Implementing Oracle Discoverer with Oracle E-Business Suite,

Successfully
by Paul Vella (Senior Consultant – Oakton Ltd).

1 Introduction
The Oracle Discoverer reporting solution can now be tightly integrated into your E-Business suite application.
The level of integration provided allows you to utilise the existing user and security information that already
exists within your Oracle E-Business suite implementation. This includes the existing User and
Responsibility information within the Oracle database.

This presentation will look at the implementation of a Corporate Reporting System within the University of
Melbourne based upon Oracle Discoverer. It will look at some of the decision processes and issues that were
addressed during this implementation project as well as the anticipated benefits that the University expects to
derive from the implementation of Discoverer.

The University of Melbourne made a decision in the year 2000 to start a project to change the University's
administration systems. A project was established and the need was identified for an integrated solution that
would facilitate moving to an accrual accounting system while enabling the University to deploy key business
applications over the Internet and improve operational effectiveness. This project was called the “University
Systems Project” or USP. The project incorporated the Finance systems as well as Students, Human
Resources, Payroll, and Research systems. The initial project to implement a new Finance system went live
on 1st January 2003. The Finance implementation within the University has been named “Themis”.
P P

The University has more than 30,000 students and 5,500 staff, and a very mixed environment in terms of
using a variety of PCs and Macs. There are currently over one thousand users of the Finance system alone,
with between 80 to 100 concurrent users logging into the system. It is anticipated that a Corporate Reporting
solution would need to cater for about 25 – 40 concurrent users. This number is expected to grow once other
administrative systems are also integrated into the solution.

Themis Financials has replaced the former finance system - MUFAS - and went live in January 2003. During
2002, business case analyses on the most appropriate student system solution and research system solution for
the University were undertaken. A business case analysis and recommendation on the suitability of
implementing an Oracle HR/Payroll solution will also be completed soon.

Reporting has been identified in User Group Meetings as well as executive steering group meetings as a
critical success factor of the recently implemented 11i solution at the University of Melbourne. Although the
Oracle E-Business suite comes with thousands of existing standard reports, and numerous Financial
Statements had been developed using the FSG tool, there still existed a significant reporting requirements
gap. This became increasingly evident about eight months after the implementation of the system and was
identified by key users and Management Teams as a key issue arising from the implementation of the new
system.

There are several areas in which the existing reports do not adequately meet the University requirements.
These include:

• Reports required to facilitate the reconciliation of interfaces to legacy applications,

• Linkage reports for purchases and payables,
• Consolidation reporting,
• Specialised taxation requirements including Goods and Services Tax (GST) and Fringe
Benefits Tax (FBT),
• Salary Analysis Reporting,
• Reporting of Internal Orders and Charges,
 • Key Performance Indicator (KPI) reporting,
• Reporting on dependant segments of the chart of accounts,
• Reports based on the Descriptive Flexfields established in the system,
• And Research Reporting.

While some of the reporting shortfall could be overcome by the implementation of the Discoverer Client
Server tool for key administrative staff, which were centrally located, it became apparent that the Client
Server solution could not be implemented to the wider university without significant costs and considerable
maintenance issues.

Specifically the following problems were identified with the Client Server Discoverer tool:

• The Oracle Discoverer client software does not operate on the Apple Macintosh
environment, for which there is a significant installed based within the University of
Melbourne, especially within the various faculties.
• The client installation requires that an additional port needs to open on the network firewall
to allow TCP/IP traffic directly between the database server and the Personal Computer that
is running the software. This has proved to be time consuming, difficult to maintain,
problematic and represents an additional security threat to the Production environment.
• The Oracle Discoverer client software does not operate as well across a Wide Area Network
(WAN) and has significant bandwidth requirements per client, due the client server
architecture of the software.
• The Oracle Discoverer client software itself has proved to be problematic and difficult to
install and maintain. This is due in part to the variety of machines and operating systems in
existence within the University. The software requires additional components and patches to
be installed before it can become fully operational.

In order to alleviate these problems, a web-based Corporate Reporting solution was required, which could
deliver reports swiftly and efficiently throughout the varied locations and operating environments within the
University.

Some of the key requirements of such a solution are;

• The ability to launch reports directly from within the Oracle Financials system, in order to
minimise the amount of re-training effort required for the existing user base.
• Integrated security including user and responsibility information already existing within the
Oracle Applications database. In addition, the existing security rules that have been defined
for those responsibilities needed to be able to limit the records returned to only the records
that users already had access to. i.e. limit the records returned based upon the Company and
Cost Centre records that they have access to based upon the rules that have already been
defined at the responsibility level. This was deemed to be a critical requirement, because of
the sensitivity of information across cost centres and also to minimise the amount of
additional security administration required to maintain the security.
• The ability to drill down from a report on GL Balances information down to the Journal lines
information and further to the AP Invoices and Payments, AR Invoices and Receipts, and
Purchase Order information for the originating entries.

This paper addresses the key components of implementation of the Corporate Reporting Solution that is being
currently deployed throughout the University of Melbourne. It addresses the key customer issues identified,
as well as the features of the solution implemented and the implementation method that has been adopted.
2 Importance of Security

2.1 Hypothetically Without Security!!!

Imagine you have just set up your Corporate Reporting System, which accesses a Data Warehouse and
utilises Metadata to make the generation of reports a relatively straightforward task. Not only that, within
minutes you can publish that information to the most remote corners of your organization in a matter of
minutes. The new Corporate Reporting System allows your users to access corporate data in a predetermined
format, whenever they want. This provides the information necessary to enable them to solve the most
complicated business problems and make informed decisions. Your users no longer feel frustrated with the
inability of the ITS and Administrative staff to respond quickly to your reporting requirements. Your
managers are empowered with information at their fingertips and your own Manager could not be happier.

This may be a good time to talk to management about that salary bonus you MUST be entitled to!!!

After a while you start to realise that your users may now have access to TOO much information. You made
no effort to classify, and restrict access to this newfound store of information. Your Departmental Managers
are using the information, they can now access so easily, to look at other Departmental managers information
and compare budgets and expenditure. This is causing concern as some Managers are asking why their
budget is lower than other parts of the organization, when they consider themselves to be “Just as Important”.
One clever bookkeeper looks at your Executive Manager’s travel expenses and finds some information there
that he thinks would be very interesting to the local paper. Everywhere you look people are accessing
information that they shouldn’t have access to and using it for political and non-productive purposes. This
information may have already been available in summary format, or via query screens, but never available so
readily, or with the ability to drill down, make comparisons and categorise information.

You even have a look around yourself and discover that you can easily issue complex queries, which consume
considerable system resources and put undue strain on the entire system, which results in a “Please Explain
what you are doing” query from the DBA. What’s worse someone has worked out how to get the salary,
address and contact numbers for anyone in the University and has sold that information to an international
spamming agency.

The new Corporate Reporting system is causing you major stress. Maybe this is NOT the time to talk to
Management about your salary!!!

The problem is that your implementation did not consider that security was a priority during the development
of Corporate Reporting Solution. Driven by the need to implement a solution on time and within budget, you
did not give security requirements any analysis at all. No consideration was made about what information
could be considered sensitive or confidential and the impact that access to information would have on the
organization as a whole.

2.2 A Considered Approach

Firstly you will need to identify all of the data that will be placed within the Data Warehouse or Metadata
upon which you will base the Corporate Reporting Solution. This means that you will need a complete
inventory of all the data that will be available. Within Discoverer there is a pre-built EUL that will report on
all the business areas, folders, columns, and profiles of data residing in the End User Layer.

Next you will need to classify the data in the Repository to satisfy security requirements for data
confidentiality. You will need to take into account any legal requirements for confidentiality of information.

Finally, information will need to be classified on the basis of criticality or sensitivity to disclosure,
modification, and destruction. The sensitivity of corporate data can be classified as:

• PUBLIC: For data that is less sensitive than confidential corporate data. Data in this category is
usually unclassified and subject to public disclosure by laws, common business practices, or
company policies. All users can access this information and it may in fact be published information
to the wider community.
 • CONFIDENTIAL: This information is more sensitive than public data, but less sensitive than top-
secret data. Data in this category is not subject to public disclosure. The principle of least privilege
applies to this data classification category, and access to the data is limited to a need-to-know basis.
Users can only access this information if it is needed to perform their work successfully (e.g.,
department information for departmental managers, personal information, medical history, etc.).

• TOP SECRET: For data that is more sensitive than confidential data. Data in this category is highly
sensitive and mission-critical. The principle of least privilege also applies to this category -- with
access requirements much more stringent than those of the confidential data. Only high-level
Administrators (e.g., System Administrators) with proper security clearance can access this data
(e.g., R&D, trade secrets, business strategy, etc.). Users can access only the data needed to
accomplish their critical job duties.

Once information has been classified in this way, you can make informed decisions about what security
mechanisms will be required in the implementation of your Reporting Systems. The information stored
in the E-Business Suite for the University has been deemed to either be Confidential at the Department
Level, apart from central administrative staff.

Apart from the reduced risk of people using information inappropriately, an added benefit of the security
of data has been the performance of reports produced by the system. Eliminating the records that people
do not have access to when reporting has provided a dramatic improvement in performance for many
reports that will be generated by the majority of users within the University.

3 Security Integration with Oracle E-Business Suite

So you will probably now agree that the implementation of security has been critical to the success of this
implementation. This section of the paper will deal with the actual implementation of that security within the
University’s Corporate Reporting Solution.

3.1 Discoverer and E-Business Suite Integration

The mechanism to provide this level of security is provided within Oracle Discoverer and the E-Business
Suite. Firstly, Oracle Discoverer provides the ability to login using existing Oracle Application Users and
Responsibilities. In Discoverer Security access to Business Areas can be assigned to individual
responsibilities. This means that depending on what responsibility is chosen, when a person logs in, they will
have access to different Business Areas, and Workbooks (Reports). A mechanism is also provided that a list
of available reports, or individual reports to be displayed directly from a menu within the Oracle E-Business
Suite System.

To enable this feature you would have to Create a Custom Function within the Oracle E-Business suite. From
a user that has access to the “System Administrator” menu;

• Navigate to Application->Function

• Create a new record. Next to the “Type” field enter “SSWA PL/SQL”. Next to the “Call” field
enter “OracleOASIS.RunDiscoverer”. This would display the entire list of available reports that a
user has access to.

• If you wish to run an actual report itself, find the field “Parameters” and enter the following:
“Workbook=WORKBOOK_IDENTIFIER”. You will need to enter the identifier for the workbook
you are trying to run.

3.2 Row Level Security

The ability also exists within the Oracle Discoverer tools to utilize the security rules that are defined at the
responsibility level in order to limit the rows that are displayed to the user. The standard
GL_SECURITY_PKG can be used to perform this functionality. At the responsibility level you would need
to run the built-in function GL_SECURITY_PKG.INIT when users log in. This can be achieved using the
profile option “Initialization SQL Statement – Custom” set at the responsibility level. Set the profile option at
the Responsibility Level to the following value;

• begin gl_security_pkg.init; end;

This function call will populate the table “GL_BIS_SEGVAL_INT” with all the segment values, for each
segment, that you have access to, whenever a user logs in. You can add the following to the “where clause”
of your EUL custom Folders or Database Views to restrict the records users will have access to when they run
reports;

• …AND GL_SECURITY_PKG.VALIDATE_ACCESS( SET_OF_BOOKS_ID,

CODE_COMBINATION_ID ) = 'TRUE'

The following diagram helps to illustrate the integration between Oracle Applications and Oracle Discoverer
Viewer.

Login Request

Discoverer Oracle E-Business

Product Suite

User and Responsibility

Call via init profile

Discoverer
option ->
Report
gl_security_pkg.init

GL_BIS_SEGVAL_ Insert rows based

Where
INT upon security rules
clause
includes join

3.3 Drill Down Implementation

In the Discoverer Web-Based products you have the ability to drill down from one Workbook to an entirely
different workbook, passing whatever parameters you wish along the way. This functionality makes it
possible to drill down from GL Balances to GL Journals, Payables and other related information.

This section of the paper will deal with the implementation details of providing this functionality.

Firstly you will need to build a PL/SQL package or function that will accept a number of input parameters,
such as the “Period”, “Parameter Names” and “Parameter values”. This function will use these values, and
the existing user information to build a URL to can be used to call an existing Discoverer Workbook and
Worksheet. The URL will utilise the existing Oracle E-Business Suite security (Browser Based Cookie) so
that the user will not have to login again.
We will call this function “GLC_BUILD_DISCOVERER_URL”. This function will be used to drill down
from one report to another. This function accepts inputs for the worksheet parameter name, a parameter
value, period name and workbook and worksheet identifiers as parameters and builds a URL that can be used
within your Discoverer EUL folder to provide a drill down to another Discoverer Viewer report. The actual
PL/SQL code for this function is included as an Appendix within this paper.

Next you will need to log in to Discoverer Administration Edition and register the Function and its arguments.

You can now create a URL calculated field within any of your folders, passing across the required values to
this PL/SQL function.
Congratulations, you now have a field that can be used within your Discoverer Reports to drill down to
another Worksheet in another Workbook.
4 Appendix
FUNCTION glc_build_discoverer_url (I_SEGMENT IN varchar2,
I_SEGMENT_VALUE IN varchar2,
I_PERIOD IN varchar2,
I_WORKBOOK IN varchar2,
I_WORKSHEET IN varchar2) RETURN varchar2
--
-- This function is a generic drill down function to be used to drill from one discoverer
workbook
-- to another. The arguments that are passed are as follows:
-- I_SEGMENT = The name of the segment parameter in the workbook parameters. i.e. Project
-- I_SEGMENT_VALUE = The actual value that you want to pass to the drill down workbook.
-- I_PERIOD = The period parameter that you want to pass down to the worksheet.
-- I_WORKBOOK = The identifier for the workbook that you will be calling. i.e.
UOM_REVENUE_AND_EXPENSES
-- I_WORKSHEET = The identifier for the worksheet to be opened within the Workbook. i.e.
30
--
IS
V_USERNAME varchar2(20);
V_RESPONSIBILITY_NAME varchar2(100);
V_RESPONSIBILITY_ID number;
V_URL varchar2(500);
v_discoverer_viewer_url varchar2(500);
v_session_id number;
v_sid number;
v_expired varchar2(50);
v_apps_secure varchar2(100);
v_default_eul varchar2(50);
v_user_id number(15);
v_application_id number(15);
v_security_group_id number(15);
BEGIN
-- Get fnd_global variables
V_USERNAME := fnd_global.USER_NAME;
V_RESPONSIBILITY_ID := fnd_global.resp_id;
v_user_id := fnd_global.user_id;
v_application_id := fnd_global.resp_appl_id;
v_security_group_id := fnd_global.security_group_id;
v_apps_secure := FND_WEB_CONFIG.DATABASE_ID;
-- Get the Discoverer Viewer launch profile setting
v_discoverer_viewer_url := FND_PROFILE.value('ICX_DISCOVERER_VIEWER_LAUNCHER');
v_default_eul := fnd_profile.value('ICX_DEFAULT_EUL');
V_URL := v_discoverer_viewer_url||v_apps_secure||
chr(38)||'SessionCookieName='||icx_sec.g_session_cookie_name||
chr(38)||'eul='||v_default_eul||'_'||icx_sec.g_language_code||
chr(38)||'FrameDisplayStyle=separate' ||
chr(38)||'NLS_LANG=AMERICAN_AMERICA'||
chr(38)||'NLS_DATE_FORMAT=DD-MON-RRRR'||
chr(38)||'NLS_NUMERIC_CHARACTERS=.,' ||
chr(38)||'wbk='||I_WORKBOOK||
chr(38)||'wsk='||I_WORKSHEET||
chr(38)||'pg=1'||
chr(38)||'acf='|| v_application_id || v_responsibility_id ||
v_security_group_id ||
chr(38)||'NLS_DATE_LANGUAGE=AMERICAN'||
chr(38)||'NLS_SORT=BINARY'||
chr(38)||'qp_'||I_SEGMENT||'='||I_SEGMENT_VALUE||
chr(38)||'qp_Period='||I_PERIOD||
chr(38)||'_act=Apply~20Parameters';

return (V_URL);

END glc_build_discoverer_url;