Duties Provided at Initial Setup

As part of this default security configuration, the system privileges have been logically grouped into duties and the duties have been assigned to an initial set of job roles. The provided duties can be modified or deleted and new duties created. Administrator users can change the mappings of roles, duties and privileges in Allocation's User Interface.

Details about how to manage these application security policies are available in Chapter 2, Manage Security Policies in the Oracle Retail Merchandising Administration Guide.

Duty Types

Duties provided in the default security configuration follow a general naming convention to indicate the type of privileges grouped within and the level of access provided. In Merchandising, the provided duties are one of the following duty types:

• Inquiry

  An inquiry duty will provide the user the ability to search for and view the associated entity. The provided inquiry duties are used when it is desirable for a user to have visibility to an area, but no option to create or update any information. Inquiry duties are assigned to viewers of an area.

• Management

  A management duty provides the user the ability to maintain the associated entity. The provided management duties are used when it is desirable for a user to have the ability create, update, delete, and, typically, submit information. Management duties always contain the inquiry duty for the same entity. For example, the Allocation Management Duty contains the Allocation Inquiry Duty along with the additional Maintain Allocations Privilege, Delete Allocations Privilege and Submit Allocations Privilege because in order for a user to maintain an entity they must also have the ability to search for, submit and delete the entity. Management duties are assigned to contributors of an area.

• Approval (High Security)

  An approval or high security duty is meant for users with the authority to review and approve or reject submissions and/or the ability to manage high security areas. Users with approval or high security access should always be granted the management duty for the same entity. For example, the Allocation Management Duty and the Allocation Submit Duty are granted along with the Allocation Approval Duty which contains the Approve Allocations Privilege, because in order for a user to approve an entity they must also have the ability to search for, view, maintain, delete and submit the entity. Approval duties are assigned to reviewers of an area.

Duties with no Hierarchical Relationships

There is one privilege used within Allocation that does not have a hierarchical set of duties with increasing levels of access, as described by the duty types above. These duties simply grant access to a single area, such as a dashboard, or they grant access to particular information across several functional areas. Therefore access is either granted or not, there are no access levels. These duties may be classified as management or inquiry duties, depending on if the user can maintain the related data or if access should be view only. For example:

• Dashboard Inquiry Duty

  Dashboard duties grant access to view a given dashboard. In order to see the Allocator dashboard, the user must have the View Allocation Dashboard privilege. The Allocator Dashboard contains four reports, Purchase Order Arrivals, Stock to Sales, Sales Top and Sales Bottom. In some cases, access to each report within a given the dashboard may be controlled by separate privileges based on the functional area of the report. However in Allocation, the Allocation Dashboard Privilege will grant the user access to both the dashboard and the four reports within.

• Batch Management Duty

  Grants access to execute batch programs. The default security configuration has this duty assigned to the Application Administrator role.

• Settings Menu Duty

  Grants access to the Settings menu except for the Security folder. The default security configuration has this duty assigned to the Application Administrator role. This is a limited use duty which cannot be assigned to any other roles aside from the provided application administrator role.

• Administrator Console Duty

  Grants access to the Security folder on the Settings menu where security roles, duties and privileges are managed. The default security configuration has this duty assigned to the Application Administrator role. This is a limited use duty which cannot be assigned to any other roles aside from the provided application administrator role.

• Application Global Menu Duties

  These duties grant access to links in the Application Navigator which allow users to launch into another application in the Merchandising suite. The default security configuration does not have these duties assigned to any roles.

Limited Use Duties

There are limited use duties which provide access, but only to the application administrator role provided in the default security configuration. These duties cannot be mapped to any other roles.

• Settings Menu Duty

  Grants access to the Settings menu except for the Security folder. The default security configuration has this duty assigned to the Application Administrator role.

• Administrator Console Duty

  Grants access to the Security folder on the Settings menu where security roles, duties and privileges are managed. The default security configuration has this duty assigned to the Application Administrator role.

Determining Access for your Organization

When determining access for a given role in your organization, start by categorizing each role with a duty type for each functional area in the application. For example, a Sales Audit Analyst may be a viewer and a contributor store days, transactions, totals and rules. They may have no access to system options, maintaining employees and bank store relationships.

The job roles provided in the default security configuration have the following duties assigned to control their levels of access: