1. Using Manufacturing
  2. Overview of Data Security for Work Definitions

Overview of Data Security for Work Definitions

You can control a user's access to maintain (create, update, delete) or view manufacturing work definitions using data security policies.

For example, a set of users can maintain work definitions of the engine product line, but they can only view work definitions of the transmission product line.

A data security policy is defined by specifying a seeded or custom condition and one or more actions and is assigned to seeded or custom job roles. Three conditions have been seeded in the application, by user item type, by item category, and by work definition name. Use the code of user item type and item category and use the internal name of work definition name when you specify the parameters. You can also define your own custom conditions. When defining a custom condition, you can specify either Filter or SQL Predicate as a condition type. Choose Filter when you what to use the attribute tree picker user interface to define a simple condition. Choose SQL Predicate when you know the attributes names of your condition and you want to define an SQL WHERE clause, for example to specify a dynamic condition, using a parameterized SQL predicate. For more information on how to define a custom condition, refer to the Managing Oracle Fusion Applications Data Security Policies documentation.

Two actions have been seeded in the applications, and you can’t define custom actions. The first seeded action is Maintain. This action allows access to create, update, and delete work definitions, including deactivate and reactivate work definitions. Maintain action doesn’t encompass the View action. The second seeded action is View. This action allows access to search and view work definitions, including print work definition report.

If a user through their roles has been granted only the View action and not also Maintain action, upon trying to either create, update, delete, deactivate or reactivate a work definition, they’ll receive an error message: You're not authorized to create, update, delete, deactivate, or reactivate work definition <work definition name> for item <item name>. Data security applies to both discrete and process manufacturing, and to all interfaces, which are the user interface, Application Development Framework Desktop Integration (ADFdi), File-Based Data Import (FBDI), and REST service.

Consider the following points before enabling data security for manufacturing work definitions:

  • If you enable data security for manufacturing work definition without first defining data security policies, then users won’t have access to any work definitions.
  • If you need certain users to be able to access all work definitions, you can define a policy with a rule where the row set is specified as all values.
  • To maintain work definitions using the user interface and ADFdi, you must assign both View and Maintain actions, whereas using FBDI and REST, you need to assign only Maintain action.
  • How function privilege and data security interacts is that the most restrictive access between the privilege and specified action applies. For example, if the user has the Manage Work Definitions function privilege, but the data security policy allows only View action, then they can access the work definitions in view only mode.
  • There’s no change to organization access, which will continue to be granted using the Manage Manufacturing Plant Data Access for Users task.

For more information, refer to the Managing Oracle Fusion Applications Data Security Policies documentation.