1. Administering Pricing
  2. Set Up Roles and Privileges for Pricing Administrators

Set Up Roles and Privileges for Pricing Administrators

Set up user roles and privileges to manage the authentication and authorization that Pricing Administration uses to secure processing for pricing, including web service usage.

Here's how Pricing Administration implements security.

  • Uses authentication through a user name and password during sign in to allow each user to access the Pricing Administration work area

  • Uses authorization through user roles and privileges to allow each user to do different tasks according to job outcome in the Pricing Administration work area

Here's where you can get background details.

Reference

Details

Securing SCM

Privileges and how to set up security, including values you set for each user.

Security Reference for Order Management

Privileges for Pricing Administration.

Get the privileges that you need to do the set up.

Role

Description

Pricing Administrator- All Business Units, which is QP_PRICING_ADMINISTRATOR_ALL_BUSINESS_UNITS_DATA

Use the privileges in this role to administer pricing.

Summary of the Set Up

Assume you need to set up two administrators, Diane Cho and Yu Li.

  1. Create administrator and get privileges.

  2. Manage data access.

  3. Add administrator to business unit.

  4. Get your privileges.

This topic uses example values. You might need different values, depending on your business requirements.

Create Administrator and Get Privileges

Create two administrators. One user can administer pricing set up. The other user can view pricing set up.

  1. Identify the privileges that provides access to Pricing Administration.

    • See the Pricing Administrator chapter in Security Reference for Order Management.

    • Examine the privileges until you locate one that meets your needs. For this example, the Pricing Administrator job role has the privileges that you need.

      Don't assign a predefined role. Instead, make a copy of it, rename the copy, such as MY_ROLE, remove the privileges that your users don't need from MY_ROLE, then assign MY_ROLE to your users. For details, see Guidance for Assigning Predefined Roles.

  2. Make sure you have the privileges that you need to manage job roles.

    If you don't have these privileges, then various actions will be grayed out when you do the Create Implementation Users task, and you won't be able to add privileges to a job role.

  3. Go to the Scheduled Processes work area and run the Import User and Role Application Security Data scheduled process.

    This process updates the Create Implementation Users task with the latest user data. For details, see Configure the Security Console.

  4. Go to the Setup and Maintenance work area, then go to the task.

    • Offering: Order Management

    • Functional Area: Initial Users

    • Task: Create Implementation Users

  5. On the User Accounts page, click Add User Account, enter values, then click Add Role.

    Attribute

    Value

    First Name

    Diane

    Last Name

    Cho

    Email

    diane.cho@yourComany.com

    Password

    Your user must use the password the first time the user signs in. Instruct your user to change the password immediately after sign in.

  6. In the Add Role Membership dialog, enter Pricing Administrator, then click Search.

  7. In the search results, click the row that contains the values.

    Attribute

    Value

    Name

    Pricing Administrator

    Code

    ORA_QP_PRICING_ADMINISTRATOR_JOB

  8. click Add Role Membership, then click Done

  9. Repeat the above steps for your next user.

    Attribute

    Value

    First Name

    Yu

    Last Name

    Li

    Email

    yu.li@yourComany.com

  10. On the Add User Account page, click Save and Close.

Manage Data Access

Manage data access for Yu.

  1. Go to the Setup and Maintenance work area, then go to the task.

    • Offering: Order Management

    • Functional Area: Initial Users

    • Task: Manage Data Access for Users

    For details about this task, see Implementing Common Features for Oracle SCM.

  2. On the Manage Data Access for Users page, enter a value, then click Search.

    Attribute

    Value

    User Name

    yu.li

    You must search according to dot notation, which is firstName.lastName.

    The search results display the data access that you set up for Yu.

  3. Click Authorize Data Access.

  4. In the Opening SecurityDataAccessTemplate.xls dialog that displays, accept the Open With option, then click OK.

    Microsoft Excel opens.

  5. Edit in Microsoft Excel.

    • Make sure you have the privileges that are in the IT Security Manager job role (ora_fnd_it_security_manager_job).

      In Microsoft Excel, in the Connect dialog, click Yes, then sign in.

    • In the Authorize Data Access for Users template that displays, verify that the template includes the security contexts that Yu needs for view access.

    • In the Security Context Value column, in the first row that contains data, right-click the cell, then click Invoke Action.

      Caution: Use this action instead of manually entering text. This action searches the Oracle database for the data access sets you can use. If you manually enter text, and if your text doesn't exactly match text that the database contains, then the upload will fail.

    • In the Select Security Context Value dialog, set the value, then click Search.

      Attribute

      Value

      Business Unit

      Vision Operations

    • In the search results, click the row that includes Vision Operations, then click OK.

      Notice that Excel adds Vision Operations to the cell you selected in the Security Context Value column.

    • Repeat the above steps for each of the other rows that contain data.

      For example, for the row that contains Asset Book, set value Security Context to an asset book.

    • In the command ribbon that displays across the top of Excel, click Authorize Data Access for Users > Upload.

    • Wait for the upload to finish, then verify that the Status column displays Successfully Uploaded for each row.

    • Click Status Viewer, then verify that the Status View displays No Error.

    • Sign out.

  6. Go back to Oracle Applications.

  7. Go to the Scheduled Processes work area.

  8. On the Scheduled Processes page, click Schedule New Process, then run the scheduled process.

    Scheduled Process Name

    Description

    Retrieve Latest LDAP Changes

    Synchronizes users, roles, and role grants with the definitions that exist in LDAP (Lightweight Directory Access Protocol ) that Order Management uses to determine who can access the Order Management work area.

Add Administrator to Business Unit

You specify the business unit when you set up a price list in Pricing Administration. You must make sure the user who uses the Pricing Administration work area or imports a price list is in this business unit.

Assume you have a price list that's in the Vision Operations business unit. Li Yu is a pricing administrator who creates and updates price lists. You must add Li to the Vision Operations business unit.

  1. Go to the Setup and Maintenance work area.
  2. Click Tasks > Search.
  3. Search for, then open the Manage Data Access Set Data Access for Users task.
  4. On the Manage Data Access for Users page, click Actions > Create.
  5. In the dialog that displays, set the values.
    Attribute Value
    User Name Li Yu
    Role Pricing Administrator
    Security Context Business Unit
    Security Context Value Vision Operations
  6. Click Save and Close > Done.

Create Job Role

You can create a job role to meet your specific needs. In this example, you create a job role that allows Yu to view set ups in Pricing Administration but not edit them.

  1. On the User Accounts page, click Roles.

  2. On the Roles page, in the Search window, enter Pricing Administrator, then click Search.

  3. In the search results, click Actions > Copy Role.

  4. In the Copy Options dialog, select Copy Top Role, then click Copy Role.

  5. On the Basic Information page, enter values, then click Next.

    Attribute

    Value

    Role Name

    Pricing Administrator View Only

    Role Code

    QP_PRICING_ADMINISTRATOR_JOB_VIEW_ONLY

    Description

    Search for and view setups for pricing administration, including pricing strategies, price lists, service mappings, pricing algorithms, and so on.

  6. On the Function Security Policies page, click Load Inherited Policies.

  7. Delete all rows except rows that contain these privileges.

    • Manage Pricing Administration Work Area

    • Manage Pricing Rules

    • View Pricing Algorithms

    If you must add a privilege, then click Add Function Security Policy, and add it.

    For example, in the Add Function Security Policy dialog, enter View Pricing, examine the list of privileges that displays, then add the ones you need.

    Here are some examples of privileges you can add.

    • View Pricing Algorithms

    • View Pricing Bases

    • View Pricing Charge Definitions

    • View Pricing Guidelines

    • View Pricing Matrix Types

    • View Pricing Messages

    • View Pricing Parameter Values

  8. Click Next.

  9. On the Data Security Policies page, delete rows as necessary, then click Next.

    To delete a row, click the down arrow in the row, then click Remove Data Security Policy.

  10. Click Next.

  11. On the Role Hierarchy page, delete all role hierarchies except for:

    Role Name

    Role Code

    Item Inquiry

    ora_egp_item_inquiry_duty_obi

    Use the Role Hierarchy page to specify other job roles that the job role you're creating can access. A role hierarchy is a hierarchy that specifies other job roles that a job role references.

    For details about the role hierarchy that each predefined job role uses, see Security Reference for Order Management.

  12. Click Next.

  13. On the Users page, click Add User.

  14. In the Add User dialog, search for Yu Li, wait for the results to display, click Add User to Role, then click Cancel.

  15. Click Next > Submit and Close.

Examine Role Usage in Your Implementation Project

Your implementation project specifies the roles that can do each task in the project. You will examine how a predefined implementation project allows the Order Administrator role to manage source systems where you typically use web services to communicate data.

  1. Go to the Setup and Maintenance work area.

  2. On the Setup page, click Tasks, then click Manage Implementation Projects.

  3. On the Manage Implementation Projects page, click Actions > Create.

  4. On the Create Implementation Project page, click Next.

  5. In the Order Management row, add a check mark in the Include column.

  6. Expand the Order Management row.

  7. In the Pricing row, add a check mark in the Include column, then click Save and Open Project.

  8. In the Task list, expand Order Management > Define Pricing, then notice the list of tasks you can access, such as Manage Price Elements.

  9. In the Manage Price Elements row, in the Authorized Roles column, click Details, then examine the roles that can access the Manage Price Elements task.