3 Duties and Privileges
Privileges grant access to specific tasks, links, and actions within the application. The access controlled by a particular privilege is fixed and can only be changed by an enhancement to the application. You can control the functions and features to which a user has access by grouping the desired privileges into duties, and assigning the duties to job roles which can then be associated to one or more users
Duties Provided at Initial Setup
As part of this default security configuration, the system privileges have been logically grouped into duties and the duties have been assigned to an initial set of job roles. The provided duties can be modified or deleted and new duties created. Administrator users can change the mappings of roles, duties and privileges in Allocation's User Interface.
Details about how to manage these application security policies are available in Chapter 2, Manage Security Policies in the Oracle Retail Merchandising Administration Guide.
Duty Types
Duties provided in the default security configuration follow a general naming convention to indicate the type of privileges grouped within and the level of access provided. In Merchandising, the provided duties are one of the following duty types:
-
Inquiry
An inquiry duty will provide the user the ability to search for and view the associated entity. The provided inquiry duties are used when it is desirable for a user to have visibility to an area, but no option to create or update any information. Inquiry duties are assigned to viewers of an area.
-
Management
A management duty provides the user the ability to maintain the associated entity. The provided management duties are used when it is desirable for a user to have the ability create, update, delete, and, typically, submit information. Management duties always contain the inquiry duty for the same entity. For example, the Allocation Management Duty contains the Allocation Inquiry Duty along with the additional Maintain Allocations Privilege, Delete Allocations Privilege and Submit Allocations Privilege because in order for a user to maintain an entity they must also have the ability to search for, submit and delete the entity. Management duties are assigned to contributors of an area.
-
Approval (High Security)
An approval or high security duty is meant for users with the authority to review and approve or reject submissions and/or the ability to manage high security areas. Users with approval or high security access should always be granted the management duty for the same entity. For example, the Allocation Management Duty and the Allocation Submit Duty are granted along with the Allocation Approval Duty which contains the Approve Allocations Privilege, because in order for a user to approve an entity they must also have the ability to search for, view, maintain, delete and submit the entity. Approval duties are assigned to reviewers of an area.
Duties with no Hierarchical Relationships
There is one privilege used within Allocation that does not have a hierarchical set of duties with increasing levels of access, as described by the duty types above. These duties simply grant access to a single area, such as a dashboard, or they grant access to particular information across several functional areas. Therefore access is either granted or not, there are no access levels. These duties may be classified as management or inquiry duties, depending on if the user can maintain the related data or if access should be view only. For example:
-
Dashboard Inquiry Duty
Dashboard duties grant access to view a given dashboard. In order to see the Allocator dashboard, the user must have the View Allocation Dashboard privilege. The Allocator Dashboard contains four reports, Purchase Order Arrivals, Stock to Sales, Sales Top and Sales Bottom. In some cases, access to each report within a given the dashboard may be controlled by separate privileges based on the functional area of the report. However in Allocation, the Allocation Dashboard Privilege will grant the user access to both the dashboard and the four reports within.
-
Batch Management Duty
Grants access to execute batch programs. The default security configuration has this duty assigned to the Application Administrator role.
-
Settings Menu Duty
Grants access to the Settings menu except for the Security folder. The default security configuration has this duty assigned to the Application Administrator role. This is a limited use duty which cannot be assigned to any other roles aside from the provided application administrator role.
-
Administrator Console Duty
Grants access to the Security folder on the Settings menu where security roles, duties and privileges are managed. The default security configuration has this duty assigned to the Application Administrator role. This is a limited use duty which cannot be assigned to any other roles aside from the provided application administrator role.
-
Application Global Menu Duties
These duties grant access to links in the Application Navigator which allow users to launch into another application in the Merchandising suite. The default security configuration does not have these duties assigned to any roles.
Limited Use Duties
There are limited use duties which provide access, but only to the application administrator role provided in the default security configuration. These duties cannot be mapped to any other roles.
-
Settings Menu Duty
Grants access to the Settings menu except for the Security folder. The default security configuration has this duty assigned to the Application Administrator role.
-
Administrator Console Duty
Grants access to the Security folder on the Settings menu where security roles, duties and privileges are managed. The default security configuration has this duty assigned to the Application Administrator role.
Determining Access for your Organization
When determining access for a given role in your organization, start by categorizing each role with a duty type for each functional area in the application. For example, a Sales Audit Analyst may be a viewer and a contributor store days, transactions, totals and rules. They may have no access to system options, maintaining employees and bank store relationships.
The job roles provided in the default security configuration have the following duties assigned to control their levels of access:
Duty to Role Mappings
The job roles provided in the default security configuration have the following duties assigned to control their levels of access:
Table 3-1 Application Administrator
Functional Area | Access Level | Duty Assigned |
---|---|---|
Administration - Batch |
Access Granted |
Batch Management Duty |
Administration - Settings Administrator Console |
Access Granted |
Administrator Console Duty |
Administration - Settings Menu |
Access Granted |
Settings Menu Duty |
Administration - System Options |
High Security |
System Options User Group Properties Management Duty System Options System Properties Management Duty |
Allocations |
Approval |
Allocation Management Duty Allocation Submission Duty Allocation Approval Duty |
Auto Quantity Limits |
Management |
Auto Quantity Limits Management Duty |
Dashboard |
Access Granted |
Allocation Dashboard Duty |
Location Groups |
Management |
Location Groups Management Duty |
Policy Templates |
Management |
Policy Template Management Duty |
Size Profiles |
Management |
Size Profile Management Duty |
Table 3-2 Allocator
Functional Area | Access Level | Duty Assigned |
---|---|---|
Administration - Batch |
No Access |
|
Administration - Settings Administrator Console |
No Access |
|
Administration - Settings Menu |
No Access |
|
Administration - System Options |
Inquiry |
System Options Inquiry Duty |
Allocations |
Approval |
Allocation Management Duty Allocation Submission Duty Allocation Approval Duty |
Auto Quantity Limits |
Management |
Auto Quantity Limits Management Duty |
Dashboard |
Access Granted |
Allocation Dashboard Duty |
Location Groups |
Management |
Location Groups Management Duty |
Policy Templates |
Management |
Policy Template Management Duty |
Size Profiles |
Management |
Size Profile Management Duty |
Table 3-3 Allocation Manager
Functional Area | Access Level | Duty Assigned |
---|---|---|
Administration - Batch |
No Access |
|
Administration - Settings Administrator Console |
No Access |
|
Administration - Settings Menu |
No Access |
|
Administration - System Options |
Management |
System Options User Group Properties Management Duty |
Allocations |
Approval |
Allocation Management Duty Allocation Submission Duty Allocation Approval Duty |
Auto Quantity Limits |
Management |
Auto Quantity Limits Management Duty |
Dashboard |
Access Granted |
Allocation Dashboard Duty |
Location Groups |
Management |
Location Groups Management Duty |
Policy Templates |
Management |
Policy Template Management Duty |
Size Profiles |
Management |
Size Profile Management Duty |
Table 3-4 Buyer
Functional Area | Access Level | Duty Assigned |
---|---|---|
Administration - Batch |
No Access |
|
Administration - Settings Administrator Console |
No Access |
|
Administration - Settings Menu |
No Access |
|
Administration - System Options |
No Access |
|
Allocations |
Inquiry |
Allocation Inquiry Duty |
Auto Quantity Limits |
No Access |
|
Dashboard |
No Access |
|
Location Groups |
Inquiry |
Location Groups Search Duty Location Groups Inquiry Duty |
Policy Templates |
Inquiry |
Policy Template Search Duty Policy Template Inquiry Duty |
Size Profiles |
Inquiry |
Size Profile Inquiry Duty |
Privileges
For each functional area in the application there is an associated set of privileges. The privileges build upon each other. For example, in order to be able to approve an allocation, the user must also be able to search for, view, create, maintain and submit allocations. Therefore, the Allocation Approval Duty contains the Search Allocations, View Allocations, Maintain Allocations, Submit Allocations and Approve Allocations privileges.
Figure 3-1 Privileges for Users
Privileges Available in Allocation
Table 3-5 lists all of the privileges available in Allocation in the default configuration:
Table 3-5 Privileges Available in Allocation
Functional Area | Privilege | Privilege Description |
---|---|---|
Administration - Batch |
Execute Batch Jobs Priv |
A privilege for running batch jobs in the Allocation application. |
Administration - System Options |
View System Options Priv |
A privilege for viewing System Options. |
Administration - System Options |
Maintain User Group Properties Priv |
A privilege for editing the user group properties for System Options. |
Administration - System Options |
Maintain System Properties Priv |
A privilege for editing the System Properties for System Options. |
Allocations |
Search Allocations Priv |
A privilege for searching for allocations. |
Allocations |
View Allocations Priv |
A privilege for viewing an allocation. |
Allocations |
Maintain Allocations Priv |
A privilege for creating, maintaining, and editing an allocation via Create Standard Allocation, Create What-if Allocation, Create Scheduled Allocation, My Worksheets and Quick Create Allocation. |
Allocations |
Delete Allocations Priv |
A privilege for deleting an allocation. |
Allocations |
Submit Allocations Priv |
A privilege for submitting an allocation for approval. |
Allocations |
Approve Allocations Priv |
A privilege for approving or rejecting an allocation. |
Auto Quantity Limits |
Search Auto Quantity Limits Priv |
A privilege for searching for Auto Quantity Limits. |
Auto Quantity Limits |
View Auto Quantity Limits Priv |
A privilege for viewing for Auto Quantity Limits. |
Auto Quantity Limits |
Maintain Auto Quantity Limits Priv |
A privilege for editing for Auto Quantity Limits. |
Dashboard |
View Allocation Dashboard Priv |
A privilege for viewing the dashboard. |
Location Groups |
Search Location Groups Priv |
A privilege for searching for allocations. |
Location Groups |
View Location Groups Priv |
A privilege for viewing location groups. |
Location Groups |
Maintain Location Groups Priv |
A privilege for creating and editing and location groups. |
Location Groups |
Delete Location Groups Priv |
A privilege for deleting location groups. |
Policy Templates |
Search Policy Templates Priv |
A privilege for searching for policy templates. |
Policy Templates |
View Policy Templates Priv |
A privilege for viewing a Policy Template. |
Policy Templates |
Maintain Policy Templates Priv |
A privilege for creating and editing a Policy Template. |
Policy Templates |
Delete Policy Templates Priv |
A privilege for deleting a Policy Template. |
Size Profiles |
Search Size Profiles Priv |
A privilege for searching Size Profiles. |
Size Profiles |
View Sizes Profiles Priv |
A privilege for viewing a Size Profile. |
Size Profiles |
Maintain Size Profiles Priv |
A privilege for creating and editing and a Size Profile. |
Size Profiles |
Delete Size Profiles Priv |
A privilege for deleting a Size Profile. |
Privileges for the Predefined Duties
Table 3-6 lists the privileges contained in each of the predefined duties provided in the default configuration:
Table 3-6 Privileges for Predefined Duties
Functional Area | Duty | Duty Description | Duties and Privileges Contained Within |
---|---|---|---|
Administration - Application Navigator |
Allocation Global Menu Duty |
This is a duty that is used to grant access to the Allocation link in the Application Navigator in the sidebar menu. To see this link display you must also define the link and URL in the Application Navigator screen in the ORAAC Tasks list. There are no privileges within the duty, associating this duty to a role will grant access. This duty is not assigned to any roles in the initial security configuration. |
No privileges included, assigning the duty to a role grants access. |
Administration - Application Navigator |
Invoice Matching Global Menu Duty |
This is a duty that is used to grant access to the Invoice Matching link in the Application Navigator in the sidebar menu. To see this link display you must also define the link and URL in the Application Navigator screen in the ORAAC Tasks list. There are no privileges within the duty, associating this duty to a role will grant access. This duty is not assigned to any roles in the initial security configuration. |
No privileges included, assigning the duty to a role grants access. |
Administration - Application Navigator |
Merchandising Global Menu Duty |
This is a duty that is used to grant access to the Merchandising link in the Application Navigator in the sidebar menu. To see this link display you must also define the link and URL in the Application Navigator screen in the ORAAC Tasks list. There are no privileges within the duty, associating this duty to a role will grant access. This duty is not assigned to any roles in the initial security configuration. |
No privileges included, assigning the duty to a role grants access. |
Administration - Application Navigator |
Pricing Global Menu Duty |
This is a duty that is used to grant access to the Pricing link in the Application Navigator in the sidebar menu. To see this link display you must also define the link and URL in the Application Navigator screen in the ORAAC Tasks list. There are no privileges within the duty, associating this duty to a role will grant access. This duty is not assigned to any roles in the initial security configuration. |
No privileges included, assigning the duty to a role grants access. |
Administration - Application Navigator |
Sales Audit Global Menu Duty |
This is a duty that is used to grant access to the Sales Audit link in the Application Navigator in the sidebar menu. To see this link display you must also define the link and URL in the Application Navigator screen in the ORAAC Tasks list. There are no privileges within the duty, associating this duty to a role will grant access. This duty is not assigned to any roles in the initial security configuration. |
No privileges included, assigning the duty to a role grants access. |
Administration - Batch |
Batch Management Duty |
A duty for running batch process. |
Execute Batch Jobs Priv |
Administration - Settings Administrator Console |
Administrator Console Duty |
This is a duty that is used to grant access to the ORAAC Security folder and tasks under this folder on the Settings menu. There are no privileges within the duty, associating this duty to a role will grant access. This duty can only be assigned to the Application Administrator role provided in the default security configuration. |
No privileges included, assigning the duty to a role grants access. |
Administration - Settings Menu |
Settings Menu Duty |
A duty for accessing the Settings menu in the sidebar navigation menu, with all non-security related folders and links. This duty can only be assigned to the Application Administrator role provided in the default security configuration. |
No privileges included, assigning the duty to a role grants access. |
Administration - System Options |
System Options Inquiry Duty |
A duty for viewing system options. |
View System Options Priv |
Administration - System Options |
User Group Properties Management Duty |
A duty for managing user group properties tab system options. This duty is an extension of the System Options Inquiry Duty. |
System Options Inquiry Duty Maintain User Group Properties Priv |
Administration - System Options |
System Properties Management Duty |
A duty for managing the system properties tab in system options. This duty is an extension of the System Options Inquiry Duty. |
System Options Inquiry Duty Maintain System Properties Priv |
Allocations |
Allocation Inquiry Duty |
A duty for viewing allocations. |
Search Allocations Priv View Allocations Priv |
Allocations |
Allocation Management Duty |
A duty for maintaining, deleting and submitting allocations. This duty is an extension of the Allocation Inquiry Duty. |
Allocation Inquiry Duty Maintain Allocations Priv Delete Allocations Priv |
Allocations |
Allocation Submission Duty |
A duty for submitting an allocation. |
Submit Allocations Priv |
Allocations |
Allocation Approval Duty |
A duty for approving or rejecting an allocation. |
Approve Allocations Priv |
Auto Quantity Limits |
Auto Quantity Limits Inquiry Duty |
A duty for viewing Auto Quantity Limits. |
Search Auto Quantity Limits Priv View Auto Quantity Limits Priv |
Auto Quantity Limits |
Auto Quantity Limits Management Duty |
A duty for managing Auto Quantity Limits. This duty is an extension of the Auto Quantity Limits Inquiry Duty. |
Auto Quantity Limits Inquiry Duty Maintain Auto Quantity Limits Priv |
Dashboard |
Allocation Dashboard Duty |
A duty for viewing the dashboard. |
View Allocation Dashboard View Analytic Dashboard Priv |
Location Groups |
Location Groups Search Duty |
A duty for searching for allocation location groups. |
Search Location Groups Priv |
Location Groups |
Location Groups Inquiry Duty |
A duty for viewing allocation location groups. |
View Location Groups Priv |
Location Groups |
Location Groups Management Duty |
A duty for managing allocation location groups. This duty is an extension of the Allocation Location Groups Search and Inquiry Duties. |
Location Groups Search Duty Location Groups Inquiry Duty Maintain Location Groups Priv Delete Location Groups Priv |
Policy Templates |
Policy Template Search Duty |
A duty for searching for allocation policy templates. |
Search Policy Templates Priv |
Policy Templates |
Policy Template Inquiry Duty |
A duty for viewing allocation policy templates. |
View Policy Templates Priv |
Policy Templates |
Policy Template Management Duty |
A duty for managing allocation policy template. This duty is an extension of the Allocation Policy Template Search and Inquiry Duties. |
Policy Template Search Duty Policy Template Inquiry Duty Maintain Policy Templates Priv Delete Policy Templates Priv |
Size Profiles |
Size Profile Inquiry Duty |
A duty for viewing size profiles. |
Search Size Profiles Priv View Size Profiles Priv |
Size Profiles |
Size Profile Management Duty |
A duty for managing size profiles. This duty is an extension of the Size Profile Inquiry Duty. |
Size Profile Inquiry Duty Maintain Size Profiles Priv Delete Size Profiles Priv |