1. Security Guide
  2. User Access

User Access

With a web application, it is important to understand that user menu options are NOT a form of security. Users can access particular web pages by directly changing the URL, not just by clicking on the menu. Therefore, in order to truly restrict access it is necessary to define what the service defines as user access.

The Oracle Fusion Cloud Transportation Management and Global Trade Management Service have another security feature referred to as user access. This functionality allows different access configurations of user interface components for end users. The user interface components which can be controlled with this functionality consists of action checks, action executions, action reasons, the Ask Oracle Transportation Management saved query, field screen sets, power actions, report workspaces, saved queries, screen sets, status type filters, user menus, and user preferences.

This page is accessed via Configuration and Administration > User Configuration > User Access. For more details see the "User Access" help topic.

The user access security mechanism can be assigned at the domain, user role and user levels. When defining the user access at the user role level, the user access security will affect all individuals that have that user role assigned. When defining the user access at the user level, the user access security will only affect the individual user.

User access and access control lists are separate functionality but are complementary to each other. While the Functional Security manages access to code entry points, access control manages access to the user interface components that are directly exposed to the end user.

The user access configurations inherit access to objects based on a hierarchy. The hierarchy is ranked from the more general setting of domain down to a specific setting of an individual user, level, role, and domain. The following list is the hierarchy from general to most specific:

  • Domain
  • User Role + Domain
  • User Level + Domain
  • User Level + User Role + Domain
  • User + User Level + User Role + Domain

If there are access conflicts because of different configurations between the hierarchy levels, then the user access specified in the lowest and most specific hierarchy level is used. For example, if user access configurations are made at the User Role level and Domain level, then the user access defined at the user role level takes precedence.

There are also Include and Exclude options for certain user access configuration capabilities. The Include and Exclude functionality provides the ability to grant or deny access. The Include and Exclude functionality are only available for the Ask Oracle Transportation Management saved query, saved query, screen set, and user menu user access configuration types.

The user access configuration changes take effect on next login. So any currently active users that would be affected by the changes would need to log out of the service or have their HTTP session timeout and then log back in for the changes to take effect.

The user access functionality provides the additional capability to prevent user access changes. The administrator could set up user access at a determined level, mark it as final, and then prevent other users from changing it. By enabling the Prevent Access Changes check box as part of defining the user access records, the administrator prevents other users from having the ability to alter the user access configuration.