Oracle E-Business Suite relies on a combination of database
functionality (views, stored procedures, and functions) along with
interface rules to enforce business logic, such as data security
rules. The adapter supports this design by enforcing security embedded
rules within the database and by allowing queries to be written
against both restricted and unrestricted types of data. Therefore,
the adapter can be used to support data access with the following
security models:
-
Oracle Applications Security. Reports may be defined
to require a Responsibility ID and Application ID as part of their
processing. When this is done, requests against business views containing
row-level security data restrictions will display the secured and
filtered result data set only.
-
Union of Responsibilities. When reporting against tables
or views found in the applications, users will be able to access
the full union of the data that all of their responsibilities allow.
Only when Oracle Applications Security is defined will this data
be further restricted to an individual responsibility ID access
profile.
-
Total Enterprise Access. Reports will always enforce
table and view restrictions based on the application access granted
to a given user. For all tables, and the subset of views that do
not have row-level data security rules built-in, reports written against
them will provide full data access.
x
Reference: Data Access and Security Limitations
- Synonyms created for use with this application adapter must
be created with the same name as the underlying Oracle RDBMS Table
or View.
- Oracle applications provide automated row-level security against
many of the database views stored in its repository. These views
are secured based on the initialization of environment settings
during the user login process. The database tables do not support
row-level security through this model automatically. To support
row-level security against database tables, you must code filter
criteria into individual reports.