Configure Extensible Flexfield Data Security

You can configure data security for extensible flexfields. The IT security manager has access to the Security Console that manages security. Use the relevant job role to create data security privileges on the required item extensible flexfield tables.

Here's the process to setup data security for the extensible flexfield attributes. You can use the nontranslatable and translatable tables to:

1. Create data privileges for extensible flexfield attribute groups using the Security Console.
2. Associate data privileges to extensible flexfield attribute groups from the Setup and Maintenance work area.
3. Re-deploy the user defined attribute group flexfields.
4. Grant users access to item extensible flexfield attribute groups. The data privileges can be granted to users at two different levels:
   • Item class level: All items associated with the item class will be granted access.
   • Item instance level: The data security is setup for a single item.

Creating Data Privileges for Extensible Flexfield Attribute Groups

When creating the privileges, the best practice is to create a unique privilege for both the view and maintain privileges.

To create data privileges for extensible flexfield attribute groups:

1. Log in to the Oracle Applications Cloud as an IT Security Manager.

2. Click the Navigator icon, and from the Tools menu, click Security Console.

3. Click Administration.

   The Administration page is displayed.

4. On the General tab, click Manage Database Resources.
   Note: If you don't see Manage Database Resources, then you must have the Enable Database Resource Management privilege enabled for your role. By default, it isn't enabled for any role.
5. In Search, enter Item in the Display Name field, and click Search.
6. In the Search Results, select the database resource for the object, for which you want to create a data privilege. For example, to create the privilege for the Item Data Level (EGO_ITEM_EFF_B non-translatable table), select the row for EGO_ITEM_EFF_B.
7. Select Edit from the Actions menu.

   The Edit Data Security page is displayed.

8. Click the Actions tab.
9. Click the Add Row icon to create the required data privileges for this table.
10. Enter the Name of the data privilege, Display Name, and Description. In this example, you're creating data privileges for the Item Data Level non-translatable table. Create two privileges, one securing view access to the attribute group and another securing edit (maintain) access to the attribute group.
    Tip: To determine whether a privilege is for viewing or editing, when naming privileges append a V or M to the name to indicate view or maintenance usage.
11. Once the required privileges are created, submit the changes. A confirmation window indicates the success of the update.
12. Log off from the Security Console.
    Note: You can create different sets of privileges for each extensible flexfield table. Also, you can create as many individual privileges based on the attribute groups if you want to secure each attribute group with a different set of privileges.

Associating New Privileges with Extensible Flexfield Attribute Groups

Once the extensible flexfield data privileges are created in the Security Console, associate the privileges with extensible flexfield attribute groups. To do this:

1. Log into Oracle Applications Cloud as an implementation consultant.
2. In the Setup and Maintenance work area, go to the Manage Item Attribute Groups and Attributes task:
   • Offering: Product Management
   • Functional area: Items
   • Task: Manage Item Attribute Groups and Attributes
3. On the Manage Attribute Groups page, search for the attribute group that must be secured.
4. In the search results table, select the attribute group and click Edit.

   The Edit Attribute Group page is displayed.

5. In the Context Usages section:
   • From the View Privilege column drop-down list, associate the view data privilege that was created in the Security Console with this data level.
   • From the Edit Privilege column drop-down list, associate the maintain data privilege that was created in the Security Console with this data level.
   Note: Don’t use the same privilege for the View Privilege and Edit Privilege for the attribute group.
6. Click Save and Close.
7. Deploy the flexfields.
8. Click Submit.

Re-deploy User Defined Attribute Group Flexfields

After the privileges have been assigned to the attribute group, you must re-deploy the flexfields for the user defined attributes. This process will synchronize the attribute group changes with the Product Hub application tables.

Note: Check with your Administrator prior to deploying the flexfields.

To re-deploy the user defined attribute group flexfields:

1. In the Setup and Maintenance work area, go to the Deploy Item Extensible Flexfields task:
   • Offering: Product Management
   • Functional area: Items
   • Task: Deploy Item Extensible Flexfields
2. On the Deploy Item Extensible Flexfields page, search for the Flexfield Code as EGO_ITEM_EFF.
3. In the search results table, click Deploy Flexfield.

   This process running time is based on the number of user definable attribute groups defined for items

Granting User Access to Item Extensible Flexfield Attribute Group at Item Class Level

After associating privileges with the user defined attribute groups and these attribute groups are re-deployed, users are granted the attribute privileges to ensure they are able to view and maintain those attributes for the items. For data security, both the terms actions and privileges are used.

You can grant access to users at the item class level if the same set of users manage items within the item class. This allows easy and limited maintenance of grants.

To add the data privileges to the item class level security:

1. In the Setup and Maintenance work area, go to the Manage Item Classes task:
   • Offering: Product Management
   • Functional area: Items
   • Task: Manage Item Classes
2. On the Manage Item Classes page, search and click the item class for which you want to apply data security.
3. On the Edit Item Class page, click the Security subtab.
4. Click the required person or the group for which you want to assign the data privileges.
5. Scroll down and in the Actions region, click the Select and Add icon.

   The Select and Add: Actions dialog box is displayed.

6. Search and select the required data privileges, click Apply, and then click OK.
7. Click Save and Close.

Grant User Access to Item Extensible Flexfield Attribute Group at Item Level

To add the data privileges to the item level security:

1. In the Product Information Management work area, go to the Manage Items task.
   Note: At the item level, this allows a more granular control of granting access at individual item level. The navigation and access to manage item level security remains the same as for operational attributes.
2. On the Manage Items page, search and select the item for which you want to apply data security.

   The Edit Item page is displayed.

3. Click the Actions menu and then click Manage Item Security.
4. Click the required person or the group for which you want to assign the data privileges.
5. Scroll down and in the Actions region, click the Select and Add icon.

   The Select and Add: Actions dialog box is displayed.

6. Search and select the required data privileges, click Apply, and then click OK.
7. Click Done.
8. On the Edit Item page, click Save and Close.

   The data privileges are applied to the item.