Assign Security in Fusion ERP

07/11/2019 Knowledge
Switch to My Oracle Support NAMASUPPORT@GFI.IN (0) Contact Us Help
Cloud Support Dashboard Service Requests Knowledge Community Platinum SR Dashboard
Knowledge
Copyright (c) 2019, Oracle. All rights reserved. Oracle Confidential.
How to View the Output of an ESS Jobs Submitted By Another User Based on Role? (Doc ID 1980772.1) To Bottom
Modified: 28-Aug-2019 Type: HOWTO
In this Document
Goal
Solution
Prior to Release 11.12.1 using APM
Steps to have other users access the output of a particular ESS job based on a role. As an example will choose the ESS job 'Retrieve Latest LDAP Changes'.
BI privileges needed for BI reports

Starting with Release 11.12.1 using Security Console
Example for granting a user privileges to see output of specific ESS job processes.
Example for granting a user privileges to see output of all the ESS job processes.
References
APPLIES TO:
Oracle Fusion Applications Common Components - Version 11.1.8.0.0 and later
Oracle Fusion Application Toolkit Cloud Service - Version 11.1.8.0.0 and later
Oracle Fusion Goal Management Cloud Service - Version 11.12.1.0.0 to 11.12.1.0.0 [Release 1.0]
Oracle Fusion Financials Common Module Cloud Service - Version 11.1.11.1.0 to 11.1.11.1.0 [Release 1.0]
Oracle Fusion General Ledger Cloud Service - Version 11.12.1.0.0 to 11.12.1.0.0 [Release 1.0]
Information in this document applies to any platform.
GOAL
How to view the output of an ESS jobs submitted by another user based on a role?
https://support.oracle.com/cloud/faces/DocumentDisplay?_afrLoop=446250107948303&_afrWindowMode=0&_adf.ctrl-state=x7b5lw52a_352#aref_section22 1/18
How to view the output of an ESS jobs submitted by another user based on a role?
For example one user is running a request and multiple users want to see the output.
Please note that a single user can see the output using elevated users with parameter SYS_runasApplicationID. For more details review Fusion Applications
Developer's Guide - 65 Working with Extensions to Oracle Enterprise Scheduler - 65.13 Elevating Access Privileges for a Scheduled Job
SOLUTION
Prior to Release 11.12.1 using APM
Steps to have other users access the output of a particular ESS job based on a role. As an example will choose the ESS job 'Retrieve Latest LDAP Changes'.
You may need to assign the user Monitors role which allow users to see all the ESS jobs but not the output. For more information please review What Job Role Will
Allow a Single Fusion User to View all ESS Scheduled Processes/Jobs? (Doc ID 1467664.1)
Create a custom role XX_VIEW_OUTPUT_SyncRolesJob in OIM
Search in APM for database resource ESS_REQUEST_HISTORY
Navigate to Conditions tab

Create a new condition for job SyncRolesJob: 'Condition for SyncRolesJob'
EXISTS
(select 1 from dual)
and DEFINITION in (
'JobDefinition://oracle/apps/ess/hcm/users/SyncRolesJob'
)
To get the job definition user can run the job and get the process ID. Then use the following query to get the job definition:
select DEFINITION
from FUSION.ESS_REQUEST_HISTORY
where REQUESTID=<process ID>;
Create a policy with the following actions
ESS_REQUEST_OUTPUT_READ
ESS_REQUEST_READ
read
In the similar way can be given different privileges like:
ESS_REQUEST_CANCEL
ESS_REQUEST_DELETE
ESS_REQUEST_HOLD
ESS_REQUEST_LOCK
ESS_REQUEST_OUTPUT_DELETE
ESS_REQUEST_OUTPUT_READ
ESS_REQUEST_PURGE
ESS_REQUEST_READ
ESS_REQUEST_RELEASE
ESS_REQUEST_UPDATE
delete
update
read
For more details review Fusion Applications Extensibility Guide for Developers - 6 Customizing and Extending Oracle Enterprise Scheduler Jobs - 6.3.7 Granting Job
Metadata Permissions to Application Roles and Users
Add custom role XX_VIEW_OUTPUT_SyncRolesJob
Choose the created condition: 'Condition for SyncRolesJob'
Submit the changes

Assign the custom role XX_VIEW_OUTPUT_SyncRolesJob to the users
Verify that the users can see the output of the ESS job 'Retrieve Latest LDAP Changes'
For ESS jobs that are BI Publisher reports the Republish button may not be available
To have access to the Republish button user will need BI Administrator role. For more information review Fusion Applications BI Security - How to assign BI Platform Roles
such as BI Administrator to a user using 'Manage Role Templates' Task (using APM interface)? [Video] (Doc ID 1572045.1)
Starting with Release 11.12.1 using Security Console
Example for granting a user privileges to see output of specific ESS job processes.
1. Login using user who has IT SECURITY MANAGER role assigned.

2. Choose Navigator -> Security Console.
3. choose administration --> manage database resources
a. Search on object ESS_REQUEST_HISTORY
b. Create the database condition and save and submit.
Edit and add the condition needed for the security policy name = ess condition
with a sql predicate such as:
EXISTS
(select 1 from dual)
and DEFINITION in (
'JobDefinition://oracle/apps/ess/hcm/users/SyncRolesJob'
)
4. Create a job role

Name test_ess
Code ess
Description testing for ess
Role Category HCM - Job Roles
5a. Create a data security policy
a. policy name = ess_request_history

b. Policy Description = ?????
c. Data Resource = ESS_REQUEST_HISTORY
d. Privilege = read; ESS_REQUEST_READ; ESS_REQUEST_OUTPUT_READ
e. data set = select by instance set
f. Condition = choose the condition created in step 3 (under manage database resources) ess condition
5b. Add the user
6. Run the ESS process: Import User and Role Application Security Data
Example for granting a user privileges to see output of all the ESS job processes.
Using Security Console create an abstract role to allow an user to see all the ESS job processes by assigning the application role ESS Monitor Role. For more
information review: What Job Role Will Allow a Single Fusion User to View all ESS Scheduled Processes/Jobs? (Doc ID 1467664.1)
In Security Console navigate to Data Security Policies tab
Press on Create Data Security Policy button
Give a name to Policy Name and choose Start Date

Search for Database Resource: ESS_REQUEST_HISTORY
Choose for Data Set: All Values

As Actions select: ESS_REQUEST_OUTPUT_READ
You may also need to select ESS_REQUEST_READ and read actions.
In the similar way can be given different privileges like:
Action Effect
ESS_REQUEST_READ Read the request, get request state, and get details.
ESS_REQUEST_UPDATE Update the request.
ESS_REQUEST_HOLD Hold request execution.
ESS_REQUEST_CANCEL Cancel a request execution.
ESS_REQUEST_LOCK Lock a request.
ESS_REQUEST_RELEASE Release the lock on a request.
ESS_REQUEST_DELETE Delete a request.
ESS_REQUEST_PURGE Purge a request.
ESS_REQUEST_OUTPUT_READ View the output of a request.
ESS_REQUEST_OUTPUT_DELETE Delete the output of a request.
ESS_REQUEST_OUTPUT_UPDATE Update the output of a request.
For more details review Oracle Fusion Middleware Administrator's Guide for Oracle Enterprise Scheduler 11g Release 1 - 4 Managing Oracle Enterprise Scheduler
Requests
In the Users tab assign the role to the required users

Once the above abstract role changes are completed save it
Run the ESS process: Import User and Role Application Security Data
Logout and login as the user which have assigned the abstract role and user should be able to see in Scheduled Processes all the logs and output files of the ESS
jobs.
For ESS jobs that are BI Publisher reports the Republish button may not be available
To have access to the Republish button user will need BI Administrator role. For more information review Oracle Fusion BI: How to Add the BI Administrator Role to a user
in Release 12. (Doc ID 2238277.1)
REFERENCES
NOTE:1467664.1 - What Job Role Will Allow a Single Fusion User to View all ESS Scheduled Processes/Jobs?
NOTE:1572045.1 - Fusion Applications BI Security - How to assign BI Platform Roles such as BI Administrator to a user using 'Manage Role Templates' Task (using APM
interface)? [Video]
▼ Attachments
Add Role DB Resource Policy (114.34 KB)
Choose Action DB Resource Policy (211.01 KB)
Choose Rule DB Resource Policy (190.74 KB)
Create Custom Role (76.85 KB)
Create DB Resource Condition (128.14 KB)
Create DB Resource Policy (152.75 KB)
Create Data Security Policy (84.62 KB)
DB Resource ESS_REQUEST_HISTORY (155.44 KB)
Data Security Policy (73.47 KB)
Data Security Policy Details (52.15 KB)
Data Security Policy Details Saved (84 04 KB)

Data Security Policy Details Saved (84.04 KB)
ESS Request History DB Resource (78.21 KB)
Republish Button Missing (38.28 KB)
▼ Related
Products
Oracle Fusion Applications > Customer Relationship Management > Common > Oracle Fusion Applications Common Components > Technology Management - System
Administration > Batch Processing
Oracle Cloud > Oracle Software Cloud > Oracle Fusion Common Cloud > Oracle Fusion Application Toolkit Cloud Service > Technology Management - System Administration
> Batch Processing
Oracle Cloud > Oracle Software Cloud > Oracle Human Capital Management Cloud > Oracle Fusion Goal Management Cloud Service > Technology Management - System
Oracle Cloud > Oracle Software Cloud > Oracle Enterprise Resource Planning Cloud > Oracle Fusion Financials Common Module Cloud Service > Technology Management -
System Administration > Batch Processing
Oracle Cloud > Oracle Software Cloud > Oracle Enterprise Resource Planning Cloud > Oracle Fusion General Ledger Cloud Service > Technology Management - System
Oracle Cloud > Oracle Software Cloud > Oracle Human Capital Management Cloud > Oracle Fusion Global Payroll Cloud Service > Technology Management - System
Oracle Cloud > Oracle Software Cloud > Oracle Human Capital Management Cloud > Oracle Fusion Global Human Resources Cloud Service > Technology Management -
System Administration > Batch Processing
Keywords
FUSION APPLICATIONS; JOB METADATA; JOB ROLE; LDAP; MONITOR; OIM; PARAMETER; ACCESS PRIVILEGES; APM; BI PUBLISHER; CUSTOM; ESS; POLICY;
PROCESS ID; ROLE; SCHEDULER; SECURITY; SUBMIT; USER PRIVILEGES; VIEW
Back to Top
About Contact Legal Terms of Use Privacy About Support

Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved.

Assign Security in Fusion ERP

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Assign Security in Fusion ERP

Uploaded by

Copyright:

Available Formats

07/11/2019 Knowledge

Switch to My Oracle Support NAMASUPPORT@GFI.IN (0) Contact Us Help

Cloud Support Dashboard Service Requests Knowledge Community Platinum SR Dashboard

Modified: 28-Aug-2019 Type: HOWTO

BI privileges needed for BI reports

Prior to Release 11.12.1 using APM

Search in APM for database resource ESS_REQUEST_HISTORY

Navigate to Conditions tab

Create a new condition for job SyncRolesJob: 'Condition for SyncRolesJob'

Create a policy with the following actions

In the similar way can be given different privileges like:

Add custom role XX_VIEW_OUTPUT_SyncRolesJob

Choose the created condition: 'Condition for SyncRolesJob'

Submit the changes

BI privileges needed for BI reports

Starting with Release 11.12.1 using Security Console

1. Login using user who has IT SECURITY MANAGER role assigned.

4. Create a job role

5a. Create a data security policy

a. policy name = ess_request_history

Press on Create Data Security Policy button

Give a name to Policy Name and choose Start Date

Choose for Data Set: All Values

You may also need to select ESS_REQUEST_READ and read actions.

In the similar way can be given different privileges like:

In the Users tab assign the role to the required users

BI privileges needed for BI reports

Add Role DB Resource Policy (114.34 KB)

Choose Action DB Resource Policy (211.01 KB)

Choose Rule DB Resource Policy (190.74 KB)

Create Custom Role (76.85 KB)

Create DB Resource Condition (128.14 KB)

Create DB Resource Policy (152.75 KB)

Create Data Security Policy (84.62 KB)

DB Resource ESS_REQUEST_HISTORY (155.44 KB)

Data Security Policy (73.47 KB)

Data Security Policy Details (52.15 KB)

Data Security Policy Details Saved (84 04 KB)

ESS Request History DB Resource (78.21 KB)

Republish Button Missing (38.28 KB)

About Contact Legal Terms of Use Privacy About Support

You might also like