APPENDIX
A
Create Implementation Users
This appendix will provide a step-by-step guide for creating an Oracle Fusion Applications user login and assigning necessary roles to the users to start the ACME Bank implementation. The exact steps listed in this appendix are specific to Fusion Applications Release 8, but should largely remain applicable for future releases as well. We recommend readers refer to support.oracle.com for any version-specific steps.
As discussed in Chapter 3, we need to create the following three application users as per Table A-1.
TABLE A-1. Application User List
Steps to Create an Application User
Follow these steps to create an application user:
1. Log in to Oracle Fusion Applications using FAADMIN or User with both IT Security Manager job role and Application Implementation Consultant roles.
Note: Make sure that the following Oracle Identity Management (OIM) roles are part of the IT Security Manager job role’s role hierarchy:
a. Identity User Administrators
b. Role Administrators
2. Click Navigator | Setup And Maintenance link.
3. Navigate to Define Implementation Users | Create Implementation Users task. The Oracle Identity Manager Self Service console page will open.
4. As shown in Figure A-1, click the Administration link.
FIGURE A-1. Oracle Internet Manager – Self Service page
5. Click the Create User link under the Oracle Identity Manager Delegated Administration section as shown in Figure A-2.
FIGURE A-2. OIM Create User link page
6. Enter the following minimum details in the Create User screen:
First Name: Implementation Manager
Last Name: ACME
User Login: XXFA_IMPLEMENTATION_MANAGER
Password & Confirm Password: <Enter Password to Set>
NOTE
You will be prompted to reset the password after the first successful login using the password you entered.
Organization: Xellarate Users (Seeded Organization name provided with Fusion)
User Type: Other
7. Click Save and you will receive confirmation that the user has been created successfully as shown in Figure A-3.
FIGURE A-3. OIM Create User confirmation message
8. Click the Roles tab and then click Assign as shown in Figure A-4.
FIGURE A-4. Assigning roles to the user
9. Add the Application Implementation Manager Role as shown in Figure A-5.
FIGURE A-5. Assigning the Application Implementation Manager role to the user
10. You will receive a confirmation message once the selected role has been assigned successfully to the user as shown in Figure A-6.
FIGURE A-6. Assign role confirmation page
NOTE
You will also need to have access to the Scheduled Processes menu under Tools to run reports in Fusion Applications. Either the Employee or Contingent Worker role can provide access to the Scheduled Processes menu, as both of these roles have the Worker Duty. In a normal implementation scenario, these roles will be provisioned by default if the login for the users is created as part of a Human Resource record through Oracle Fusion Human Capital Management (HCM) Applications. Since we are not implementing Fusion HCM as part of this book, as a workaround, we can manually assign the Contingent Worker role to the Implementation user to have access to the Scheduled Processes menu.
11. Repeat steps 1 through 8 for additional implementation users. Make sure that for XXFA_FIN_GL_IMPLEMENTATION_CONSULTANT and XXFA_FAH_IMPLEMENTATION_CONSULTANT, you assign Application Implementation Consultant roles in step 7.
Changes to Security Model in Fusion R10
Starting from Release 10, role definitions for security reference implementation have been simplified. The simplified roles reduce the complexity of role administration.
There are four main changes in the simplified reference role model of Release 10, as follows:
The seeded reference roles have the ORA prefix, and these roles must not be changed.
The role hierarchies delivered in Release 10 are simplified, and the hierarchies are much flatter with fewer duty roles.
Prior to Release 10, each job role was implemented as an enterprise role that could be viewed through OIM. In Release 10, job roles and abstract roles are now implemented as two different roles: enterprise job roles, as in prior releases, will be visible in OIM, and application job roles will be visible in Authorization Policy Manager (APM). Starting from Release 10, duty roles and privileges will be granted to application job roles rather than to enterprise job roles.
Aggregated privileges have been introduced in Release 10. These privileges are similar to function security privileges in prior releases, but they have data security policy associated with them.
Customers that implement Release 10 directly will have the new set of roles. Customers that upgrade from Release 9 to Release 10, however, will have two sets of roles. They will have the old roles that existed prior to the upgrade, and they will have the new reference roles delivered with Release 10. Immediately following the upgrade, users will continue to be assigned to the old Release 9 roles, and the new Release 10 roles will be inactive.
Release 10 also introduces a copy role functionality. You may create a new role by copying an existing role, and then editing the copy. If so, you have the option of copying only the “top” role (the role itself) or the top role and its inherited roles. If you choose to copy only the top role, your copy shares its role hierarchy with the source role. That is, the source role inherits subordinate roles, and your copy inherits the same roles. Subsequent changes to those inherited roles will affect not only the source role, but also your copy. If you choose to copy the top role and its inherited roles, the copied top role inherits new copies of all subordinate roles. This option insulates the copied role from any changes to the original versions of the inherited roles.