Application privileges, which govern which aspect of the application can be accessed can be defined to restrict or allow access at many different levels. There are several kinds of application privileges:
Set of Books
Data Groups
Forms
Functions
Securing attributes
Reports/Programs
Set of Books- This governs which Set of Books is associated with the application user. The application user can only see data within the associated Set of Books.
Data Groups- A data group maps each Oracle Application module to a database ID. This determines which Oracle database user ID connects to the database when using a certain application module. The Oracle database user ID determines which database tables and other database objects the user can access through Oracle Applications forms, reports, or concurrent programs.
Forms- Forms are the forms/windows that the application user can access. The list of forms that can be accessed by an application user is determined by the configuration of the menu attached to the responsibility the user is connected to. A given user will see a different menu (and can access different forms) each time they connect to a different responsibility.
Functions- Function security governs what functionality can be performed from a given responsibility. There are two kinds of functions: form functions and subfunctions. Form Functions are functions that will call a form; subfunctions are those within a form, usually associated with a button. Application users restricted from performing certain functions on a form will still be able to navigate to the form, but will not be able to navigate to the section of the form representing a restricted form function, or to see the buttons or graphics on a form that are associated with a restricted subfunctions.
Securing Attributes- Securing attributes governs what set of data values an application user can access through the self service Web Applications.
Reports/Programs- The list of available reports and programs varies, depending on the responsibility the user is connected to. A request group is defined as a list of reports and programs. A request group can then be attached to a responsibility, and this controls the programs and reports that can be accessed by users of that responsibility.
No comments:
Post a Comment