Underlying Tables for Field Service
Hi Gurus, I am new to field service. Could you please let me know the underlying table that I should look into when I create the service request in the field service module? Basically I want to know which table stores the service request id , task number associated to that service request id. Also, it would be really helpful if you could let me know about the important tables in the Field service module. Thanks, N
24x7 CyberSecurity mit SOC und Incident Response
This topic has been locked by an administrator and is no longer open for commenting.
To continue this discussion, please ask a new question .
Read these next...
Google thinks our IP address is in another country
Yesterday when staff returned to the office we noticed that all of our Google search results were coming back in German.We checked and Google thinks our IP address is based in DusseldorfA number of our staff were using a VPN client while in Germany over t...
Spark! Pro series 30th August 2023
Today in History: 1979 1st recorded occurrence of a comet hitting the sunIn February 1979, the US Air Force launched the P78-1 satellite, aboard which was an NRL white-light coronagraph known as SOLWIND. This wasn’t the first coronagraph in space, but was...
Print Nightmare STILL shows up on Nessus Scan
Hi all,I have a desktop that had been coming up with print nightmare.It is (and has been for every scan) fully up to date (was this not supposed to have been addressed by an update last year?)When I attempt to change the registry keys SOFTWARE\Policies\M...
People retiring soon, would you choose another career if you could do it over?
I talk to a lot of people from all over the age spectrum and I've noticed lately there's been a trend of folks who did NOT work in tech saying if they could go back and do it over again, they'd pick a job in tech. Conversely, I've noticed people in tech s...
Snap! -- Edge for Business, Self-Destructobot, Meeting AI, Snake Brain Parasite
Your daily dose of tech news, in brief. Welcome to the Snap! Flashback: August 29, 1831: Michael Faraday discovers electromagnetic induction (Read more HERE.) Bonus Flashback: August 29, 1965: Gemini V returns to Earth (Read more HERE.) ...
Customizing Tasks Security
This chapter covers the following topics:
Task Security Overview
How does the aol security model work, security model for tasks in forms and oracle applications framework for resource assignments, business process change to support vpd security model, customizing tasks data security, setting the security profile option, customizing the list of values security access, customizing the list of values security for html tasks, defining object instance sets, disabling existing grants, adding new grants, customizing the resource list of values security for tasks in oracle applications framework and forms, granting manager-directs security access, customizing manager-directs security access, defining resource group hierarchy, granting security access to relevant resources.
To continuously support the existing Application Object Library (AOL) task security rules used in HTML Task Manager, and to extend the task data security offerings specifically for task related resource assignments to the Forms-based Tasks and to the Oracle Application Self-Service Framework based Tasks, Task Manager leverages the AOL data security based on Virtual Private Database (VPD) policy. This VPD policy is a feature implemented in database to allow security dynamically created at runtime to all queries issued against a database table or view. This security model with VPD feature provides more flexibility in task security for resource assignments by allowing any applications to set product specific security rules around the existing task security.
For example, only the resources that have privileges to access certain types of service request can be assigned to these types of service related tasks as assignees. Therefore, Oracle Service Online can pass its own security functions to Tasks in Forms or in Oracle Applications Framework to allow qualified resources to be retrieved from the resource list of values when assigning them to a service request of certain types.
Be aware that this security model with VPD feature only applies to task security for resource assignments in the Forms-based and Oracle Applications Framework based Task Manager. It is not implemented in task security rules currently used in HTML Tasks, such as customizing contextual task rules using a profile option, building security around the resource list of values, and allowing group managers to access their direct's tasks.
To better understand the Task security rules used in all formats of Task Manager including AOL security model in HTML Tasks, and new security model with VPD feature for Tasks in Forms and Oracle Applications Framework specifically for resource assignments, the following topics are introduced in this section:
Understanding AOL data security in HTML Tasks
New Security Model with VPD for Tasks in Forms and Oracle Applications Framework
Understanding AOL Data Security in HTML Tasks
Before implementing AOL data security model, Task Manager can implicitly grant users with the following task security access:
For the standalone tasks:
The owner or assignee of a task has full access to the task.
If a group or team is the owner or the assignee of the task, then all the group or team members have full access to that task.
Two security access privileges are used in Tasks:
Read Only Access: Resources can only view tasks.
Full Access: Resources can view, update, and delete tasks.
In addition, a resource can explicitly grant another resource full access or read only access to his or her tasks except the private tasks. This can be done through the calendar grant functionality.
For the context sensitive tasks, Task Manager allows any users who can access the business object to have full access to all contextual tasks related to the object.
By leveraging AOL data security model, HTML Task Manager not only can continue supporting the task security rules granted implicitly or explicitly, but also can provide a flexible mechanism for task security access. This security model provides the ability to restrict data access to appropriate users through a specific authorization process.
For example, if a company only wants certain tasks to be viewed or updated by a particular user or user groups, then, with the AOL security model, this can be achieved by granting a security access privilege (full access or read only) to the particular user or user groups to access specific tasks.
In other words, the task security authorization process can be considered as an analysis around
"Who (users or user groups) has what permission (full or read only access) to access which tasks (specific tasks)"
The following figure illustrates the high level picture of the task security rule analysis.
Task Security Rule Analysis
For example, appropriate users who can be either sales representatives, sales managers, or support managers are granted with full access or read only access permission to access certain tasks, such as from Task1 to Task5.
HTML Tasks Data Security Allows Further Customization
In order to authorize specific tasks access for particular users or user groups, the task security model in HTML Tasks leveraging the concept of AOL data security can further allow users to customize task data for security authorizations. This includes customizing contextual task rules by using a profile option, building security around the resource list of values, and allowing group managers to access their direct's tasks for HTML Tasks.
The Data Security is used to model and enforce security authorizations for access and modification of specific data records. In other words, data security is the finest security level that allows users to customize records in the data level.
To be able to customize task security in the data level, AOL data security model uses the concepts of object, object instance, and object instance sets to represent task features and possible modification, the concepts of privileges and roles to translate data access permissions, and the concepts of grants or global grants to represent the authorization process.
Take one of the existing task rules, for example, to further explain the AOL data concepts used for task rule customization:
In the AOL data security framework, the owner or assignee can be translated as a user or user group. Full access is an access privilege that a user can act upon or perform on a task. As to "the task", Task Manager uses the concepts of objects, object instances, and object instance sets to explain the features of a task. For example, a task is considered as an object, task with number 1234 can be considered as an object instance. A grouping of multiple object instances is an object instance set. Therefore, tasks with number starting at 1000 to 1999 can be an object instance set.
With this security model, the HTML Tasks module enable users to define and further customize the security rules for various business needs.
For detailed information on AOL data security framework, refer to the Oracle Application Object Library Security chapter in the Oracle E-Business Suite System Administrator's Guide - Security .
HTML Task Manager uses the following concepts, based on AOL data security model, to provide the flexibility to cover a wide range of data security scenarios:
Users (User Groups)
For example, a task is considered as an object.
If Tasks is considered as an object, then Task with number 1234 is an object instance.
Object Instance Sets
An object instance set can be expressed in the following predicate for all tasks with a number smaller than 5. To avoid processing issues, all the columns used in the predicate should be prefixed with &TABLE_ALIAS in the object instance set definition. Then, this predicate can be added to the where clause.
Note: Referencing PARAMETERx values from the grants can also parameterize the predicate.
There are two seeded security privileges currently used in the Task Manager:
JTF_TASK_READ_ONLY (view only)
JTF_TASK_FULL_ACCESS (update and delete)
Since these privileges are registered in the FND_FORM_FUNCTIONS and FND_FORM_FUNCTIONS_TL tables and they are referenced in the actual code so that they cannot be changed or extended.
In addition, privileges (functions) can be grouped into roles (menus) to reduce the granting overhead.
Currently, there are two roles registered in the FND_MENUS and FND_MENUS_TL tables specifically for task security:
JTF_TASK_READ_ONLY: This role contains one privilege, JTF_TASK_READ_ONLY.
JTF_TASK_FULL_ACCESS: This role contains two privileges, JTF_TASK_READ_ONLY and JTF_TASK_FULL_ACCESS.
The role privileges can be registered in the FND_MENU_ENTRIES and FND_MENU_ENTRIES_TL tables.
Note: Roles are user definable, the seeded roles only exist to ensure backward compatibility.
A grant consists of the following three components:
Object: Any object instance or object instance set, for instance, all non-private tasks (object: JTF_TASKS and object instance set: JTF_TASK_RESOURCE_TASKS)
Grantee: Any user or user group, for instance, "JDOE" for John Doe
Role (Menu): Any role, for instance, "JTF_TASK_FULL_ACCESS"
This grants the user, John Doe, the privilege to have full access to all non-private tasks.
In addition, all grants should be registered in table FND_GRANTS.
Task Manager still supports the calendar grant functionality, which means that when a user gives calendar access to another user, the access for tasks is also given. Since Task Manager uptakes AOL data security model, task security can be further customized. Granting calendar access to another user will still result in granting task access to the user. However, the access to the tasks can be restricted by additional data security implemented for tasks.
To reduce the administration of grants, authorizations can be granted globally to the following:
The "Global" user or user group
The "Global" object instance
For example, any user will have full access to tasks where she or he is the owner or assignee. The seeded global grant uses the following values and customer cannot revoke this grant:
Another global grant example can be that any user can see any resource team:
With the leverage of AOL data security model, Task Manager adds the following two security functions to the security model:
Predicate : Adding a security predicate, the "where" clause, to an application query limits the task instance access for users. The predicate can be considered as the add-on new security rule to Tasks. To avoid processing issues, all the columns used in the predicate should be prefixed with &TABLE_ALIAS in the object instance set definition. As a result, a user will be only able to see certain task instances (such as all tasks with task id less than 5) that she or he has any kind of privileges.
For example, add a predicate (where clause) to an existing query:
Note: In the new security model, a user can have access to an object instance in many ways, such as access to an instance may be granted to the user, to the user's group(s) or to all users. Consequently the predicate might return duplicate instances
Check Function : This allows the system to check whether or not a particular user has an appropriate access privileges (full or read only access) on a specific task instance.
With the two new functions added to Tasks, appropriate task instances are presented in the following logic:
For example, for the standalone task screens:
Add predicate to the main query.
Check full access privilege for retrieved task instances.
Display task instance(s) as updatable or read-only.
Check corresponding privilege before accessing the detail page.
To support existing task AOL data security around the assignment of resources for Tasks in Forms and Oracle Applications Framework, Task Manager enhances the existing AOL security model by implementing Virtual Private Database (VPD) policy which allows various applications to set product specific security rules on top of the task rules for the resource list of values security access to meet their business needs.
See the Oracle Database Security Guide for information about Virtual Private Database.
Note: The resource list of values security access discussed here is restricted to the assignee list of values with resource types of employee, group, and team only.
For example, a service agent in Oracle Service Online needs to assign a service related task with request type of network service only to the service representatives who can handle the network issues. These limited resources can only access certain types of request based on security access privileges. With this enhanced security model, Service Online can pass its own security functions to Tasks in Forms or in Oracle Applications Framework to allow qualified resources to be retrieved from the resource (assignee) list of values when assigning them to a service related task of certain types.
Based on the concept of VPD policy, Task Manager develops a java interface for Tasks in Oracle Applications Framework and parameters for Tasks in Forms to allow integrated applications to pass their product specific security context such as security related attribute sets or value pairs, privilege (view or synonym) names, or implementation classes to the existing Tasks rules based on AOL security model.
To react to the parameters passed by product specific security context, Task Manager needs to perform the following tasks to support the product specific resource list of values security:
For Tasks in Oracle Applications Framework
First translate the class name into a class object, then instantiate the class using TaskAssigneeSecurity interface, and then use the object methods to set the context and get function name to build an LOV query before executing the query.
For Tasks in Forms
Translate the privilege name (view or synonym) if it is not null to the LOV query. Otherwise, the JTF Objects metadata will be used.
As a result, Task Manager changes the process flow of accessing resources of different categories through the LOV queries as follows:
Process Change From the Process used in HTML Tasks
Select the object type, such as Employee (RS_EMPLOYEE) for assignee or owner type
Find related JTF Object
Create query from metadata
Find related FND Object if any
Generate a predicate for the FND Object and Task's standard privilege (data security function)
Add predicate to the query
Execute the query
Process Change To the New Model with VPD Policy for the Oracle Applications Framework and the Forms based Tasks
There are two ways to retrieve resources from the list of values:
Standard Resource Security in HTML Tasks, Forms, and Oracle Applications Framework based Tasks
This is the usual business flow of selecting a resource.
Select a resource object type or category, such as RS_EMPLOYEE
Create a query by using the appropriate security view
Execute the query (database kernel runs policy function) for Tasks in Forms and in Oracle Applications Framework
For HTML Tasks, first get the predicate, add the predicate to a query, and then execute the query.
Non-Standard (Product Specific) Resource Security in Task Forms and the Oracle Applications Framework based Tasks
Compared to the standard resource security, this method requires one additional step to support product specific resource security by using parameters to carry the privilege name for Tasks in Forms or class name for Tasks in Oracle Applications Framework. If the name is passed, Tasks will use it instead of default resource privilege(s). The process of selecting a task resource is as follows:
If a privilege (view/synonym) or class name has been passed:
Set provided view/synonym to the query for Tasks in Forms
Instantiate the class and use the object methods to set the context and get function name for Tasks in Oracle Applications Framework
Execute the query (database kernel runs policy function)
Note: The VPD security model currently is only implemented in the resource list of values security access for Tasks in Forms and Oracle Applications Framework, and it is not available in HTML Tasks. See Customizing the Resource List of Values Security for Tasks in Oracle Applications Framework and Forms for more details.
Based on the task security model, Task Manager allows task security rules to be further customized in the following ways:
Set the security profile option for the context sensitive tasks
Customize list of values (LOV) security
Grant manager-directs security access
Note: Be aware that the only security rule currently used in the Forms-based Tasks is the resource list of values security. Security rules for contextual tasks and manager-directs security are applied to both HTML Tasks and the Oracle Applications Framework based Tasks.
HTML Tasks and Tasks in Oracle Applications Framework use the Task Manager: Set Context Data Security profile option to control task data security for the context sensitive task instances, such as tasks attached to an opportunity or a lead. By using the profile option, you can choose to turn the task security function on or off based on the following profile values:
If Full Access is selected (default value), then all the tasks related to the context can be viewed, updated, and deleted.
This value turns the security OFF so as to support existing task security, which allows any users with access to related object instance to update (full access) any task instance for that object.
If Security Access is selected, then whether the task for that context can be updated is based on the privileges granted to the user.
This value turns the security ON for all task instances within context and only allows tasks to be accessible to the user with appropriate privileges.
Task Security Access Example
Three tasks (T1, T2, and T3) are created for an opportunity. User 1 is the owner of the task T1 and T2. Task T2 is also assigned to User 2. User 2 owns the Task T3.
Task Data Security Condition:
Grant read only access on task T3 (task id = 120087) to User 1.
If Security Access is selected which turns the security function on, then the access privileges are changed to:
User 1 can have full access to task T1 and T2, but has read only access to T3.
User 2 can have full access to task T2 and T3.
In the past, all users who have access to a business object can have full access to all contextual tasks attached to that object. Therefore, both User 1 and User 2 can have full access to all three tasks attached to that opportunity.
If Full Access is selected which turns the security function off, then the task access privileges for User 1 and User 2 are changed to:
Both User 1 and User 2 can have full access to Task T1, T2, and T3.
This is because if both users can access the opportunity business object, then they should all be able to access all contextual tasks for that object.
Since the profile option controls the security access for contextual tasks, before displaying the task detail page, Task Manager will:
Check the profile value first to determine whether to display task instance(s) as updatable or read-only; then
Check corresponding privilege to determine whether the logged-in user has any particular privilege on the particular task instance before the user can access any task detail page.
In addition to restricting task data access using the profile option for HTML Tasks and Oracle Applications Framework based Tasks, Task Manager also allows you to build security around the resource list of values (LOV) by using the concepts of the AOL data security for HTML Tasks, and using the VPD security model for Tasks in Forms and Oracle Applications Framework.
To further describe the resource LOV security rule for Tasks in different formats, see the following topics:
Customizing the List of Values Security for Tasks in Oracle Applications Framework and Forms
Based on the existing AOL data security model, HTML Task Manager allows you to customize security for the resource list of values by using the concepts of object instances or object instance sets.
Note: The resource list of values can be resources of any category (employee, party, partner, supplier contact, group, team, other, and to be hired).
Note: In addition, resource LOV security functionality is based on resources. Therefore, it applies to owner, assignee, and reference (relate to) if it is defined based on resources. It does not apply to any customer/contact LOV (such as organization, person, or relationships) and reference other than resources (such as customer/contact and lead.)
For example, a sales manager is responsible for a special deal that only involves limited resources. To make sure that relevant tasks created for that deal are only restricted to certain people, the system administrator can create a specific set of resources and then grant them to the sales manager. Thus, the manager will only see those resources shown in the resource (owner or assignee) list of values when creating a task.
For the similar reason, another set of resources can be granted to sales representatives. As a result, the sales representatives will not be able to see the resources granted to the sales manager, and the manager will not see the resources granted to the representatives.
Before introducing necessary steps to customize resource LOV, it is important to understand JTF object changes and other seeding strategy made in Task Manager to support the LOV security.
In order to support the LOV data security, Task Manager modifies the JTF object metadata form by adding two extra columns grouped in the Data Security Setup region of the LOV and Data Security tab. This establishes the link between JTF_OBJECTS for existing LOV and FND_OBJECTS for all task data security objects.
Because in Tasks, on one hand, all LOVs are rendered using the common LOV Renderer. The LOV Renderer uses JTF_OBJECTS as metadata repository providing input to all needed data when generating the LOV in a query. This query may be defined at design time or generated dynamically from JTF_OBJECTS. The LOVs addressed here are all generated dynamically.
On the other hand, all data security objects are newly defined in the FND_OBJECTS.
In order to build connection between these two so that the existing LOV could have an extra security build on top of it, Task Manager uses the Data Security Setup region in the JTF object metadata form to establish the link.
To access the security set up region, log on with the CRM Administrator responsibility, select the Task and Escalation Manager > Setup > Objects Meta-data.
There are two new fields in the LOV and Data Security tab:
Object Name : It is the object name for a corresponding JTF_OBJECTS code and serves as the foreign key to FND_OBJECTS. This field is not required and can be empty (null).
Predicate Alias : It adds security information to application query. It should only be used to avoid ambiguity when LOV query contains more than one table joined by data object primary key(s) values. For example, if two tables ("jtf_tasks_b" and "jtf_tasks_tl") are used, then it must be entered with either "jtf_tasks_b" or "jtf_tasks_tl". Otherwise Oracle DBMS will report ambiguous task_id reference at the run time.
If this field is entered and the object name is not null, the value will be passed to an internal API to add security to a generated query for the LOV. However, if the object name is empty, then security predicate will not be added to the generated query.
Other Seeding Strategy
In addition to the JTF object change, HTML Task Manager also makes the following changes in order to support the LOV security:
Creating Privilege (Function) and Role (Menu)
JTF_TASK_RESOURCE_ACCESS privilege (registered in the FND_FORM_FUNCTIONS table)
JTF_TASK_RESOURCE_ACCESS role (registered in the FND_MENUS table) or JTF_TASK_RESOURCE_ACCESS role (registered in the FND_MENU_ENTRIES table)
Note: This security role (menu) JTF_TASK_RESOURCE_ACCESS is replaced by CAC_TASK_RESOURCE_ACCESS for the resource list of values security access used for Tasks in Forms and Oracle Applications Framework.
Registering LOV Object Data
Task resource LOV security references the following business objects seeded into JTF Objects:
Creating Global Grants
In order to provide backward compatibility, the following global grants are shipped:
Any user can see any resource:
Any user can see any resource group:
Any user can see any resource team:
If a system administrator decides to set the LOV security, then she or he should first disable corresponding global grant for the LOV data object by setting an end date to the specific global grant.
Customizing Resource LOV
The resource LOV can be further customized if necessary before it is granted to resources or resource groups.
The system administrator can grant an individual resource, all resources, or a specific set of resources to another resource, group of resources, or all resources.
Grant An Individual Resource
For example, in the lowest security level and the most gradual one, a system administrator can grant a single employee resource (resource number 1234) access to the following grantee(s):
A user "John Doe"
All members of a resource group (group number 9876)
Grant All Resources
As opposite to the previous one, in the most global security level, the administrator may grant all resources (global access) to another resource, all members of a resource group, or all users.
Grant A Specific Set of Resources
When there is a need to grant a specific set of resources to a user, all members of a resource group, or all users, the administrator can customize the resource LOV by using object instance sets.
Perform the following procedures:
For example, a company wants to grant access of a specific set of resource to a user, all members of a resource group, or all users.
This specific set of resources can be created by first registering a new parameterized object instance set using the following data:
Please note that &TABLE_ALIAS is added as column alias in order to avoid problems with conflicting column names during runtime execution.
Note: Any new instance set must be designed very carefully. It must be error free and should perform well. Because any error introduced by the new set(s) can cause data corruption or erroneous behavior in Task Manager.
Use the following steps to define object instance sets.
Responsibility: FND Security Administration (Self Service Application)
Tips : First locate the object that you want a new instance set created for, then enter necessary information for the set.
- An object must be in place.
Navigate to Objects.
Enter necessary search information in the Find Objects window to locate the JTF_TASKS object. Search results should be listed after executing the search.
Click the object name hyperlink for which you want the new instance set to be created from the search result to open the Find Object Instance Set window.
Existing instance sets for the selected object are also listed here. Click Create New Instance .
Enter instance set detail information including instance set name, display name, description and predicate.
Save your work.
Once the instance set is registered, it can be granted to another resource, group of resources, or all resources. The system administrator needs to set resource group_id in the grant PARAMETER1.
Detailed information on how to define object instance sets, see Oracle E-Business Suite System Administrator's Guide .
Before adding new grants, it is necessary to first disable the existing grants or necessary seeded global grants so that they will not interfere with the new grants.
To temporarily disable the existing grants, the system administrator can set the end date for the existing grants, instead of deleting them completely.
Navigate to Grants.
Search the existing grants that you want to disable by entering search criteria in the Search Grants window.
Click Go to retrieve the grants that match your search criteria.
Select the grant that you want to disable from the search result.
Set an end date in the Context window and click Finish to disable the grant.
For more information on how to disable existing grants, see Oracle E-Business Suite System Administrator's Guide.
Once the customized resource LOV (object instance set) is created and registered, it can be granted to another resource, group of resources, or all resources.
Please note that the administrator can grant users or user groups (grantee) with different levels of data access privileges. The access can be granted to function (menu) level (such as "Administrator" role) or further down to the data level (such as the LOV data level) depends on users or business needs.
Since the LOV access privilege controls the row level of data access, whenever there is a need to create a new grant for LOV security access, use the data grant functionality to add this grant.
For example, if group number 10000123 contains all resources defined for the LOV in the object instance set, then the administrator can use data grant functionality to grant the LOV access to user21. As a result, the user can see all members of resource group 10000123 while creating a task. The data grant information should be like:
Use the following steps to add a new grant:
Responsibility: Functional Administrator (Self Service Application)
Select Create Data Grant to add new grants to sales managers or sales representatives.
In the Object window, select JTF_TASKS as the object name.
In the Grantee window, select an appropriate radio button.
In the Function Set window, specify a menu name, such as JTF_TASK_RESOURCE_ACCESS.
In the Data Set window, select the A parameterized set of rows (Data Set) radio button. Furthermore, specify the appropriate object instance set that you want to grant to the grantee.
In the Data Set Details window, enter appropriate primary key values.
In the Context window, enter appropriate organization, responsibility and start date information. Leave the End Data field blank.
Enter JTF_TASKS in the Program Name field.
Enter appropriate information in the Program Tag field.
Click Finish . Once it is done successfully, the confirmation page opens with the message saying that the grant has been created.
More information on how to create data grants, see Oracle E-Business Suite System Administrator's Guide.
The Task resource list of values (LOV) security based on VPD policy allows managing a row level security for a database object which makes it possible for Tasks to further support product specific security rules. This VPD security model for the resource LOV security access in Tasks Forms and the Oracle Applications Framework based Tasks continues to:
Use AOL Data Security model as the repository for data security definition and the main tool for customization.
Use existing JTF Objects for different applications to integrate with various common application components. There are no changes to JTF Objects for VPD model.
Note: The resource list of value security access discussed here is restricted to the assignee list of values with resource types of employee, group, and team only.
Task Resource LOV Security Seeding Strategy
Instead of having multiple views per an object, Task Manager registers necessary data into JTF Objects along with other seeded components.
Other seeding data.
Task Manager resource LOV security uses the following seeded data to allow one function or view per an object:
Security Privileges (Functions) . These form functions are defined on existing resource objects.
CAC_TASK_RS_EXTNS_SEC for the object JTF_RS_RESOURCE_EXTNS
CAC_TASK_RS_GROUPS_SEC for the object JTF_RS_GROUPS
CAC_TASK_RS_TEAMS_SEC for the object JTF_RS_TEAMS
These new privileges are seeded in the FND_FORM_FUNCTIONS table.
Security Role (Menu) . These three new functions are added as menu entries to the followings:
Existing menu, JTF_TASK_RESOURCE_ACCESS, for backward compatibility. This menu is deprecated for Tasks in Oracle Applications Framework and Forms and is replaced by the new menu.
The existing privilege JTF_TASK_RESOURCE_ACCESS is used only in HTML Tasks to support backward compatibility.
New menu, CAC_TASK_RESORCE_ACCESS
This new menu is seeded in the FND_MENUS table or FND_MENU_ENTRIES table.
Security Views . Database views defined on top of existing resource tables:
CAC_TASK_RS_EXTNS_SEC on top of table JTF_RS_RESOURCE_EXTNS
CAC_TASK_RS_GROUPS_SEC on top of table JTF_RS_GROUPS
CAC_TASK_RS_TEAMS_SEC on top of table JTF_RS_TEAMS
VPD Policies . Common policy is attached to all secured views:
CAC_TASK_RS_EXTNS_POL attached to the CAC_TASK_RS_EXTNS_SEC view
CAC_TASK_RS_GROUPS_POL attached to the CAC_TASK_RS_GROUPS_SEC view
CAC_TASK_RS_TEAMS_POL attached to the CAC_TASK_RS_TEAMS_SEC view
Impact on Existing HTML Tasks
Since Task Manager creates three new privileges (functions) and one new role (menu), CAC_TASK_RESORCE_ACCESS, to replace existing role, JTF_TASK_RESOURCE_ACCESS, for backward compatibility, future customization in HTML Task security specifically for the resource list of values security, implementors or system administrators need to use the following new resource privileges. The existing task privilege JTF_TASK_RESOURCE_ACCESS will be depreciated.
CAC_TASK_RS_EXTNS_SEC (for all individual resources)
CAC_TASK_RS_GROUPS_SEC (for resource groups)
CAC_TASK_RS_TEAMS_SEC (for resource teams)
All these new privileges are also added to the existing JTF_TASK_RESOURCE_ACCESS role (menu), so that all existing grants will be automatically uptaken.
For integrated applications that have added task privileges to customized roles, the administrator only need to add new privileges to these roles so that the security rules can be automatically applied.
Applications that want to uptake this resource LOV security should use the following instructions based on the uptake methods:
Uptake with Standard Task Resource Security
The standard resource LOV security is applied automatically in Task Manager, so that there is no any specific instruction for applications that will uptake tasks along with the standard resource security.
Example of Building a Secured Resource Query
The task applications code will simply query data by using the secured view instead of the base table. Predicate will be applied automatically by VPD policy.
Uptake with Product Specific (Non-Standard) Resource Security
To incorporate enhanced the resource LOV security into your product, follow these instructions:
Define a privilege, AOL Data Security function, name on each resource object you want to secure for your product.
Define a view or synonym with the exactly same name, just a plain definition: “SELECT * FROM <resource fnd object>”. This is done through XML Definition File (XDF) technology.
Note: The XML Definition File (XDF), the next generation version of the current Object Definition File (ODF) utility, is used to provide support for capturing and altering the definitions for all schema Object types used by Oracle Applications and to eventually replace the ODF Utility.
Attach common AOL policy to the view. This is done through XDF technology.
Seed initial grants if any, such as global grants to support backward compatibility.
Pass product specific parameters to Task Manager for each privilege you want to replace in Forms or pass a class implementation in Oracle Applications Framework.
For Product Specific Resource LOV Security in the Oracle Applications Framework based Tasks
To support dynamic predicate binding into data security objects if passed by product specific security context, Task Manager adds one additional parameter to the TaskAssigneeSecurity interface to allow dynamic bindings of system context before the secured object is queried:
However, if provided class does not exist or cannot be instantiated or executed by the Tasks module, then a run-time exception will be generated.
Example of Query Secured Resources for Tasks in Oracle Applications Framework
Translate the class name into a class object
Reflective instantiation with interface access
Set context if it is not null
Build an LOV query before executing it
For Resource LOV Security Access in Forms-Based Tasks
Applications that want to uptake this security should set the necessary context in the parent form, such as Service Request Form, to implement the resource LOV security. If the context is set, then the parent form will pass parameters (function names) to the Task Manager form.
If a parameter value is not null, then the secured views are used to query resources. Otherwise, the JTF Objects metadata will be used.
Note: When defining JTF Objects metadata in the metadata setup window, implementors can select the "From Task" check box for a specific source if tasks can be created, updated, and deleted using the standalone Task Manager. If it is unchecked, then tasks can be queried in read-only format from the Task Manager Forms. Any updates to the tasks should be made from the parent applications.
Additionally, the following three parameters should be passed to Task Manager form:
Employee Resource: TASK_ASG_LOV_EMP_SEC
Group Resource: TASK_ASG_LOV_GROUP_SEC
Team Resource: TASK_ASG_LOV_TEAM_SEC
Example of Query Resources Using Metadata in Forms
Task Manager recommends using of the standard resource privileges, not product specific privileges, if you can when uptaking this security feature. Because standard resource privileges, providing standard "one-place” data security setting in your applications to secure tasks access, are seeded with Task Manager which requires no further implementation step.
Applications can use product specific privileges to uptake this resource LOV security only if there are product specific security requirements in place.
Note: Be aware that the product specific privileges belong to the product owner and should be developed, and maintained by the product team, not by Task Manager.
In order to support reporting hierarchy used in Sales or Support organizations, HTML Tasks and Tasks in Oracle Applications Framework allow group managers who have effective manager's role to have appropriate privileges to access their direct's tasks if necessary permissions are granted to them. Sales managers, for example, can view their direct's tasks and be able to track possible sales related activities performed for a particular week.
The Functionality of Manager-Directs Security Access
Task Manager uses the manager-direct security access functionality to grant group managers an appropriate access privilege (read only or full access) to view or update their resource group member's non-private tasks.
Use the following example to understand how this functionality works in a resource group hierarchy.
For example, a resource group is lead by Helen Freeman who has three directs reporting to her. These three directs are Jack William, Jeff Walsh, and Alex Brown who plays the administrator in Helen's group. Jeff Walsh who reports to Helen has three group members directly reporting to him. They are Pat Smith, Jim Breen, and Frank Nelson who plays the administrator role.
Helen Freeman's Group Hierarchy
After this resource group is organized, the hierarchical data will be denormalized and populated in the table JTF_RS_REP_MANAGERS as follows:
Note: In addition to the columns in the JTF_RS_REP_MANAGERS table, the following columns must be considered:
After understanding the functionality of the manager-directs access and how it works, the definition of a reporting hierarchy should be further identified.
Definition of Reporting Hierarchy
The definition of manager-subordinate hierarchy used for granting security access is based on the resource Group Hierarchy defined in Resource Manager. It is not based on the Human Resource (HR) reporting structure defined in the HR system.
Group Hierarchy in Resource Manager
While defining resource group hierarchy in Resource Manager, each resource will perform certain roles in a resource group. For example, a sales group can be organized by a few sales representatives and a sales manager. The sales representative and sales manager are the roles that are associated with each resource in that group.
In order to determine the reporting hierarchy in a group, each role is also associated to a specific role attribute. When a role is assigned to a resource, a role attribute is also given to that resource simultaneously. A sales representative role is associated with a member role attribute, and a sales manager role is linked to a manager role attribute. Therefore, group members with sales representative roles could report to the group member with sales manager role in the sales resource group mentioned earlier.
Each resource group can be formed for a specific period of time, so as to the group member's roles. Therefore, when an end date (END_DATE_ACTIVE) is specified for a resource group or for any resource role of the group members, that group or a specific role can be terminated.
For more information, see Resource Manager chapter in the Oracle Trading Community Architecture Technical Implementation Guide .
Highlights of Group Hierarchy For the Manager-Directs Security Access
Since the manager-directs security grant functionality is based on the group hierarchy defined in Resource Manager, not HR hierarchy, it is possible to have multiple managers in one resource group, and these managers will all be granted with security access to view or update their direct's tasks for HTML Tasks and the Oracle Applications Framework based Tasks.
In addition, as resource groups and roles can be terminated, only the managers who have effective manager's roles can be granted with security access to their direct subordinate's tasks. This grant only works if the managers belong to an effective resource group. If one of the manager's subordinates left the group, or the role has been terminated, then the manager will not be able to see the subordinate's tasks even if the manager has full access privilege.
Note: Although full access is granted to a group manager, that manager still cannot see his or her direct's private tasks.
A new object instance set JTF_TASK_MANAGER_SECURITY is seeded in Tasks to support the manager-directs security grant functionality.
Task Manager supports the manager-directs security grants, however, there are some restrictions for performance reasons and avoiding complexity.
Only Support "Manager" and "Member" Role Attributes
Resource Manager uses four role attributes (manager, admin, lead, and member) to associate a resource role while defining a resource role. However, this functionality only supports the Manager and Member role attributes.
Only Support One Level of Group Hierarchy
Resource Group Hierarchy
A group might have parent groups and child groups. However, Task Manager only supports one level of group hierarchy for the manager-directs security access. This means that a manager can only be granted with access of his subordinate's tasks of one level below him. It does not include any multiple levels beneath. In other words, this grant only limits to one group. It does not extend to its parent or child groups.
Only Implemented in HTML Tasks and Oracle Applications Framework based Tasks
This functionality only applies to HTML Tasks and the Oracle Applications Framework based Tasks. It is not implemented in the Forms-based Tasks.
Use the following steps to grant security access to group managers:
Use Oracle Resource Manager to define resource group hierarchy.
Note: After defining appropriate groups, the group hierarchical data is denormalized and populated in the table JTF_RS_REP_MANAGERS.
Detailed information on how to define employee resources, group resources, and assigning appropriate group member roles to each group member, see Resource Manager chapter, Oracle Trading Community Architecture Technical Implementation Guide .
Once the appropriate group hierarchy is identified, system administrator can grant the seeded object instance set JTF_TASK_MANAGER_SECURITY with read only or full access to appropriate group managers.
Use the following steps to add a new grant to resource group managers.
In the Function Set window, specify a menu name (JTF_TASK_READ_ONLY or JTF_TASK_FULL_ACCESS) for either read only or full access.
In the Data Set window, select the A parameterized set of rows (Data Set) radio button. Furthermore, specify the seeded object instance set JTF_TASK_MANAGER_SECURITY.
For more information on how to create data grants, see Oracle E-Business Suite System Administrator's Guide.
Scripting on this page enhances content navigation, but does not change the content in any way.
Teleservice - EBS (MOSC)
When updates are made to this table there is an column called LAST_UPDATE_DATE, which is course updated, how is this olumn updated? Is it through the PROMISE app? Also, what fields would trigger this column to update? Is it all of the columns in the table?
To view full details, sign in to My Oracle Support Community.
Don't have a My Oracle Support Community account? Click here to get started.
Instructions for posting
1. Select a discussion category from the picklist.
2. Enter a title that clearly identifies the subject of your question.
3. In the body, insert detailed information, including Oracle product and version.
Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).
New to My Oracle Support Community? Visit our Welcome Center
Satish Oracle Apps Techno Functional
Thursday, 3 august 2017, query to find sr's assigned to specific user in oracle apps r12, no comments:, post a comment, script to migrate oaf personalizations to other instances.
Download OAF form personalization java oracle.jrad.tools.xml.exporter.XMLExporter \/oracle/apps/ar/hz/components/account/site/webui/cust...
- AR Invoice and Tax Information Query Query: A select rct.trx_number "INVOICE NUMBER" , to_char(rct.TRX_DATE,'DD-MON-YYYY') "INVOICE DATE"...
- OAF Page Deployment into Oracle Apps R12 1. In JDeveloper compile the page. When page got compiled, it will create .class files for all our java files. java files and xml...
- Sample code to create AR Invoice using ar_invoice_api_pub.create_invoice set serveroutput on; / declare l_return_status varchar2(1); l_msg_count number; l_msg_data varchar2(...
US20060085465A1 - Method(s) for updating database object metadata - Google Patents
- USPTO PatentCenter
- USPTO Assignment
- Global Dossier
- 230000000875 corresponding Effects 0.000 claims abstract description 20
- 238000003860 storage Methods 0.000 claims description 34
- 239000000969 carrier Substances 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 2
- 238000005192 partition Methods 0.000 description 18
- 238000004891 communication Methods 0.000 description 15
- 238000000034 method Methods 0.000 description 13
- 108060005666 ODF2 Proteins 0.000 description 12
- 230000001419 dependent Effects 0.000 description 10
- 238000004458 analytical method Methods 0.000 description 8
- 230000001131 transforming Effects 0.000 description 8
- 230000004048 modification Effects 0.000 description 7
- 238000006011 modification reaction Methods 0.000 description 7
- 230000003287 optical Effects 0.000 description 6
- 206010009691 Clubbing Diseases 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000011068 load Methods 0.000 description 4
- 101700083439 COL1 Proteins 0.000 description 3
- 230000006399 behavior Effects 0.000 description 3
- 239000000203 mixture Substances 0.000 description 3
- 230000000644 propagated Effects 0.000 description 3
- 230000001902 propagating Effects 0.000 description 3
- 238000000638 solvent extraction Methods 0.000 description 3
- LUJVUUWNAPIQQI-QAGGRKNESA-N Boldione Chemical compound O=C1C=C[C@]2(C)[C@H]3CC[C@](C)(C(CC4)=O)[C@@H]4[C@@H]3CCC2=C1 LUJVUUWNAPIQQI-QAGGRKNESA-N 0.000 description 2
- 101700049353 COL2 Proteins 0.000 description 2
- 230000002411 adverse Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000004301 light adaptation Effects 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000003068 static Effects 0.000 description 2
- 230000002730 additional Effects 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 230000003466 anti-cipated Effects 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- RYGMFSIKBFXOCR-UHFFFAOYSA-N copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 230000001808 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002708 enhancing Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000003252 repetitive Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
- 230000001702 transmitter Effects 0.000 description 1
- G — PHYSICS
- G06 — COMPUTING; CALCULATING OR COUNTING
- G06F — ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00 — Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20 — Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21 — Design, administration or maintenance of databases
- G06F16/211 — Schema design and management
- G06F16/213 — Schema design and management with details for schema evolution support
- Global Temporary Tables.
- Queue Tables.
- Partitioned Tables.
- Index Organized Tables (IOTs).
- Record grants and constraints on the table
- Disable constraints
- Rename table
- Create table as partitioned
- Transfer data from non-partitioned table to partitioned table, either by Exchanging partitions or DML
- Enable constraints and recreate grants
- Partitioned Materialized Views
- Hierarchical Materialized Views (i.e. Materialized Views on Materialized Views)
- Other Materialized View features provided by the RDBMS.
- Creation of Refresh Groups
- Materialized views in a distributed environment (for eg. Over DB links)
- Subsequent alters to a Partitioned MV
- Pre-built Tables are not used in conjunction with Materialized Views and are not supported. It is stated—“Do not create MV with pre-built option. Pre-built does not impose the integrity check on the MV and it is up to the users to verify it, making it an unreliable option to use for DBI”—Enforced
- Materialized Views should be created in the APPS schema. A Materialized View can reference multiple tables belonging to multiple products and only the APPS schema is guaranteed to have required privileges, on these tables.
- Base schema tables, referenced in Fast-refresh MV query, must be qualified with schema name, as there are some issues with referencing the synonyms directly. This is required for fast refresh to work.—Enforced
- The Materialized View should be initially created with deferred Refresh.
- Refreshes are not handled by XDF other than the initial refresh during creation of the Materialized View.
- Comments on the Materialized View and all columns in the Materialized View are required for future eTRM purposes XDF alters the Materialized view in the following cases—
- Storage parameters change
- Refresh method, mode, or time change
- Enable or disable query rewrite.
- Query change Note: Dropping and recreating Materialized Views is an expensive operation, requiring the handling of secondary objects like (MV Logs, Indexes). It requires a complete refresh of the MV and other dependent MVs that reference it.
- A materialized view log is a schema object that records changes to a master table's data so that a materialized view defined on the master table can be refreshed incrementally.
- Each materialized view log is associated with a single master table or a materialized view. The materialized view log resides in the same database and schema as its master table or materialized view.
- Creation of Partitioned Materialized View Logs
- Materialized View Logs on Materialized Views (partitioned/non-partitioned) based.
- Filter Column changes
- Rowid to Primary Key & vice versa
- Filter Columns in Target DB, but not in XDF
- Object types
- Collection types
- Filter Column
- “COL2” DATE
Claims ( 21 )
Priority applications (2), applications claiming priority (1), related child applications (1), publications (2), id=36182059, family applications (2), family applications after (1), country status (1), cited by (231), families citing this family (34), citations (48), family cites families (22).
- 2004-10-15 US US10/966,250 patent/US7809763B2/en active Active
- 2010-08-31 US US12/873,312 patent/US20100332526A1/en not_active Abandoned
Patent Citations (58)
Cited by (372), also published as, similar documents, legal events.
Sreekanth Reddy Pothula's Oracle ERP Blog
Search this blog, descriptive flexfields (dff) in oracle apps, post a comment, popular posts from this blog, sql query to extract oracle purchase order information, query to find operating unit, business group and legal entity information, list of iexpenses tables.
- Personality Prime
Tuesday, February 4, 2014
Crm call register query logic, no comments:, post a comment.
Oracle Knowledge Center
Objective of this blog is to share my oracle knowledge with the people who are working in oracle.
Saturday, August 7, 2010
Service request code, no comments:, post a comment.