Saturday, November 10, 2012

Make Read Only Responsibility of Users in Oracle Apps


For a leading American client’s audit team required access to all the oracle applications responsibilities. The access was required to carry out the internal audit. They required read only access as they were auditing the system and not performing transactions or setup configurations.


At the client location, oracle applications were rolled out to 16 countries and each country had their own set of books. Following modules were rolled out:
                General Ledger
                Purchasing
                Payables
                Receivables
                Fixed Assets
                Order Management

To create read only responsibility was a time consuming exercise as it involved creation of a new read only Function, then creation of a Menu, and a Responsibility, and finally adding the relevant profile options to each responsibility. Also read only responsibility had to be created for each country and roughly around 96 responsibilities had to be created.

The above activity required more than 20 person days to create read only responsibility. This was a time consuming exercise as each and every screen in each responsibility needed to be tested whether read-only function is working or not.

To overcome the manual creation of read only responsibility, in the custom.pll for a particular user or users a script is written to restrict to view the responsibilities that are attached in FND_USER Screen. On adding the user name in custom.pll the user will not have permission to create, or modify setup / transactions.

Benefits
1.    Avoided manual effort on creation of read only Function, creation of Menu, Responsibility, and adding of Profile Option to the responsibility
2.    Avoided manual errors in creation of Function, Menu, Responsibility, and attaching of profile options to the responsibility
3.    Drastically reduced the timeframes as this change request was conceptualized, developed, tested, unit tested by user, and deployed to production instance in 5 working days

BEGIN
   IF event_name = 'WHEN - NEW - FORM - INSTANCE'
   THEN
      IF FND_PROFILE.VALUE ('USER_NAME') = ' XXXXXXX'
      THEN    /*ENTER THE USERNAME THAT IS USED BY AUDITORS*/
         BEGIN
            COPY ('Entering app_form.query_only_mode', 'global.frd_debug');
            COPY ('YES', 'PARAMETER.QUERY_ONLY');
            APP_MENU2.SET_PROP ('FILE.SAVE', ENABLED, PROPERTY_OFF);
            APP_MENU2.SET_PROP ('FILE.ACCEPT', ENABLED, PROPERTY_OFF);
            formname := NAME_IN ('system.current_form');
            blockname := GET_FORM_PROPERY (formname, FIRST_BLOCK);

            WHILE (blockname IS NOT NULL)
            LOOP
               IF (GET_BLOCK_PROPERTY (blockname, BASE_TABLE) IS NOT NULL)
               THEN
                  SET_BLOCK_PROPERTY (blockname,
                                      INSERT_ALLOWED,
                                      PROPERTY_FALSE);
                  SET_BLOCK_PROPERTY (blockname,
                                      UPDATE_ALLOWED,
                                      PROPERTY_FALSE);
                  SET_BLOCK_PROPERTY (blockname,
                                      DELETE_ALLOWED,
                                      PROPERTY_FALSE);
               END IF;

               blockname := GET_BLOCK_PROPERTY (blockname, NEXTBLOCK);
            END LOOP;
         END query_only_mode;
      END IF;
   END IF;
END;