EBS中查看其他用户或所有用户的请求和输出文件

R12: How To Configure Access To Request Output Of The Same Responsibility (Doc ID 804296.1)

To Bottom

---

In this Document

Goal

Solution

---

APPLIES TO:

Oracle Concurrent Processing - Version 12.2.4 to 12.2.4 [Release 12.2]
Oracle User Management - Version 12.0.6 to 12.2.4 [Release 12 to 12.2]
Oracle Application Object Library - Version 12.0.6 to 12.2.4 [Release 12 to 12.2]
Information in this document applies to any platform.
Checked for relevance on 22-DEC-2013

GOAL

How To Configure Access To Request Output Of The Same Responsibility in R12?

SOLUTION

1. As SYSADMIN user with “Functional Developer” responsibility, update object "Concurrent Requests".

Search for object Concurrent Requests.
    Click on Concurrent Requests.
    Click on Object Instance Sets tab.
    Click on Create Instance Set button.
    Enter Name, Code and Description for new instance set.
  - Enter the following for predicate:

&TABLE_ALIAS.request_id in (select cr.request_id from fnd_concurrent_requests cr where
cr.responsibility_id = fnd_global.resp_id and cr.responsibility_application_id =
fnd_global.resp_appl_id)

2. As the SYSADMIN user with “User Management”, go to Roles and Role Inheritance tab.

Create a Role and then create a Grant for the Role. 
   Enter Name and Description for the new Grant.
   For the Data Security Object enter “Concurrent Requests”.
   Click Next and provide the Data Content Type of “Instance Set”.
   Click Next and for Instance Set choose instance set created in step #1.
   The permission Set is “Request Operations”.

(Note: There are no parameters for the grant).

3. Assign this role to users as needed. The users with this role will be able to see the log and
output files for the same as responsibility.

Query the User Name you want to add the new role to. 
    Click on the Update icon. 
    Click Assign Roles button and find the new role. 
    Save and Apply to activate the new role.

方法:

参照以下配置可以做到看到所有人的请求、输出、日志

（效果是在任何职责下，均可以查询任意用户的请求、输出、日志。均需要在sysadmin用户下操作，注意，不是system administrator职责）

配置逻辑是设置一个权限，然后分配给用户。

1. As the SYSADMIN user with “User Management”, go to Roles and Role Inheritance tab.

Create a Role and then create a Grant for the Role.

Enter Name and Description for the new Grant.  Application name "Application Object Library".

For the Data Security Object enter “Concurrent Requests”.

Click Next and provide the Data Content Type of “all rows”.

Click Next

The permission Set is “Request Operations”.

(Note: There are no parameters for the grant).

2. Assign this role to users as needed. The users with this role will be able to see the log and output files for the same as responsibility.

Query the User Name you want to add the new role to.

Click on the Update icon.

Click Assign Roles button and find the new role.

Save and Apply to activate the new role.

之后切换回自己的用户，就发现可以看到别人的请求和输出了。

Note: If you go through CONCURRENT -- REQUESTS the output button will still be disabled, this is an issue that is haven't been solved yet.

----

1. As the SYSAMIN user with “Functional Developer”, update object "Concurrent Requests".

Search for FND_CONCURRENT_REQUESTS.
     Click on "Concurrent Requests".
     Click on "Object Instance Sets" tab.
     Click on Create Instance Set button.
     Enter Name, Code and Description for new instance set.
  
  - Enter the following for predicate:

&TABLE_ALIAS.request_id in (select cr.request_id from fnd_concurrent_requests cr where
         cr.responsibility_id = fnd_global.resp_id and cr.responsibility_application_id =
         fnd_global.resp_appl_id)

2. As the SYSAMIN user with “User Management”, go to Role Categories tab
    
     Update -- Add another row
     Enter name for a new category and apply
     Under Tab Roles & Role Inheritance

3. As the SYSAMIN user with “User Management”, go to Roles and Role Inheritance tab.

3.1 Create a Role and then create a Grant for the Role. (For each responsibility that you want to modify)
     
    Enter Name and Description for the new Grant.
    Enter Category created on step 2.
    Search for Application name "Application Object Library".
    Save

3.2 Create Grant (2 new Grants)
   
   3.2.1 Enter Name and Description for the new Grant. (Responsibility)
         For the Data Security Object enter “Concurrent Requests”.
         Click Next and provide the Data Content Type of “Instance Set”.
         Click Next and for Instance Set choose instance set created in step #1.
         Click Next For Instance Set Details add the following parameters
         
          - parameter 1: Name_for_the_responsibility (i.e System Administrator)
          - parameter 2: FND
         
         For Set (Select the permission set or menu navigation set that defines the grantee's access.) use "Request Operations".
         Finish
  
   3.2.2 Enter Name and Description for the new Grant. (Request_Group) 
         For the Data Security Object enter “Concurrent Programs”.
         Click Next and provide the Data Content Type of “Instance Set”.
         Click Next and for Instance Set choose instance set "Programs that can be accessed".
         Click Next For Instance Set Details add the following parameters
         
          - parameter 1: Name_from_the_responsibility_Request_Group  (i.e System Administrator Reports)
          - parameter 2: FND
         
         For Set (Select the permission set or menu navigation set that defines the grantee's access.) use "Request Operations".
         Finish

4. Assign this role to users as needed. The users with this role will be able to see the log and
 output files for other user in the same responsibility.

Sing as sysadmin --> User Management Responsibility --> SubMenu User

Query the User Name you want to add the new role to.
     Click on the Update icon.
     Click Assign Roles button and find the new role.
     Save and Apply to activate the new role.

5.     Run concurrent program :
       5.1  "Workflow Directory Services User/Role Validation" Parameters : 10000, Yes, Yes, Yes
       
       
 NOTE: the request must be executed by using the following Navigation Menu:

6. Log Into the Application
    VIEW--REQUESTS

Note: If you go through CONCURRENT -- REQUESTS the output button will still be disabled, this is an issue that is haven't been solved yet.
This  is an expected behavior , because the Standard form to view requests  will be provide a different behavior depending on  what mode is begin  run(administrator mode or normal mode). 
As we can see:

Responsibility/Navigation:   System Administrator - Requests - View , 
it's calling the function  FND_FNDCPQCR_SYS (View All Concurrent Requests (Administrator Mode))  With the parameter MODE="SYS".

In the other one is calling the function with Normal mode. That's the reason of the difference.

You can see explanation about Administrator Mode.

Using  Administrator Mode :  Using the Responsibility Navigation menu ->  Requests ->View  to open the Find Requests form, 
opens the form in  administrator mode and does not use RBAC. Although you may be able to  query another user's requests, 
the view output button will be disabled  even if a valid grant exists. 
The view requests form needs to be opened  in RBAC mode using the 'View -> Requests' navigation.  
With a valid  grant in place, the view output button should be enabled.