ITPub博客

首页 > Linux操作系统 > Linux操作系统 > Data Access Sets

Data Access Sets

原创 Linux操作系统 作者:dragon_88 时间:2013-08-06 14:34:11 0 删除 编辑
URL: http://oraclefinancialsrel12.blogspot.in/2008/01/new-feature-data-access-sets.html
 
New Feature - Data Access Sets
One of the new features in General Ledger is Data Access Sets. This feature plays a very important role in having a Secured Data Access to the user or one can called it as RBAC (Role Based Access Control).
In previous versions, access to data by users has been restricted only by excluding the menus and functions of the responsibility and then that responsibility is assigned to the particular users who are eligible. This job is carried out by a system administrator or a consultant having system administrator responsibility. This functionality stays as such in Rel 12 also.
Apart from the above, in Rel 12, General Ledger has also contributed a new feature towards securing data.
A Ledger created in General Ledger Module is accessed by various modules using different responsibilities, if one decided to exclude menus for all such responsibilities it will be a time consuming process, instead one can create a security by creating an Data Access Set for a ledger in General Ledger itself, which will apply to all responsibilities using that particular ledger. However, a setting is required for each such responsibilities, that is you have to attach the respective Data Access Set to the respective Responsibility by using GL: Data Access Set profile option. This setting can be done only from system administrator responsibility.
Note: One Responsibility can have only one data access set assigned.

Now let us see what are the types of security that one can have for a ledger or ledger set.
1) Full Ledger 2) Balancing Segment Value 3) Management Segment Value

1) Full Ledger - Full ledger access means having full read and write access to the ledger and all of its balancing segment values or management segment values.

2) BSV - If you assign specific balancing segment values to legal entities and ledgers, you will only be able to use those balancing segment values during transaction processing and journal entry.

3) MSV - When securing management segment values for a ledger, take note of the management segment values you used when you assigned the default accounts to the ledger, such as the retained earnings account and the cumulative translation adjustment account.

The privileges available for all the three Data Access sets are :

Read Only: Allows users to view data in ledgers and balancing or management
segment values.
Read and Write: Allows users to view and enter data in ledgers and balancing or
management segment values.

If you closely observe the BSV and MSV data access types it is more or less similar to a security rule that is defined in General Ledger module. And one more thing, BSV and MSV type Data Access sets also considers Security Rules.
For Eg: Assume that you have blocked a Segment value 01 for your company segment,
whereas you have included segment value 01 in the Data Access set, in which case, the
user will not have access to the segment value 01.

Will confuse you guys more with my other posts shortly !!
 
常用SQL:
1. SELECT *--distinct access_privilege_code
  FROM gl_access_set_ledgers gas
 
2.
SELECT pro.profile_option_name,
       prol.user_profile_option_name,
       lev.level_type TYPE,
       lev.level_code,
       lev.level_name,
       prv.profile_option_value,
       pro.sql_validation
  FROM apps.fnd_profile_options_tl prol,
       fnd_profile_options pro,
       applsys.fnd_profile_option_values prv,
       (SELECT 10001 level_id,
               'Site' level_type,
               0 level_value,
               'Site' level_code,
               'Site' level_name
          FROM dual
        UNION ALL
        SELECT 10002 level_id,
               'App' level_type,
               app.application_id level_value,
               app.application_short_name level_code,
               app.application_name level_name
          FROM apps.fnd_application_vl app
        UNION ALL
        SELECT 10003 level_id,
               'Resp' level_type,
               resp.responsibility_id level_value,
               resp.responsibility_key level_code,
               resp.responsibility_name level_name
          FROM apps.fnd_responsibility_vl resp
        UNION ALL
        SELECT 10004 level_id,
               'User' level_type,
               usr.user_id level_value,
               usr.user_name level_code,
               usr.user_name level_name
          FROM applsys.fnd_user usr) lev
 WHERE -1 = -1
   --AND prol.user_profile_option_name LIKE 'xxx' --Profile??
   AND prol.language = 'US'
   AND prol.profile_option_name = pro.profile_option_name
      AND pro.profile_option_name = 'GL_ACCESS_SET_ID'
      -- AND lev.level_name = 'xx'
      -- AND lev.level_value = 52388
      -- AND lev.level_type ='Site' -- Site, App, Resp, User
   AND pro.profile_option_id = prv.profile_option_id(+)
   AND prv.level_id = lev.level_id(+)
   AND prv.level_value = lev.level_value(+)
   AND prv.profile_option_value = '1055'
 ORDER BY pro.profile_option_name,
          lev.level_type,
          lev.level_name;
 
 

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/10951282/viewspace-767868/,如需转载,请注明出处,否则将追究法律责任。

下一篇: 字符集
请登录后发表评论 登录
全部评论

注册时间:2011-03-10

  • 博文量
    137
  • 访问量
    161368