An Oracle White Paper

June 2012

Oracle Fusion Applications

Creation of a View Only Role in Procurement
 Creation of a View Only Role in Procurement

Disclaimer
The following is intended to outline our general product direction. It is intended for information
purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality described for Oracle’s products
remains at the sole discretion of Oracle.

Warning
This document is intended to provide an introduction to the setup of a Shared Services Enterprise
Structure and is not a comprehensive setup document.
 Creation of a View Only Role in Procurement

Executive Overview ........................................................................... 1

Background ....................................................................................... 2
Case Study ........................................................................................ 4
Introduction.................................................................................... 4
The View Only Role ....................................................................... 6
Conclusion ...................................................................................... 12
References ...................................................................................... 14
 Creation of a View Only Role in Procurement

Executive Overview

Fusion Applications are packaged with a seeded Role Based Access Control reference
implementation consisting of over 180 Roles that represent a wide variety of enterprise
business job functions. In certain cases, customers have within their organizations auditor
roles that assume oversight responsibilities over transactional systems and require View Only
access to various system transactions. This document aims to show an example of how such a
Role can be defined.

1
 Creation of a View Only Role in Procurement

Background

In this document we will use the Procurement Applications as an example of how View Only
Roles are defined in Fusion Applications. It should be noted that the ability to do the same
type of setup in other product families depends on the availability within those products of
duties similar to the ones we will use in this example to model our View Only Role.

Procurement Agents in Fusion Applications are primarily responsible for the generation and
management of purchasing documents such as purchase orders and purchasing agreements.
Depending on their roles they could also be responsible for the management of the RFx
process and the awarding of supply contracts.

Fusion Procurement provides the following Agent RBAC seeded roles

Seeded Role Description

Procurement professional responsible for

Buyer
transactional aspects of the procurement processes.
Procurement professional responsible for identifying
savings opportunities, determining negotiation
strategies, creating request for quote, request for
Category Manager information, request for proposal, or auction events
on behalf of their organization and awarding future
business typically in the form of contracts or
purchase orders to suppliers.
Procurement professional responsible managing a
Procurement Manager
group of buyers in an organization.
Responsible for technical aspects of keeping
procurement applications systems available as well
Procurement Application Administrator
as configuring the applications to meet the needs of
the business.
Manages agreements and catalog content including
catalogs, category hierarchy, content zones,
Procurement Catalog Administrator
information templates, map sets, public shopping
lists, and smart forms.

Procurement professional responsible for creating,

Procurement Contract Administrator
managing, and administering procurement contracts.

2
 Creation of a View Only Role in Procurement

In addition to the Agent Roles listed above, Fusion Procurement provides:

• Requester Roles provisioned to Employees and Contingent Workers to create

requisitions for themselves or for others.

• External Supplier Roles provisioned to Supplier Users.

The main Purchasing Duties and their corresponding Privileges are listed below. The
highlighted entries represent the seeded View Only Duty and Privileges. In order to create a
View Only Role we will need to have our custom Role inherit this Duty to the exclusion of other
Duties which provide broader access to Purchasing Functionality.

DUTIES PRIVILEGES
Purchase Order Administration Duty Communicate Purchase Order and Purchase Agreement
Generate Purchase Order
Import Purchase Order
Purge Purchasing Document Open Interface
Reassign Purchasing Document
Retroactively Price Purchase Order
Purchase Order Changes Duty Change Purchase Order
Communicate Purchase Order and Purchase Agreement
Purchase Order Control Duty Acknowledge Purchase Order
Cancel Purchase Order
Change Purchase Order Line Negotiated Flag
Change Supplier Site
Close Purchase Order
Finally Close Purchase Order
Freeze Purchase Order
Hold Purchase Order
Purchase Order Creation Duty Cancel Purchase Order
Create Purchase Order
Create Purchase Order from Requisitions
Create Purchase Order Line from Catalog
Purchase Order Creation from Requisition Lines
Only Duty Cancel Purchase Order
Create Purchase Order from Requisitions
Purchase Order Overview Duty Search Purchase Order
View Purchase Order
View Purchasing Workarea
Purchase Order Viewing Duty View Purchase Order

3
 Creation of a View Only Role in Procurement

Case Study

Introduction

This example illustrates the process of creating a Vi

View Only Role for a procurement
rocurement auditor.
a

Before we outline the setup steps, let us examine the Menu entries available in the Fusion
Navigator to a user with the Buyer Role.

Figure 1. Menu Items of a User Provisioned with the Buyer Role

4
 Creation of a View Only Role in Procurement

The figure above traces the Menu Items available to the Buyer Role to the Privileges contained
in their assigned Duties. The Buyer however has several additional Duties that provide access
to multiple tasks as seen in the Figure 2 illustrating the Purchasing Workarea‘s Tasklist in the
left pane of the page.

Of note also is the list of Actions that the Buyer ccan

an take on a Purchasing Document, notably
the creation of a Document as seen in Figure 2 and the Editing Actions seen in Figure 3

Navigation: Navigator > Procurement> Purchasing

Select
ct Orders > Manage Orders from the Tasklist Tree

Figure 2. Tasklist and Actions in the Purchasing Workarea for a User Provisioned with the Buyer Role

5
 Creation of a View Only Role in Procurement

Navigation: Navigator > Procurement> Purchasing

Select Orders > Manage Orders from the Tasklist Tree
Search for a Purchase Order > Select Record > Click on Edit > Open the Actions Drop Down
Menu

Figure 3. Available Actions on a Purchasing Document for a User Provisioned with the Buyer Role

The View Only Role

We
e will now proceed to create a custom View Only Role that inherits the Purchase Order
Overview Duty and provision that Role which we will name ECW Purchasing Only Role to a
user who serves as the auditor in the enterprise.

Figure 4 shows the Custom Role in the Authorization Policy Manager Dashboard.

Navigation: Navigator > Tools > Setup and Maintenance

Search for Manage Job Roles Task and go to task
Click Create Role link
Provide Name and Display Name, e.g., Purchasing View Only Role
Associate role with a Category, e.g., Procurement – Job Roles
Click Save button
Close Identity Manager Page
Navigation: Search for Manage Duties Task and go to task
Search for your newly created Job role and View it
Click the Application Role Mapping tab
Click the Map icon
Select Application: fscm > Display: Purchase Order Overview Duty

6
 Creation of a View Only Role in Procurement

Click Search button

Select Duty Role and click Map Roles button

Figure 4. Custom Role that inherits the Purchase Order Overview Duty

Once the Role is created and the hierarchy mapped, o

our next step
ep is to assign that Role to a
user through the HCM Manage Users task
task.

Navigate: Manage HCM Role Provisioning Rules and go to task

Click Create icon
Provide a Mapping Name
In the Associated Roles region, click the Add icon

Figure 5 below shows the

e provisioned role in the Oracle Identity Manager dashboard.

7
 Creation of a View Only Role in Procurement

Figure 5. Assigned View Only Role visible in OIM

To allow access to purchasing documents

documents, we need to define the user as a purchasing agent
and determine that user’s access to procurement business units and within these business
units to determine the level of access the user will have to purchasing documents

Navigate: From Setup and Maintenance Search for Manage Procurement Agent and go to
task
Click Create icon
Select your User,
er, and a Default Procurement Business Unit.
Select the desired Access Level
Save and Close

8
 Creation of a View Only Role in Procurement

Figure 6. Agent Setup

The auditor user is now ready to use the system to view purchase orders. As we can see in the
following three figures, the user has the Purchasing Menu item in their Fusion Navigator but
are not able to either create or edit any of the purchasing document they can view

Figure 7. Navigator Menu Items for the Auditor user

Navigation: Navigator > Procurement> Purchasing

9
 Creation of a View Only Role in Procurement

Select Orders > Manage

anage Orders from the Tasklist Tree

Figure 8. No Create Document capability for the Auditor user

Navigation: Navigator > Procurement> Purchasing

Select Orders > Manage Orders from the Tasklist Tree
Search for a Purchase Order > Select Record > Click on Edit > Open the Actions Drop Down
Menu

Figure 9. No Edit Document capability for the Auditor user

10
 Creation of a View Only Role in Procurement

Additional Considerations

The Manage Orders task in

n the Purchasing workarea points to the following taskflow:

/WEB-
INF/oracle/apps/prc/po/manageDocument/publicUi/searchDocument/flow/PurchaseOrderSearc
nageDocument/publicUi/searchDocument/flow/PurchaseOrderSearc
hMainFlow.xml#PurchaseOrderSearchMainFlow

This taskflow is one of the resources available in the Search Purchase Order Privilege itself
included in the Purchase Order Overview Duty we have assig
assigned
ned to our custom role and
which is also in the hierarchy of the Buyer Role. This explains the availability of the Manage
Orders Entry for both users
sers referenced in this document.

Figure 10. Search Purchase Orders Privilege

11
 Creation of a View Only Role in Procurement

On the other hand, creating purchase

urchase orders is available to the Buyer role but not to our
custom role. Of the two roles outlined in this case study section of this document, only the
Buyer role has in its hierarchy the Purchase Order Creation Duty. This explains
xplains why the user
with the Buyer role can create
reate orders but the user with our custom role cannot.

Figure 11. Create Purchase Order Privilege

12
 Creation of a View Only Role in Procurement

Conclusion

In this document we have shown how to create a view only role for an auditor of purchasing
documents. We were able to do so without the creation of new privileges or the manipulation of
resources but simply by creating a custom role and assigning to it an existing view only duty. In
the reference implementation, the view only duty we used is available to many roles within and
outside of Procurement; however these roles have other duties that might not be relevant to a
procurement auditor.

13
 Creation of a View Only Role in Procurement

References

“Roles, Duties & Privileges” My Oracle Support Note 1460486.1

“Menu to privilege mapping” My Oracle Support Note 1459828.1

14
White Paper Title Copyright © 2011, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the
Aug 2012 contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other
Authors: Elie Wazen warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or
fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are
Oracle Corporation
formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any
World Headquarters
means, electronic or mechanical, for any purpose, without our prior written permission.
500 Oracle Parkway
Redwood Shores, CA 94065
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
U.S.A.

Worldwide Inquiries: AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices.
Phone: +1.650.506.7000 Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license
Fax: +1.650.506.7200 and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open
Company, Ltd. 1010
oracle.com