3 Duties and Privileges
Privileges grant access to specific tasks, links, and actions within the solution. The access controlled by a particular privilege is fixed and can only be changed by an enhancement to the application. You can control the functions and features to which a user has access by grouping the desired privileges into duties, and assigning the duties to job roles which can then be associated to one or more users.
Duties Provided at Initial Setup
As part of this default security configuration, the system privileges have been logically grouped into duties and the duties have been assigned to an initial set of job roles. The provided duties can be modified or deleted, and new duties created. Administrator users can change the mappings of roles, duties and privileges in the Oracle Retail Application Administration Console’s User Interface which is accessed from the Locations Destination’s Home Experience.
Details about how to manage these application security policies are available in the Manage User Security chapter in the Oracle Retail Merchandising Administration Guide.
Duty Types
Duties provided in the default security configuration follow a general naming convention to
indicate the type of privileges grouped within and the level of access provided. In Merchandising’s Location Destination, the provided duties are one of the following duty types:
-
Inquiry
An inquiry duty provides the user the ability to search for and view the associated entity. The provided inquiry duties are used when it is desirable for a user to have visibility to an area, but no option to create or update any information. Inquiry duties are assigned to viewers of an area.
-
Management
A management duty provides the user the ability to maintain the associated entity. The provided management duties are used when it is desirable for a user to have the ability create, update, delete, and, typically, submit information. Management duties always contain the inquiry duty for the same entity. For example, the Purchase Order Management Duty contains the Purchase Order Inquiry Duty along with the additional Maintain Purchase Orders Privilege and Submit Purchase Orders Privilege, because in order for a user to maintain an entity they must also have the ability to search for and view the entity. Management duties are assigned to contributors of an area.
-
Approval
An approval duty is meant for users with the authority to review and approve or reject submissions. Approval duties should always be granted along with the management duty for the same entity. In general, this is supported by nesting the management duty within the approval duty, as is the case with the Purchase Order Approval Duty which contains the Purchase Order Management Duty. Therefore, only the Purchase Order Approval Duty needs to be mapped to a user because due to nested duties, the Purchase Order Approval Duty will grant search, view, maintain, submit and approval access. However, there are some exceptions to this nested structure, in which case you should ensure both the management and approval duty are assigned to the role to which you wish to grant approval level access. Approval duties are assigned to reviewers of an area.
Limited Use Duties
In the Merchandising Cloud Services Suite, there are limited use duties which provide access, but only to the application administrator role provided in the default security configuration. In the Locations Destination, there is only one such duty. This duty cannot be mapped to any other roles.
-
Administrator Security Console Duty
Grants access to the Security folder on the Settings menu where security roles, duties and privileges are managed. The default security configuration has this duty assigned to the Application Administrator role.
Determining Access for your Organization
When determining access for a given role in your organization, start by categorizing each role with a duty type for each functional area in the solution. For example, a Sourcing Analyst may be a viewer of cost changes and a contributor of cost zone and purchase order definitions. They may have no access to system options and may have approval privileges over customs entries and obligations.
Duty Definitions
For ease of mapping privileges to roles, privileges are logically grouped into duties. Duties may contain one or more privileges as well as other duties. Table 3-1 lists the privileges and nested duties contained in each of the predefined duties provided in the default security configuration:
Table 3-1 Duty Definitions
| Functional Area | Access Level | Duty | Duty Description | Duties and Privileges Contained Within |
|---|---|---|---|---|
|
Administration – Settings Administrator Console |
Access Granted |
Administrator Security Console Duty |
A duty for accessing the Application Administration Console (RAAC) suggestion link in the Foundation solution’s Home experience. Within the Application Administration Console, this duty also grants access to the Security folder and tasks under this folder in the Settings menu in the Oracle Retail Application Administration Console (RAAC). |
No duties or privileges are contained in this duty. Assigning the duty to a role grants the user access. |
|
Locations - Organizational Hierarchy |
Inquiry |
Organizational Hierarchy Inquiry Duty |
A duty for searching for and viewing the organizational hierarchy, stores and warehouses via the Organizational Hierarchy screen. This includes viewing all grouping levels of the hierarchy, Company, Chain, Area, Region, and District. |
View Organizational Hierarchy Priv View Company Priv View Stores Priv |
|
Locations - Organizational Hierarchy |
Management |
Organizational Hierarchy Management Duty |
A duty for creating and maintaining the grouping levels of the Organization Hierarchy. This includes all grouping levels of the hierarchy, Company, Chain, Area, Region, and District. This duty is an extension of the Organizational Hierarchy Inquiry Duty. |
Organizational Hierarchy Inquiry Duty Maintain Company Priv Maintain Chains Priv Maintain Areas Priv Maintain Regions Priv Maintain Districts Priv |
|
Locations |
Inquiry |
Location Inquiry Duty |
A duty for searching for stores and warehouses via the Stores and Warehouses screen, and viewing store and warehouse definitions. |
Search Stores and Warehouses Priv View Stores Priv View Warehouses Priv |
|
Locations |
Management |
Location Management Duty |
A duty for maintaining stores and warehouses. This duty is an extension of the Location Inquiry Duty. |
Location Inquiry Duty Maintain Stores Priv Maintain Warehouses Priv |
|
Locations – Stores |
Inquiry |
Store Inquiry Duty |
A duty for viewing store definitions. |
Search Stores and Warehouses Priv View Stores Priv |
|
Locations – Stores |
Management |
Store Management Duty |
A duty for maintaining store definitions. This duty is an extension of the Store Inquiry Duty. |
Store Inquiry Duty Maintain Stores Priv |
|
Locations – Warehouses |
Inquiry |
Warehouse Inquiry Duty |
A duty for viewing warehouse definitions. |
Search Stores and Warehouses Priv View Warehouses Priv |
|
Locations – Warehouses |
Management |
Warehouse Management Duty |
A duty for maintaining warehouse definitions. This duty is an extension of the Warehouse Inquiry Duty. |
Warehouse Inquiry Duty Maintain Warehouse Priv |
Duty to Role Mappings
The job roles provided in the default security configuration have the following duties assigned to control their levels of access:
Application Administrator
| Functional Area | Access Level | Duty Assigned |
|---|---|---|
|
Administration – Settings Administrator Console |
Access Granted |
Administrator Security Console Management Duty |
|
Locations – Organizational Hierarchy |
Management |
Organizational Hierarchy Management Duty |
|
Locations |
Management |
Locations Management duty |
Data Steward
| Functional Area | Access Level | Duty Assigned |
|---|---|---|
|
Administration – Settings Administrator Console |
Access Granted |
Administrator Security Console Management Duty |
|
Locations – Organizational Hierarchy |
Management |
Organizational Hierarchy Management Duty |
|
Locations |
Management |
Locations Management duty |
Supply Chain Analyst
| Functional Area | Access Level | Duty Assigned |
|---|---|---|
|
Administration – Settings Administrator Console |
No Access |
|
|
Locations – Organizational Hierarchy |
No Access |
|
|
Locations |
Management |
Locations Management duty |
Privileges
For each functional area in the Locations Destination, there is an associated set of privileges. The privileges build upon each other. For example, in order to be able to maintain a store, the user must also be able to search for and view stores. Therefore, the Store Management Duty contains the Search Stores and Warehouses, View Stores, Maintain Stores privileges. Similarly, when granting a user approval privileges, they must also have the privileges associated with inquiry and management of the entity.
Figure 3-1 Privileges by Level of Access for Users
Privilege Definitions
This table lists all of the privileges available in Merchandising's Location Destination, along with the duty type to which they are assigned in the default configuration.
Table 3-2 Privilege Definitions
| Functional Area | Privilege | Privilege Description |
|---|---|---|
|
Locations - Organizational Hierarchy |
View Organizational Hierarchy Priv |
The View Organization Hierarchy Priv provides access to the Organizational Hierarchy screen in the Locations module, to view all levels of the Organizational Hierarchy. |
|
Locations - Organizational Hierarchy |
View Company Priv |
A privilege for viewing the Company definition via the Organizational Hierarchy screen in the Locations module.Users with this privilege must also have the View Organizational Hierarchy Priv. |
|
Locations - Organizational Hierarchy |
Maintain Company Priv |
A privilege for editing the Company definition via the Organizational Hierarchy screen in the Locations module.Users with this privilege must also have the View Organizational Hierarchy Priv. |
|
Locations - Organizational Hierarchy |
Maintain Areas Priv |
A privilege for creating and editing Areas.Users with this privilege must also have the View Organizational Hierarchy Priv. |
|
Locations - Organizational Hierarchy |
Maintain Chains Priv |
A privilege for creating and editing Chains.Users with this privilege must also have the View Organizational Hierarchy Priv. |
|
Locations - Organizational Hierarchy |
View Company Priv |
A privilege for editing the Company definition.Users with this privilege must also have the View Organizational Hierarchy Priv. |
|
Locations - Organizational Hierarchy |
Maintain Districts Priv |
A privilege for creating and editing Districts.Users with this privilege must also have the View Organizational Hierarchy Priv. |
|
Locations - Organizational Hierarchy |
Maintain Regions Priv |
A privilege for creating and editing Regions.Users with this privilege must also have the View Organizational Hierarchy Priv. |
|
Locations |
Search Stores and Warehouses Priv |
A privilege for searching for stores and warehouses. This allows access to the Stores and Warehouses search screen, but does not allow users to view details of any stores or warehouses or perform actions against the locations. |
|
Locations |
View Stores Priv |
A privilege for viewing store definitions, including addresses, store services, store conditions, store traits and walk-through stores and custom flexible attributes (CFAS).Users with this privilege must also have the Search Stores and Warehouses Priv. |
|
Locations |
Maintain Stores Priv |
A privilege for creating and editing store definitions, including addresses, store services, store conditions, store traits and walk-through stores and custom flexible attributes (CFAS).Users with this privilege must also have the Search Stores and Warehouses Priv, and the View Stores Priv. |
|
Locations |
View Warehouses Priv |
A privilege for viewing physical and virtual warehouse definitions, including addresses and custom flexible attributes (CFAS).Users with this privilege must also have the Search Stores and Warehouses Priv. |
|
Locations |
Maintain Warehouses Priv |
A privilege for creating and editing physical and virtual warehouse definitions, including addresses and custom flexible attributes (CFAS).Users with this privilege must also have the Search Stores and Warehouses Priv, and the View Warehouses Priv. |