Configuration and Administration

Access Control List

This page is accessed via Configuration and Administration > User Management > Access Control List.

Access control lists group together entry points and other access control lists. The entry points control access to various parts of the system. By assigning an access control list to a user or user role you grant users access to different resources of the system.

Access to areas of the application is calculated as follows:

[(All entry points granted to the user role) - (All entry points denied to the user role)]
+
[(All entry points granted to the user) - (All entry points denied to the user)]

For a particular user role or user, denial of entry points takes precedence over the granting of entry points. Granting or denial of entry points for a particular user takes precedence over that of the user role.

There are over 150 access control lists, most are child access control lists. Some of the default child access control lists include:

Standard Format Access Control Lists

Most business objects in the system conform to the format used by these access control lists.

  • Order Actions: For user interface actions run against orders.
  • Order - Update: Write access to the Order Manager.
  • Order - View: Read access to the Order Manager.
  • Shipment Actions: For user interface actions run against shipments.
  • Shipment - Update: Write access to the Shipment Manager, Financial Overview, Shipment Group Manager, and building shipments from order releases, but not to Shipment Events and Online Booking/Tendering. Also provides access to shipment actions, except Allocate.
  • Shipment - View: Read access to the Shipment Manager, but restricts the ability to build shipments from order releases.

Special Case Access Control Lists

These access control lists do not conform to the standard pattern or are special considerations.

  • Administration: Access to all Security Services functions except the Auto Grantee Manager, Auto Grantor Manager, and Table Set Manager, and access to Preferences.
    • By default, the ADMIN access control list includes the Administration function group. You should not delete the Administration access control list from the ADMIN access control list.
    • Only the DBA.ADMIN user can access and use the Auto Grantee, Auto Grantor, and Table Set Managers.
  • Batch Processes: Ability to initiate the Planning and Settlement batch processes in the Process Manager.
  • External Integration: This is for external integrations, such as interfacing with WMServlet.
  • GIIV: Write access to the features of the Visibility menu option.

    Though the Visibility option interacts with orders, shipments, and their actions, the GIIV function group does not provide access to them. To have access to these related functions, you must assign user levels that include the function groups for orders, shipments, and their actions.
  • Process Control: Ability to initiate all the processes in the Process Manager.
  • Power Data -View and Power Data - Update: Read/Write access to all Power Data functions.

Note: There is a difference between UI managers that are just grouped under the power data menu, and an actual power data screen. Some power data pages have their own Management and Save Servlets (such as Packaging Reference Unit). True power data screens use the generic servlets like Free Form Text Profile Qualifiers. Pages that do not use the generic servlets are not controlled by this group.

Adding an Access Control List:

A mutable access control list is changeable. Immutable access control lists cannot be copied or modified.

  1. Enter an Access Control ID. Do not make the ID the same as a user name, domain name, or entry point.
  2. Select a Domain Name.

Child Access Control List

You can nest access control lists within one another. By grouping them this way you need only assign the top level access control list to a user role or user. When you do so, all the child access control lists are applied to that user/user role.

Note: If you are creating your own access control list, be sure to include the COMMON access control list as a child. Without the COMMON access control list, core functionality is impaired. If you have already added the ADMIN access control list, you do not need to add COMMON as it is part of the ADMIN group.

  1. Enter an Access Control List.
  2. Click Save for each access control list you add.

Access Control Entry Points

Access control entry points represent servlets, UI queries, actions, and other core resources. By adding them to an access control list you are indicating that the user role or user has access (or is denied access, depending on how you configure the user role or user) to the specified entry points.

  1. Enter an Access Control Entry Point.
  2. Click Save for each access control entry point you enter.
  3. Click Finished.

Related Topics

Managing Domains

User Role

Manage User

Access Control List Actions and SmartLinks

Actions Manager Actions and SmartLinks

How to Provide Access to Transportation Intelligence for a User

Copyright © 2001, 2023, Oracle and/or its affiliates.

For the latest installation and reference guides, go to the online library. For the additional materials, see Knowledge Document 796594.1 on My Oracle Support.

For questions about Oracle Transportation Management or Global Trade Management, contact Support or find the Support phone number for your region.

If you have any questions or comments about this documentation page, please Contact Oracle DocumentationWas this page helpful? Click to send feedback.How can we improve this page?What did you like about this page?Comments