1. Implementing Product Management
  2. Set Up Data Security for Item Classes

Set Up Data Security for Item Classes

Before you can create or view items in the Product Information Management or Product Development work areas, you must define data security for items. You define data security in item classes for each pairing of roles to organizations and of users to organizations.

If the Public check box is checked on an item class, then data security setup isn't required. For more details on how public item classes work, refer to the related topic on item classes listed here.

Initially, you must define data security in the root item class and the master organization for both the Product Manager and the Product Data Steward roles. If you created an implementation user to create items in the Product Information work area, then you must assign the Product Manager and Product Data Steward roles to that user, and you must assign that user to the master organization. (Assign the appropriate role or roles and organizations to any additional users you create to control what each user is allowed to do in the application.) You can assign all of the actions to the Product Manager and Product Data Steward role for the master organization to allow all users with these roles to have complete access to item data.

Note: Oracle recommends that security administrators don't assign these predefined roles directly to users. Instead, make a copy of a predefined role, remove the privileges that your users don't need, and assign users the role that contains only the privileges they need.

The following table describes the specific actions that you must assign to both the Product Manager and the Product Data Steward roles for the root item class and the master organization you created. (When you create additional organizations, you must define data security for each organization that these roles are assigned to.)

Actions

Description

Maintain Item Asset Maintenance Group

Allows access to edit item asset management specifications. Does not encompass view privilege.

Maintain Item Attribute

Allows access to edit item user defined attribute specifications. Does not encompass view privilege.

Maintain Item Basic

Allows access to edit item basic information including attachments, organizations, suppliers, relationships, and other related information.

Maintain Item Costing Group

Allows access to edit item costing specifications. Does not encompass view privilege.

Maintain Item General Planning Group

Allows access to edit item general planning specifications. Does not encompass view privilege.

Maintain Item Inventory Group

Allows access to edit item inventory specifications. Does not encompass view privilege.

Maintain Item Invoicing Group

Allows access to edit item invoicing specifications. Does not encompass view privilege.

Maintain Item Lead Times Group

Allows access to edit item lead times specifications. Does not encompass view privilege.

Maintain Item MRP And MPS Group

Allows access to edit item MRP and MPS specifications. Does not encompass view privilege.

Maintain Item Order Management Group

Allows access to edit item order management specifications. Does not encompass view privilege.

Maintain Item Pack

Allows access to edit item packs. Does not encompass view privilege.

Maintain Item People

Allows management of user access to items in the enterprise. Does not encompass view privilege.

Maintain Item Physical Group

Allows access to edit item physical specifications. Does not encompass view privilege.

Maintain Item Primary Group

Allows access to edit item primary specifications. Does not encompass view privilege.

Maintain Item Process Manufacturing Group

Allows access to edit item process manufacturing specifications. Does not encompass view privilege.

Maintain Item Purchasing Group

Allows access to edit item purchasing specifications. Does not encompass view privilege.

Maintain Item Receiving Group

Allows access to edit item receiving specifications. Does not encompass view privilege.

Maintain Item Revision

Allows access to create and manage item revisions. Does not encompass view privilege.

Maintain Item Service Group

Allows access to edit item service specifications. Does not encompass view privilege.

Maintain Item Structure

Allows access to create and manage item structures. Does not encompass view privilege.

Maintain Item Structure Group

Allows access to edit item structure specifications. Does not encompass view privilege.

Maintain Item Web Option Group

Allows access to edit item web option specifications. Does not encompass view privilege.

Maintain Item Work In Process Group

Allows access to edit item work in process specifications. Does not encompass view privilege.

View Item Attribute

Allows access to view item user-defined attribute specifications.

View Item Basic

Allows access to query and view item basic information including attributes, attachments, organizations, suppliers, and relationships.

View Item Pack

Allows access to view item packs.

View Item Structure

Allows access to view item structures.

Create Item Class Item

Allows access to create items within an item class.

Read

Read

Update

Update

For initial start up, define the data security at the root item class level and define the complete set of actions for the person or groups. Data security defined at the root item class level is inherited by all new item classes created. To define data security for an item class and organization:

  1. In the Items functional area of the Product Management offering, use the Manage Item Classes task.

  2. Select the Root Item Class row and click on the Edit icon.

  3. Click on the Security tab. The item class people and Actions tables are initially empty.

  4. To add a new row, click the Add icon in the item class people table.

  5. In the Principal field, choose Group or Person.

  6. In the Name column, click on the Search link.

  7. Enter for the role name and click on the button. The results show all combinations of the roles Product Manager or Product Data Steward and the organizations to which they were assigned.

  8. Select the organization that you created when performing the setup tasks for item organizations.

  9. Define the actions that the Product Data Steward and Product Manager roles can perform by adding actions to the Actions table.

    1. Click on the Select and Add icon to launch the Select and Add Actions dialog.

    2. Perform a search for each of the following terms, select all of the returned actions, then click apply:

      • Maintain

      • View

      • Create

    3. After selecting all of the appropriate actions, click OK to close the dialog.

  10. Repeat this process to define item class security for the Product Manager role.

  11. Save your changes.

Assign Privileges to View Item History

To enable users to view the history of an item and all its child objects, you must assign the following privileges:
  • View Item Basic data privilege – this privilege controls who can view the item and its attributes.
  • View Selected Item Audit History functional security privilege – this privilege controls who can access the History tab on the item.

Related Topics