Applications Security

Get Involved. Join the Conversation.

Topic

    Kunal Daya
    Roles and Privileges that grant access to Scheduled...
    Topic posted August 28, 2019 by Kunal DayaRed Ribbon: 250+ Points, tagged Financials, HCM, Security 
    137 Views, 8 Comments
    Title:
    Roles and Privileges that grant access to Scheduled Processes
    Summary:
    Roles and Privileges that grant access to Scheduled Processes
    Content:

    Hi Community,

    Is it possible or is there a report which shows which Privilege/ Duty role grants access to specific ESS Jobs or Scheduled Processes.

    We are trying to customise a role which prevents access to specific Scheduled Processes 

    Thanks,

    Version:
    19B

    Comment

     

    • Kishore Padala

      Privilege Name : Manage Scheduled Processes

      Privilege Code : FND_MANAGE_SCHEDULED_PROCESSES_PRIV
       
      which will allow management of Scheduled Processes which is inherited from Employee role.
       
       
    • Kishore Padala

      You can create a new custom role and assign the privilege code : "FND_MANAGE_SCHEDULED_PROCESSES_PRIV" to the custom role and assign it to user in order to get the access for the schedule process.

    • Kunal Daya

      Hi Kishore,

       

      Thanks for that, I am trying to identify what privilege gives the user access to run a specific schedule process so that i can remove this from the users current access.

      • Yasheswi Challa

        Hi,

        There is no mapping of privileges to processes but you should be able to search the privilege associated with a process. For example, Run Retrieve latest LDAP requests will give access to Retrieve latest LDAP requests. Also, to be able to see the processes submitted by other users you need to create ESS monitor role and ESS Admin roles accordingly. 

        Thanks

        Yash

    • Sowdhaminya Murugan

      Usually the privilege name starts with Run and ends with process and in most cases, the name would be similar to the ESS process name 

    • Tom Strudley

      Hi Kunal

      Right now there is no way report showing which users/roles can access which ESS jobs

      Thanks

      Tom

    • Joost Hogerwerf

      Hi Kunal,

      in general the Metadataname of a scheduled process corresponds to a part of the code value from the resources table (ASE_PERMISSION_B).

      So if you know the metadata name of the process you would like to secure (by showing the column of the metadata name in the scheduled processes page), you can use below query to relate back to the privileges granting access to a scheduled process.

      You can use the security console to retrieve which roles already have this privilege included.

      So for example, if I want to know which privileges grant access to run the schedule process "Apply Receipts Using Automatch", the Metadata name of this process is "AutomatchMasterEss"

      Using below query:

      select
      aprtl.Name
      ,aprb.code
      ,aprb.privilege_id
      from
      ASE_PRIVILEGE_TL aprtl
      ,ASE_PRIVILEGE_B aprb
      ,ASE_PERMISSION_B apb
      where 1=1
      and apb.code like '%AutomatchMasterEss%'
      and apb.privilege_id = aprb.privilege_id
      and apb.privilege_id = aprtl.privilege_id
      and aprtl.language = 'US'

      ... tells me the following privileges give access:

      - Submit AutoMatch Process

      - Import Receivables Receipt through Lockbox

       

      Please let me know if this works for you

       

      Kind regards,

      Joost