks

Completed

Add Participants for Current Status

Manage Permission - Workflow Activity

Remove Participants for Current Status

Manage Permission - Workflow Activity

Manage Change Header Attributes - All

Manage Permission - Basic Attributes + EFF + DFF + Customer/Manufacturer/Supplier/Supp

Manage Change Header Attributes - Standard

Manage Permission - Basic Attributes + (Customer/Manufacturer/Supplier/Supp)

Manage Change Header Attributes -Addition information

Manage Permission - EFF Attribute Group and Additional Attributes

Manage Attachments

Manage Permission - Attachments

Move Change Lines

Manage Permission - Affected Objects

Manage Relationships

Manage Permission - Relationships

Add Tasks

Manage Permission - Tasks

Remove Tasks

Manage Permission - Tasks

Update Tasks

Manage Permission - Tasks

Permissions Required to Add Affected Objects

The Redwood pages, provide two primary methods to add an affected object to a workflow:

On the workflow object:

  • Go to Affected Objects tab and add the affected object.
    You will require the Manage Permission on Affected Objects.

On the item object:

  • Click Actions on an item. You will require the View or Manage permission on the item)
    Select Assign to Change Order and Save to change order.

  • To create a new change order, you will require the Create Permission.
    To assign the item to an existing change you will require the Manage permission on the Affected Objects Tab for the specific workflow.

Generate Workflow Instance Report

You can now generate the workflow instance report from the Search Teams page to view which users have access to the workflow. Here’s how:

  1. Select Generate Object instance Report from Actions menu on the Search Teams page.
  2. In the Generate object instance report drawer:
    • Object Type: Select Workflow.
    • Select the workflows for which you want to generate the report and click the + (plus) icon.
    • Click Generate.
      The job ID appears.
  3. Navigate to Scheduled Processes Page.
  4. Search for Generate Oracle Analytics Publisher Report and download the report.
  5. In the report and download the attachment TeamsWorkflowInstanceReport.

Select Generate Object Instance Report from the Actions Menu

Select Generate Object Instance Report from the Actions Menu

Generate Object Instance Report Drawer

Generate Object Instance Report Drawer

Confirmation Message and Job ID Appearing on Click of Generate

Confirmation Message and Job ID Appearing on Click of Generate

Analyze the Teams Using Oracle Transactional Business Intelligence (OTBI)

You can use the new subject area Product Management - Teams Real Time in OTBI to analyze team configurations, including team members, assigned permission sets, associated conditions and so on.

Product Management - Teams Real Time Subject Area

Product Management - Teams Real Time Subject Area

Here’s some information on the folders in the new subject are

  • ACL - includes metrics that provide the count of teams, permission sets and conditions.
  • Member Details - includes information such as name, email address, department, rules from HCM (created as filtered list), and so on.
  • Permission Set Details - displays details such as permission name, condition name and their associated object.
  • Team Details - provides team name, description, and the team status.

Here, users can use the columns available in the folders to analyze and verify the conditions, permission sets, and members associated with a specific team.

Here’s an example of a report to show one of the ways you can use the new subject area to analyze and verify the team configuration.

In a globally operating company, the admin is responsible for ensuring that Product Managers in each region have access to the specific items manufactured in their respective locations. To verify what has been configured in the application, the admin can create an OTBI report, which includes Team Details, Member Details, Permission Sets, and Object Details—providing a comprehensive view of the Access Control List setup for assigning item access to the relevant Product Managers.

Report in OTBI Showing the Details of Team Configuration

Report in OTBI Showing the Details of Team Configuration

Scheduled Processes

  • Refresh the Access Control List for the Teams: This process runs automatically whenever you save a permission set used in a team or add a permission set to a team. If you disable and then enable the profile option (Enable Access Control List for workflows), you'll need to run this process manually.
  • Update the Members List Based on Membership Criteria -Run this first time you associate filtered lists to the team. You can specify the frequency at which the member list should be refreshed, based on how often member data is likely to change. You can run this when members are moving divisions, joining the organization or leaving the organization and you want to refresh the data before the scheduled refresh you can run this job. For this job to work you need to enable Atom Feeds. For more information, see Atom Feeds.

Here's how this feature benefits your business: 

  • Allows administrators to define granular access control such as create, view, manage, change status, publish or delete and provides control to define who has access to item data. 
  • Provides flexible user management to manage permissions in multiple distinct manners such as assigning users, conditions, and so on.
  • Enables easy identification and readability of privileges that are assigned to each user. 
  • Reduces time and effort when managing the security of your workflow data because your list of workers can be built dynamically based on specified conditions.
  • Enables or restricts access at the workflow tab level or within specific types of attributes and attribute groups.
  • Allows restricted members to add affected objects to the workflows.

Steps to Enable

To use criteria-based access control for workflows, you must enable the profile option Enable Access Control List for Workflows.  By default, the profile option is set to No.

On enabling the profile option, the workflow continues to honor the existing security settings till you create a permission and permission set.

NOTE: Once the profile option is enabled and a permission is created for workflow, all workflows in the application will become private, regardless of their current public or private settings. You must manually assign user permissions to these workflows.

Tips And Considerations

  • Workflows on Redwood pages, REST APIs, and SOAP services are secured when you enable access control.
  • Adding a change type in conditions on workflows is required to provide a create permission. This means that a user will be able to create workflows only on those change types.
  • The application validates whether the user has the manage permission to access affected objects, while an item is added to the workflow using the following options:
    • Add to Change Order ( or Change Request, Problem Report, or Corrective Actions).
    • Save to Workflow.
  • Users can add relationships on items and workflows only if they’re assigned the view or manage permission to that object.
    • Users can create or edit the relationship rule if they have the manage permission for workflow activity.
  • You can generate an object instance report for a particular workflow from the Search Teams page to view which users have access to the workflow.
  • Users can view only the workflow attributes and sheets they have access to in the Change Summary Report. To view redline related data, they will require access to affected objects.

Key Resources

  • Oracle Supply Chain Management Cloud: Implementing Product Management guide, available on the Oracle Help Center.

Access Requirements

Users who are assigned a configured job role that contains these privileges can access this feature:

To configure conditions for workflows using a filtered list:

  • Use REST Service - Identity Integration (ASE_REST_SERVICE_ACCESS_IDENTITY_INTEGRATION_PRIV)
  • Use Atom Feed - Employees Workspace (PER_ATOM_WORKSPACE_ACCESS_EMPLOYEES_PRIV)
  • Manage HCM Lists (HRC_MANAGE_HCM_LISTS_PRIV)
  • Human Capital Management Application Administrator (ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB)

To configure teams, permission sets, and conditions:

  • Manage Landing Page Layout(EGP_MANAGE_LANDING_PAGE_LAYOUT_PRIV)
  • Access HCM Common Components (HRC_ACCESS_HCM_COMMON_COMPONENT)
  • Manage Search Consumer Applications Rest (EGP_MANAGE_SEARCH_CONS_REST_PRIV)
  • Monitor Product Development (ACA_MONITOR_PRODUCT_DEVELOPMENT_PRIV)
  • Configure Access Control Teams, Permission Sets, and Conditions (EGP_ACCESS_CONTROL_TEAMS_PRIV)
  • Use REST Service - Identity Integration (ASE_REST_SERVICE_ACCESS_IDENTITY_INTEGRATION_PRIV)
  • Use Atom Feed - Employees Workspace (PER_ATOM_WORKSPACE_ACCESS_EMPLOYEES_PRIV)
  • Manage HCM Lists (HRC_MANAGE_HCM_LISTS_PRIV)
  • Manage HCM Rules (HRC_MANAGE_HCM_RULES_PRIV)
  • Run Scheduled Processes (HEY_RUN_SCHEDULED_PROCESSES_PRIV)
  • Manage Scheduled Processes(FND_MANAGE_SCHEDULED_PROCESSES_PRIV)
  • Access Product Management Landing Page (EGP_ACCESS_LANDING_PAGE_PRIV)
  • Manage Scheduled Job Definition (FND_MANAGE_SCHEDULED_JOB_DEFINITION_PRIV)
  • Access Users (EGP_ACCESS_USERS_PRIV)
  • View product management search (EGP_VIEW_PRODUCT_MGT_SEARCH_PRIV)

To view or edit workflows on the workflow pages, or to access notifications, You should have the following privileges:

For change orders:

  • View Change Order (ACA_VIEW_CHANGE_ORDERS_PRIV) or
  • Manage Change Orders (ACA_MANAGE_CHANGE_ORDERS_PRIV)

For change requests:

  • View Change Request (ACA_VIEW_CHANGE_REQUESTS_PRIV) or
  • Manage Change Requests (ACA_MANAGE_CHANGE_REQUESTS_PRIV)

For problem reports:

  • View Problem Report (ACA_VIEW_PROBLEM_REPORTS_PRIV) or
  • Manage Problem Report (ACA_MANAGE_PROBLEM_REPORT_PRIV)

For corrective and preventive actions: 

  • View Corrective Action (ACA_VIEW_CORRECTIVE_ACTIONS_PRIV) or
  • Manage Corrective Action (ACA_MANAGE_CORRECTIVE_ACTION_PRIV)

To create workflows from the search pages or when using links in Actions in the Product Management home page:

  • Create Change Order (EGO_CREATE_CHANGE_ORDER_PRIV)

To create a change order from the item, either through a Needs Approval rule or by using the Assign to action:

  • Create Change Order (EGO_CREATE_CHANGE_ORDER_PRIV)
  • Manage Change Orders (ACA_MANAGE_CHANGE_ORDERS_PRIV)

To approve or reject workflows:

  • Approve Item Change Order (EGO_APPROVE_ITEM_CHANGE_ORDER_PRIV)

To move change order lines to a new change order:

  • Create Change Order (EGO_CREATE_CHANGE_ORDER_PRIV)
  • Manage Change Orders (ACA_MANAGE_CHANGE_ORDERS_PRIV)

To move change order lines to an existing change order:

  • Manage Change Orders (ACA_MANAGE_CHANGE_ORDERS_PRIV)

To reschedule change lines, resolve revision conflict and Fill up-down actions on the affected objects :

  • Manage Change Orders (ACA_MANAGE_CHANGE_ORDERS_PRIV)

To publish changes order:

  • View Change Order (ACA_VIEW_CHANGE_ORDERS_PRIV) or
  • Manage Change Orders (ACA_MANAGE_CHANGE_ORDERS_PRIV)
  • Publish Change Order (ACA_PUBLISH_CHANGE_ORDER_PRIV)

To change status, delete, terminate, restart or cancel a workflow:

  • Manage Change Orders (ACA_MANAGE_CHANGE_ORDERS_PRIV)
  • Manage Change Requests (ACA_MANAGE_CHANGE_REQUESTS_PRIV)
  • Manage Problem Report (ACA_MANAGE_PROBLEM_REPORT_PRIV)
  • Manage Corrective Action (ACA_MANAGE_CORRECTIVE_ACTION_PRIV)

To select or be selected as an Assigned To user or Assignee Role on a workflow:

  • Manage Assignee (EGO_MANAGE_ASSIGNED_TO_PRIV) 

To view the history tab on the workflow: 

  • View Change History (EGO_VIEW_CHANGE_HISTORY_PRIV) 

To run the change order details report: 

  • Generate Item Change Order Report (EGO_GENERATE_ITEM_CHANGE_ORDER_REPORT_PRIV)
  • Get BIP Report Definitions (EGI_GET_BIP_REPORT_DEFINITIONS_REST)

To send a workflow object:

  • Use REST Service - Users and Roles Lists of Values (PER_REST_SERVICE_ACCESS_USERS_AND_ROLES_LOVS_PRIV)
  • Manage HR Name Format (PER_MANAGE_HR_NAME_FORMAT_PRIV) (optional)

To select users managing participants or changing workflow status:

  • Use REST Service - Users and Roles Lists of Values (PER_REST_SERVICE_ACCESS_USERS_AND_ROLES_LOVS_PRIV)
  • Manage HR Name Format (PER_MANAGE_HR_NAME_FORMAT_PRIV) (optional)

To search for items on Redwood pages:

  • Product Search (ORA_EGI_PRODUCT_SEARCH_DUTY)

These privileges were available prior to this update.

Additionally, you will require the new privilege Access Users (EGP_ACCESS_USERS_PRIV), to select users in:

  • Requested By or Assigned To attributes in the Attributes tab.
  • Task assignee in Workflow and Tasks > Create or Edit Task drawers.
  • Manage Participants or Change Status drawer.
  • Send Object drawer.

To run workflow OTBI reports, you need the following:

  • Product Catalog Transaction Analysis Duty (FBI_PRODUCT_CATALOG_TRANSACTION_ANALYSIS_DUTY)
  • Product Transaction Analysis Duty (FBI_PRODUCT_TRANSACTION_ANALYSIS_DUTY)
  • BI Consumer Role (BIConsumer)