Supplier Management

Get Involved. Join the Conversation.

Posts

  • Hong Gao
    Location Based Access Control (LBAC) for Supplier...5.0
    Topic posted March 29, 2019 by Hong GaoGold Medal: 3,500+ Points, tagged Security, Tip 
    Title:
    Location Based Access Control (LBAC) for Supplier Portal Users
    Summary:
    Tips on using Location Based Access Control for Supplier Portal Users
    Content:

    You can use location based access to control user access to tasks and data based on their roles and the IP addresses of the computers from where they're signed in. This is particularly useful when you have supplier facing application like Supplier Portal deployed.  To achieve better security control, you want your internal users to have unrestricted access to tasks or features only when they're signed into the application from internal/corporate network. While for external users like supplier users, you want to restrict access to the application when users sign in from a public network to access supplier facing application like Supplier Portal.

    Here are the few steps to set this up for supplier portal users:

    • follow the instructions in the following document to enable Location Based Access Control for your application and add the identified IP addresses in the IP Address Whitelist
      LBAC - Steps to Enable / ENABLING LOCATION BASED ACCESS
    • identify the supplier facing roles that user can access from a public network.  Application provides a list of supplier facing job roles out of the box.  Based on your business need, you can identify the roles that can access tasks and data from a public network.  For example, you may want to encourage self service invoicing through supplier portal collaboration.  In this case, you decide to allow supplier users who have Supplier Accounts Receivable Specialist role to perform the tasks from Supplier Portal in the public network. 
    • follow the instruction in the following document and check the box for "Enable Role for Access from All IP Addresses" for the Supplier Accounts Receivable Specialist role.
      LBAC - Steps to Enable / ENABLING UNRESTRICTED ACCESS TO SPECIFIC ROLES

    Once these steps are completed, supplier portal users with the role Supplier Accounts Receivable Specialist will be able to manage self service invoicing from a public network. To extend supplier portal collaboration, you can follow these steps to make other supplier facing job roles public so that users with those roles can perform the related tasks and access data from public IP addresses.

    Please refer to the following links for more information on using LBAC:

    https://cloudcustomerconnect.oracle.com/posts/fdedd888ac

    https://docs.oracle.com/en/cloud/saas/global-human-resources/19a/ochus/managing-location-based-access.html#OCHUS3272236

  • Hong Gao
    Access to Supplier BI Reports45.0
    Topic posted September 25, 2018 by Hong GaoGold Medal: 3,500+ Points, tagged Business Intelligence, Security, Tip 
    Title:
    Access to Supplier BI Reports
    Summary:
    Function security for accessing supplier related OTBI reports
    Content:

    As part of supplier administration and management, internal users want to leverage Oracle Transactional Business Intelligence (OTBI) to review seeded reports as well as construct ad-hoc reports to meet business requirements. Seeded job roles like Supplier Administrator or Supplier Manager has all the function security set up out of the box to satisfy the reporting needs for managing suppliers. However, from time to time, you may want to grant other functional users the ability to review and build reports related to supplier data.

    To achieve that, here are a couple of function security considerations.

    1) there are currently four BI subject areas that are dedicated to supplier and supplier profile data: Supplier - Supplier Real Time, Supplier Registration - Supplier Real Time, Supplier - Profile Change Request Real Time, and Supplier Import - Supplier Real Time.  Content in these subject areas are all secured by duty role Supplier Master Data Transaction Analysis Duty. If your reporting need requires information from these subject areas, this duty role is necessary to access the content.

    2) apart from the duty role above, to have the ability to build an ad-hoc report, the user would also need to have the BI Author role.  

    Within the four supplier content subject areas, there are a few seeded reports:

    a) Supplier Export Reports (catalog path: /Shared Folders/Procurement/Embedded Content/): this folder contains seeded reports that can be used to extract data to populate the import supplier FBDI templates for mass update:

    •  
    • Export supplier data for import template
    • Export supplier addresses data for import template
    • Export supplier business classifications data for import template
    • Export supplier contacts data for import template
    • Export supplier contact addresses data for import template
    • Export supplier products and services category data for import template
    • Export supplier site assignments data for import template
    • Export supplier sites data for import template
    • Export supplier site third-party relationships data for import template

    b) Listing of Supplier Profile Change Requests (catalog path: /Shared Folders/Procurement/Supplier Profile Change Request/Transactional Analysis Samples/): this report allows users to search and report on profile change requests across the supply base.

    User can access the seeded reports by browsing through Catalog.  However, to properly view the data in these reports, user will also need to have the Supplier Master Data Transaction Analysis Duty.

    A special note for supplier portal users:

    • While collaborating with suppliers through Supplier Portal, it's important to note that supplier portal user does not have a navigation path to Report and Analytics work area to build ad-hoc reports.  On Supplier Portal landing page, there is an infolet for Transaction Reports.  From there, user can drill down to an OTBI dashboard with seeded reports on their transactions.
  • Soumya Parhi
    How to track Supplier Logins , that are through the supplier...Answered105.0
    Topic posted August 8, 2018 by Soumya ParhiGold Trophy: 10,000+ Points, tagged Audit, Fusion, Security, Supplier User Account, Tip 
    Title:
    How to track Supplier Logins , that are through the supplier portal ?
    Summary:
    Supplier Portal Login Audit
    Content:

    Good People,

    How to track the supplier logins form supplier portals ?

    Thanks,

    Soumya

    Document:
    Document:
  • Hong Gao
    Supplier Portal Security - Which5.0
    Topic posted December 22, 2017 by Hong GaoGold Medal: 3,500+ Points, tagged Security, Supplier User Account, Tip 
    Title:
    Supplier Portal Security - Which
    Summary:
    Which set of data can supplier users see in Supplier Portal?
    Content:

    This is determined by supplier user data access.

    While managing supplier contact user account, alongside the Roles tab, there is a Data Access tab.  The Restrict Access To field determines which set of documents a supplier user can access in Supplier Portal.  Supplier data security supports two data access levels to control which transactions supplier users can access in Supplier Portal:

    • Supplier level data access allows the supplier user to access all transaction documents that belong to the supplier for which the supplier user is associated with.

    • Supplier site level data access limits the supplier user to access only the transaction documents that contain the specific supplier sites for which the user has been granted access to. 

    TIP: Data access controls the transaction access for supplier portal users. Since data access definition can expand to parent-child relationship, user with proper data access can see transactions from child suppliers.  For supplier profile, users with Supplier Self Service Administrator job role can only manage profile for their own company.

  • Shivani Roy
    Data Access Control on Supplier SitesAnswered95.0
    Topic posted January 31, 2019 by Shivani RoyBronze Medal: 1,250+ Points, tagged Security, Setup, Tip 
    Title:
    Data Access Control on Supplier Sites
    Summary:
    Understanding the configuration of data access control on supplier sites
    Content:

    There are two levels of security that allows access the supplier site information:

    1. Security privileges:
      • View Supplier Site (POZ_VIEW_SUPPLIER_SITES_PRIV): Allows view access to supplier site information.
      • Maintain Supplier Site (POZ_MAINTAIN_SUPPLIER_SITES_PRIV): Allows edit access to supplier site information.
    2. Manage Procurement Agents setup task: Agents access control is given at the "Manage Suppliers" level on this setup task. This setup provides procurement business unit based edit access to users. Supplier sites being the entity linked to procurement business units the users can only edit those sites of a supplier for whom the agent access has been given at the "Manage Suppliers" level.

    Let’s review these use cases to better understand the data access control on supplier sites:

    • Configuration for senior management users who need view only access to sites:

    To ensure the user has view access to all sites information i.e. sites belonging to all procurement business units, grant the privilege View Supplier Site to the user.

    • Configuration for supplier administrators or managers who need edit access to sites.

               There are two steps involved:

    1. Identify the procurement business units for which the user should be allowed to maintain supplier site   information. For all such procurement business units, make the user a procurement agent allowed to Manage Suppliers in the setup task Manage Procurement Agents.
    2. After making the user procurement agent for all procurement business units that user is allowed to maintain sites from, grant the privilege Maintain Supplier Site.

    Points to Consider:

    • Maintain Supplier Site privilege should only be given to users who are allowed to edit supplier site information. If they are allowed to maintain supplier sites, they MUST be made procurement agents with Manage Suppliers action for the procurement business units.
    • If the user needs to have edit access to all sites, then make the user procurement agent for all the procurement business units along with the Maintain Supplier Site privilege.
    • For view only access to sites, user must only be granted the View Supplier Site privilege.Agent access setup will not be required in this case.
  • Hong Gao
    Allow users to view supplier profile PII attributes unmasked5.0
    Topic posted May 28, 2018 by Hong GaoGold Medal: 3,500+ Points, tagged How-To, Security, Supplier Profile Management, Tip 
    Title:
    Allow users to view supplier profile PII attributes unmasked
    Summary:
    Configure view only supplier profile access to see unmasked PII attributes
    Content:

    Internal users with Supplier Profile Inquiry Duty have view only access to supplier profile.  With this duty, user typically sees supplier PII attributes as masked, such as taxpayer ID and tax registration number (for suppliers with Individual or Foreign Individual tax organization type) as well as national insurance number.  When there is a need to allow a particular group of users to see these PII attributes as unmasked, it's necessary to configure a duty role to include the data security policy that enables this.  To achieve this, the following steps can be followed by an administrator or someone who can create and modify job roles:

    • Go to Security Console.  Search and copy duty role Supplier Profile Inquiry (ORA_POZ_SUPPLIER_PROFILE_INQUIRY) with copy option "Copy top role and inherited roles".
    • Under the Data Security Policies train stop, click Create Data Security Policy button.
    • Search for Supplier Personally Identifiable Information in Database Resource LOV dialog.
    • Select All values for Data Set.
    • In Actions drop-down, check Maintain Supplier Corporate Identifiers and Maintain Supplier Individual Identifiers PII.
    • Review the changes under the Summary and Impact Report train stop.
    • Complete the role copying and modification by clicking the Submit and Close button.
    • Refer to the steps above to create a new job role. Assign the new duty role to the job role.
    • Assign the job role to an internal user.

    This internal user will continue to have view only access to supplier profile, but he/she can see the supplier profile PII attributes as unmasked.

  • Vineet Gangwar
    Supplier Registration email concerns if SSO is enabled65.0
    Topic posted June 4, 2019 by Vineet GangwarBlue Ribbon: 750+ Points, tagged How-To, Public Sector, Security, Setup, Supplier Communication, Supplier Creation, Supplier Registration, Supplier User Account, Tip 
    Title:
    Supplier Registration email concerns if SSO is enabled
    Summary:
    When SSO is enabled, organisations are suppose to disable the user account related email and this disables the emails for new account creations for supplier as well.
    Content:

    If SSO is enabled, user account creation emails are generally disabled and this causes a challenge to implement supplier portal. As suppliers do not get communicated about their account creations automatically as soon as the account is created, followings are the possible solutions (and their challenges) which can be suggested to clients (there can be few more but these are based on my understandings of the application):

    1: Once supplier is registered and account is crated, go to security console, change the user category and reset the password to resend the emails to suppliers.

    Challenges - In most of the public (even in private) sectors, this activity is performed by a dedicated team of supplier admins/managers and they are not supposed to have the access of "Security Console" because of organisations security policies. Hence this solution doesn't sound feasible to clients.

     

    2- Keep notifications enabled and modify the content of user account email. Detail clear cut instructions for employees and suppliers on how they can access the application but again it comes with the risk that employees (new) might miss the instruction and start using it with the credentials provided in email rather that the SSO ones, which is again big concern for organisations.

     

    These are the 2 possible solutions which I could have thought of based on my understanding of Cloud application. Please feel free to correct me or suggest any alternate solution if you have come across similar requirement.  

    Thanks

    Vineet Gangwar

    Version:
    19b
  • Ramesh Radhakrishnan
    Supplier Portal- Custom role for supplier to prevent...Answered25.0
    Topic posted January 29, 2019 by Ramesh RadhakrishnanBlack Diamond: 60,000+ Points, tagged How-To, Public Sector, Security, Setup, Supplier User Account 
    Title:
    Supplier Portal- Custom role for supplier to prevent submitting invoices
    Content:

    We would like to create a custom role for certain suppliers to prevent submitting invoices via Supplier portal. I see that the seeded role "Supplier Accounts Receivable Specialist " needs to be copied and modified to achieve this. I need to know what are the priveleges that needs to be removed. Should this be removed in the Role Hierarchy or the Function security policies?

    Is there any document to setup the custom role?

    Version:
    R13-18C
  • Hong Gao
    Supplier Portal Security - Who5.0
    Topic posted December 15, 2017 by Hong GaoGold Medal: 3,500+ Points, tagged Security, Supplier User Account, Tip 
    Title:
    Supplier Portal Security - Who
    Summary:
    Who are supplier portal users and how are they created?
    Content:

    After a supplier record is created in the buying organization, supplier contacts can also be created for the supplier.  When there is a need to enable supplier collaboration using Supplier Portal, user accounts can be requested and created for supplier contacts that need to access Supplier Portal. From the Suppliers work area, search and locate the supplier to edit its profile.  Go to Contacts tab and edit the supplier contact to create user account for the contact.

    TIP: To utilize supplier portal collaboration, any one of the following functional areas within Procurement offering should be enabled: Supplier Portal, Sourcing, or Supplier Qualification.

  • Hong Gao
    Supplier Portal Security - What5.0
    Topic posted December 19, 2017 by Hong GaoGold Medal: 3,500+ Points, tagged Security, Supplier User Account, Tip 
    Title:
    Supplier Portal Security - What
    Summary:
    What can supplier users do in Supplier Portal?
    Content:

    This is determined by the job roles assigned to a supplier user. 

    First, IT Security Manager performs the setup task Manage Supplier User Roles to define what job roles can be provisioned to supplier users. After that, supplier contact user account can be requested through registration flows or created via the Suppliers work area.  Role assignment is required while creating a user account. 

    TIP: After IT Security Manager determines the list of roles that can be provisioned to supplier users, Procurement Application Administrator can optionally set up the list of roles, which will be a subset of the supplier-provisionable roles specified earlier, that can be defaulted during user account creation.  On Manage Supplier User Role Usages setup page, roles can be marked as either Default for Supplier Portal and/or Default for Sourcing.  In the registration initiated from Sourcing negotiation flow, the roles marked as Default for Sourcing will be defaulted.  In other flows such as external supplier registration, supplier management, etc., roles marked as Default for Supplier Portal will be defaulted to expedite the user creation.