Secure Access to Quality Issues and Actions
This topic describes how security is supported in Oracle Quality Management. Use the Security side tab on issues and actions to add users and roles who can view and search for issues or actions.
Security is applied at two levels:
-
Functional Security
-
Data Security
Functional Security
Functional security defines the functions you can perform and the pages and objects you can access. For example, it defines who can
-
enter the quality management work area
-
create a quality action
-
create a quality issue
The two types of privileges in Quality Management are:
-
Manage - lets you create and edit issues and actions
-
Review - provides a read-only view of the issues and actions.
Functional security in Quality Management is based on the following privileges:
-
Manage Quality Action - (ENQ_MANAGE_QUALITY_ACTION_PRIV)
-
Review Quality Action - (ENQ_REVIEW_QUALITY_ACTION_PRIV)
-
Manage Quality Issue - (ENQ_MANAGE_QUALITY_ISSUE_PRIV)
-
Review Quality Issue -(ENQ_REVIEW_QUALITY_ISSUE_PRIV)
You can assign these privileges only to the user roles, and not directly to the user.
For example, assign John Smith with a quality analyst role (that contains the Manage Quality Action, Review Quality Action, Manage Quality Issue, Review Quality Issue privileges) to create and edit quality issues and actions. The two privileges are assigned to specific task flows and menu actions.
While setting up functional security, consider:
-
the privileges assigned and the user roles to which they're assigned
-
the users, the functions they can perform, and the functionality and work areas they can access
Oracle delivers some users, user roles, and privileges which are ready to be used. The users and user roles can be adapted and assigned respective privileges.
Data Security
Data security defines access to specific data (records) and is applied in addition to functional security. For example, even though you can create and manage quality issues (functional security) as a user you may not see the quality issue "ISSUE46", because the data record isn't visible for your user role (data security).
To enable Data security, you can:
-
define data security grants for accessing the issue and action tables for specific user actions
-
define data security grants for editing in the issue and action Security tab
-
define which users and roles can access a specific issue or action by adding them to the Security tab of the issue or action
-
define which user can see which quality issues based on inventory organization assignment
-
grant permissions to perform changes depending on the status of the object.
Data Security Grants on Tables
Data Security grants on the issue and action tables define each user role. All the users who need to see, update or delete issues and actions, need to be assigned to a user role that grants them access to these data tables with the corresponding user action.
You can grant overall access to the issue and action table, or access to specific user actions like Read or Update.
Data security grants can't be defined for the creation of issues and actions, as the data doesn't yet exist. Hence, creation can only be allowed or prevented through functional security.
Data Security Grants on Application Objects
Data security grants are essential to add and remove users and roles on the Security tab of issues and actions. Hence, you require an additional data grant for application objects on the table FND_OBJECTS for issues and actions.
Data Security Grants Based on Users and Roles on Security Side Tab
The Security side tab for issues and actions makes previously public issues and actions private by assigning them to specific users and roles.
After you add the first user and user role to the Security tab, only respective users and user roles (user assigned to these user roles) have access to these issues and actions. In addition, the Creator and Assignee are automatically granted the privilege to see the issues and actions.
Permissions to Perform Changes Based on the Object Status
Depending on the type of data, you can restrict the user from editing the issue or action even if the appropriate privileges and grants are available. For example, if the quality issue or action is:
-
logged as Production Exception
-
logged as Inspection Nonconformance
-
in a state which prevents editing
You can't edit a record or its relationships; this is to prevent any inconsistencies between production exceptions that you log in manufacturing and the respective quality issues.
You can't delete inspection nonconformances, but you can perform most editing operations.
You can't edit quality issues and actions if they're in certain states, such as waiting for approval, or after approval and closure. This ensures that other quality users can rely on the fact that's issues and actions that they approve or have approved, won't change.
Visibility of Quality Actions and Issues Based on Inventory Organization Assignment
You can assign a specific organization to a quality action or issue to identify where the issue or action has occurred. Note that users who need to create or access quality issues or actions for an inventory organization must also be assigned to that organization. You can do this using the Manage Data Access for Users task in the Setup and Maintenance work area.
If you're using configured job roles to access quality objects, ensure that these job roles are assigned to the appropriate data security policies in the Security Console, specifically Grant on Inventory Organization.
The following data security function must be entered for user-defined roles in the Security Console for the Quality Actions Data privileges:
-
Policy Name: Grant on Inventory Organization
-
Database Resource: Inventory Organization
-
Dataset: Select by Instance Set
-
Condition Name: Access the inventory organization parameter for table INV_ORG_PARAMETERS for the inventory organizations in which they can operate.
-
Actions: Manage Quality Organization
Access to Affected and Related Objects
You can add items, manufacturing work order operations, manufacturing resources as affected objects to quality issues and actions. Relate Oracle Innovation Management and Product Development objects like ideas, requirements and change orders to the quality issue and action.
Functional and data securities govern quality issues and actions. So, even though you can view a related idea or an affected item, you can't open it unless you've the appropriate privileges.
For example, to open and see the details of an affected item, you not only are required to have functional privileges to view and manage the item but also have data security grants to the inventory organization.
User and Role Data Security
The security side tab on issues and actions enables you to add users and roles who can view and find this issue or action.
The creator and assignees can automatically access the issue or action. Users not listed on the security tab can't find or view the issue or action.