Monday, 13 March 2017

MOAC in Oracle Apps (Multi Org Access Control)

Introduction


Multi-Org architecture was first introduced in Oracle Applications Release 10.6.   Its primary objective was to secure data from unauthorized access by individual in different Operating Units in enterprise. Although security by Operating Units has been widely used as a reliable method to protect from unauthorized access to information, many customers have requested to increase flexibility to enable user to access one or more Operating Units per user responsibility.  Multi-Org Access Control feature allows reduction in operating costs, but more importantly, it lays a more flexible software foundation to allow Oracle Applications to support complex business model such as Shared Services without compromising data security.

Access Control

The Multi-Org Access Control feature, also known as "Security by Operating Unit", will enable users to access to secured data in one or more Operating Units within one responsibility.  The feature uses Security Profile concept introduced in Release 11i Oracle Human Resources Management System, which allows system administrator to predefine the scope of access privilege as a profile option.  A security profile may be defined in hierarchical or listing mode, which may consist one or more Operating Units.
A profile option, "MO: Security Profile", is used to associate predefined security profile to a user responsibility.
The following two process flows illustrate current and new models for defining Multi-Org.

Select Operating Unit


With the ability to access multiple Multi-Org Operating Units from a single application responsibility, users are able to enter setup and transaction data and run concurrent programs for multiple Operating Units without having to switch the responsibility.  Except in a few cases, all Multi-Org enabled setup and transaction user interface will have "Operating Unit" field.  Users will be able to select the Operating Unit from a list of values assigned to the user via the security profile and responsibility.   Operating Unit context can also be defaulted or derived from other operating unit sensitive attribute.   Detail on these variations is covered in subsequent sections.

Process for enabling MOAC:

Creating the Security Profile :

Use the screen below to create a security profile:


Run Security List Maintenance Program

This concurrent program must be run from the Standard Report Submission screen after creation of security profile.  It populates the PER_ORGANIZATION_LIST table with the list of organizations included in the security profile.  The organizations included in the "View All" security profiles are not stored in this table.
The "Security List Maintenance Program" could be preferably run for one named security profile to prevent disturbing other security profile setup. 


Assign MO: Security Profile to Application Responsibility

The last step is to assign a security profile to user responsibility via System Profile Values window.  "MO: Security Profile" can be set at Site and Responsibility level.

No comments:

Post a Comment