1. MOAC brief introduction

MOAC(Multi-Org Access Control) Access control for multiple organizations , yes Oracle EBS R12 Important new features of . It can be implemented in a Responsibility Next to many OU(Operation Unit) To operate , Allow users to switch without switching Responsibility Under the circumstances , Processing multiple OU Organized things .

UseràResponsibilityàSingle Operation Mode/Multiple Operation Unit Mode

2.    MOAC

         2.1、 Related configuration files

1) MO:Security Profile(MO: Security profile )

Define business groups

Submit a security request

2) MO:Default Operation Unit(MO: Default business entity )

3) MO:Operation Unit(MO: The business entity )

    2.2、 Logic control  

1) If MO:Security Profile No settings ,MO:Operation Unit Is greater than MO:Default Operation Unit, Default MO:Operation Unit Set up OU

2) If set MO:Security Profile, And the current Responsibility Only a single OU, Will default directly to the OU, Ignore MO:Default Operation Unit

3) If set MO:Security Profile, And the current Responsibility Access to multiple OU, First, check the MO:Default Operation Unit Whether the set value is in MO:Security Profile in , If exist , By default MO:Default Operation Unit Value , Otherwise it's empty .

4) A configuration file is divided into different locations 、 Application products 、 responsibility 、 User level , The default level is : user > responsibility > application > place .

     2.3、 View available MOAC modular

MOAC Application support is required to enable , So when it's on MOAC Before , We need to be clear about what should be done Support with programs MOAC characteristic .

SELECT fmp.application_short_name FROM fnd_mo_product_init fmp WHERE fmp.status='Y' ;

You can also change the application registration MOAC Support , Or cancel MOAC Support

register :fnd_mo_product_init_pkg.register_application

Cancel :fnd_mo_product_init_pkg.remove_application

3.    VPD

MOAC It's through Oracle Database VPD(Virtual Private Database) Technology to achieve ,VPD Technology provides database objects ( surface 、 A synonym for 、 View )

Row level access control , Use VPD Technology can effectively limit the scope of data users get .

         3.1 VPD Working methods

After associating one or more security policies with a table or view , Can be realized VPD. When accessing a table with security policy directly or indirectly , The database will call a function that implements the policy , The policy function returns an access condition (WHERE Words and expressions ), The application attaches it to the user's SQL sentence , So as to dynamically modify the data access rights of users .

for example : Implementation requirements only allow a user to query the data of the management staff table , be VPD The query statement is automatically SELECT * FROM fnd_user Add query criteria

SELECT * FROM fnd_user where user_name = ‘HAND_CW’, among ‘where user_name=’HAND_CW’ by VPD The string returned by the security policy function .

       3.2 VPD Content

1) policy_function

The strategy function acts on the object ( surface 、 View 、 A synonym for ) On , Returns a specific predicate based on the application context , That is, automatically in the query table 、 In view , Plus the returned where Conditions . You can use dbms_rls.add_policy Bind an object to a policy function .

see R12 MOAC The policy function used

SELECT DISTINCT  dp.policy_name,

dp.package || '.' || dp.function,

dp.policy_type

FROM dba_policies dp

WHERE dp.policy_name = 'ORG_SEC';

2)policy_type

The string created and returned by the policy function is very dynamic , To ensure the results , Improve performance ,R12 There are several types of strategies :

context_sensitive,shared_context_sensitive,shared_static、static

Set the policy type of the policy function :

Dbms_rls.add_policy(policy_type => dbms_fls.shared_context_sensitive);

     3.3 Creating custom tables VPD shielding

surface :CUX_FREIGHT_INFO_HEADERS_ALL, A synonym for :CUX_FREIGHT_INFO_HEADERS

For synonyms CUX_FREIGHT_INFO_HEADERS add to VPD shielding

BEGIN

dbms_rls.add_policy(object_schema   => 'CUX', -- Data sheet ( Or view ) Where Schema name

object_name     => 'CUX_FREIGHT_INFO_HEADERS ', -- Data sheet ( Or view ) The name of

policy_name     => 'ORG_SEC ', --POLICY The name of , Mainly used in the future for Policy Management of

function_schema => 'CUX', -- return Where The function of clause Schema name

policy_function => 'MO_GLOBAL.ORG_SECURITY', -- return Where The function name of clause

policy_type     => dbms_rls.shared_context_sensitive);

END;

Create the VPD After shielding ,select * from CUX_FREIGHT_INFO_HEADERS No result set returned ,

select * from CUX_FREIGHT_INFO_HEADERS_ALL All result sets of the table can be returned

       3.4 Delete VPD

BEGIN

dbms_rls.drop_policy(object_name => 'CUX_FREIGHT_INFO_HEADERS',

policy_name => 'ORG_SEC');

END;

        3.5 see VPD

SELECT *

FROM user_policies t

WHERE 1 = 1

AND t.object_name = 'CUX_FREIGHT_INFO_HEADERS';

4.    Support MOAC Of FORM Development

stay R12 In the version ,OU I'm in control of procurement MOAC The way , It's the user's operation that's improved , If it's customized form Able to support MOAC The function of , You need to provide the current user's choice on the interface OU Fields for users to choose .

         4.1 Definition FORM Parameters

mo_default_org_id、mo_default_ou_name、mo_ou_count

         4.2 PRE_FORM

mo_global.init('CUX'); -- Set up according to the application form For single OU Or more OU Pattern

mo_utils.get_default_ou(l_default_org_id, l_default_ou_name, l_ou_count);  -- Get the default OU

copy(l_default_org_id,'PARAMETER.mo_default_org_id');

copy(l_default_ou_name,'PARAMETER.mo_default_ou_name');

copy(l_ou_count,'PARAMETER.mo_ou_count');

IF nvl(l_ou_count, 0) <= 0 THEN-- Judge if you find OU, If not found , False report

fnd_message.debug(' error 001: No corresponding OU, Please contact the system administrator or developer !');

RAISE form_trigger_failure;

END IF;

IF l_default_org_id IS NOT NULL THEN

mo_global.set_policy_context('S', l_default_org_id);

END IF;

      4.3 WHEN_CREATE_RECORD

With OU Of BLOCK Of when-create_record Add the following code to :

l_org_id_name     := name_in('System.Trigger_Block') || '.ORG_ID';

l_block_item_name := name_in('System.Trigger_Block') || '.OU_NAME';

IF :parameter.mo_default_org_id IS NOT NULL

AND name_in(l_org_id_name) IS NULL THEN

copy(:parameter.mo_default_org_id,

name_in('System.Trigger_Block') || '.ORG_ID');

copy(:parameter.mo_default_ou_name,

name_in('System.Trigger_Block') || '.OU_NAME');

set_item_property(l_block_item_name,

item_is_valid,

property_true);

END IF;

     

 

 

 

 

 

remarks :mo_utils.get_default_ou(l_default_org_id, l_default_ou_name, l_ou_count);

The function code is as follows :

      PROCEDURE get_default_ou(p_default_org_id  OUT NOCOPY NUMBER,

p_default_ou_name OUT NOCOPY VARCHAR2,

p_ou_count        OUT NOCOPY NUMBER) IS

l_prof_org_id     hr_operating_units.organization_id%TYPE;

l_default_org_id  hr_operating_units.organization_id%TYPE;

l_default_ou_name hr_operating_units.name%TYPE;

BEGIN

p_ou_count := mo_global.get_ou_count;

IF (get_multi_org_flag <> 'Y' OR p_ou_count = 0) THEN

RETURN;

END IF;

IF (p_ou_count = 1) THEN

BEGIN

SELECT mg.organization_id,

mg.organization_name

INTO l_default_org_id,

l_default_ou_name

FROM mo_glob_org_access_tmp mg;

EXCEPTION

WHEN OTHERS THEN

l_default_org_id  := NULL;

l_default_ou_name := NULL;

END;

ELSE

l_prof_org_id := fnd_profile.value('DEFAULT_ORG_ID');

IF (mo_global.check_access(l_prof_org_id) = 'Y') THEN

l_default_org_id  := l_prof_org_id;

l_default_ou_name := mo_global.get_ou_name(l_default_org_id);

ELSE

l_default_org_id  := NULL;

l_default_ou_name := NULL;

END IF;

END IF;

p_default_org_id  := l_default_org_id;

p_default_ou_name := l_default_ou_name;

EXCEPTION

WHEN OTHERS THEN

generic_error('MO_UTILS.Get_Default_OU',

SQLCODE,

SQLERRM);

END get_default_ou;

 

 

ORACLE R12 MOAC More articles about

  1. turn :Oracle R12 Multi organization access control - MOAC(Multi-Org Access Control)

    What is? MOAC MOAC(Multi-Org Access Control) Access control for multiple organizations , yes Oracle EBS R12 Important new features of , It can be implemented in a Responsibility Next to many Opera ...

  2. Oracle R12 Multi organization access control - MOAC(Multi-Org Access Control)

    What is? MOAC MOAC(Multi-Org Access Control) Access control for multiple organizations , yes Oracle EBS R12 Important new features of , It can be implemented in a Responsibility Next to many Opera ...

  3. EBS R12 MOAC Principle exploration ( turn )

    Reprinted address EBS R12 MOAC Principle exploration

  4. SYS_R12 MOAC Multi organization bottom technology implementation technology analysis (Oracle VPD) ( Case study )

    2014-05-30 Created By BaoXinjian

  5. Oracle Apps DBA R12.2 Syllabus

    1. What is Oracle R12.2 R12.2 Definition Architecture Advantages of R12.2 Limitations of R12.2 What ...

  6. Oracle EBS introduction

    Oracle EBS introduction Oracle EBS The full name is Oracle E-commerce Suite (E-Business Suit), It's in the original Application(ERP) Based on the expansion , contain ERP( Enterprise resource planning management ). ...

  7. DBA_Oracle Erp R12 Chinese patch installation and upgrade ( Case study )

    2014-07-11 Created By BaoXinjian

  8. PLSQL_R12 MOAC Four applications of multi organization ( Case study )

    One . Abstract R12 Form Or other secondary development , In many cases it will involve R12 MOAC Multi organization development , Here's how 4 A common application , If there is any omission, please continue to add 1. Open at development time Form Automatically pop up Organization selection implementation mode ( increase C ...

  9. SYS_R12 MOAC Four applications of multi organization ( Case study )

    2014-05-31 Created By BaoXinjian

Random recommendation

  1. android Show PDF file

    1. Open source project address : https://github.com/JoanZapata/android-pdfview 2. quote compile 'com.joanzapata.pdfview:androi ...

  2. Class Methods &amp; Variables

    When calling an instance method like withdraw_securely, the syntax generally looks something like th ...

  3. word2vec elementary analysis

    This paper refers to neural network language model .word2vec Study notes of related papers and online blogs . Record only My own learning process , Welcome to tile . word2vec yes 2013 year google A language model of neural network is proposed , Through the neural network ...

  4. poj2891-- Extended Euclidean algorithm

    /* The problem uses the extended Euclidean algorithm , Find the modular linear congruence equation : Analysis topic : Take the output of the title as an example , Ask for an integer X You can meet X % a = r,a,r, For array name : When the array elements are two , The equations :X % a1 ...

  5. EC Book Notes Series 11: Clause 20、21

    Clause 20 Ning Yi pass-by-reference-to-const Replace pass-by-value remember : * Try to use pass-by-reference-to-const Replace pass-by-value. front ...

  6. 12 Excellent jQuery Ajax Pagination plug-ins and tutorials

    12 Excellent jQuery Ajax Pagination plug-ins and tutorials In this article , I've collected 12 Based on  jQuery  Framework of the Ajax Paging plug-ins , These plug-ins provide a detailed tutorial and demonstration .Ajax The emergence of technology makes  W ...

  7. springmvc The interceptor and springmvc The problem with the global exception handler

    I'm doing a little hand training project recently , The system architecture uses springmvc The global exception handler for , Do a unified exception handling system . And then he joined springmvc Interceptor , For some needs , In the interceptor  preHandle Method ...

  8. C# Code writing specifications and naming specifications in

    C# Code writing rules : 1.  Try to use the interface , Then use the class to implement the interface , To improve the flexibility of the program . 2. No more than 80 Characters 3. Try not to manually change computer generated code 4. Write comments on key statements 5. It is recommended that local variables use it in the closest possible way ...

  9. PHPExcel Export contains pictures excel

    <?php // Used here PHPExcel The version number is 1.8.0 // Download address https://github.com/PHPOffice/PHPExcel download ZIP Compressed package // After downloading Class ...

  10. JavaWeb About session Several ways to set the life cycle

    commonly session The life cycle of the system is to record the user's information after the user logs into the system ,session It's like you have a bank card , And Cary's money belongs to session Stored information , You can't take out the money if you drop the card . before sessio ...