MOAC (Multi Org Access Control)

MOAC (Multi Org Access Control)

MOAC is a feature used to access the data of multiple organizations or multiple operating units from a single responsibility.

Data security is maintained using security profiles that determine the data access privileges associated to responsibilities granted to a user.

Because of this you can perform multiple tasks across operating units without changing responsibilities, Users are no longer required to switch applications responsibilities when processing transactions for multiple operating units.

MOAC are of two types:

  1. Local
  2. Global

Using Local MOAC we can access the data of multiple operating units from the single responsibility of the same business group.

Using Global MOAC we can access the data of multiple operating units from the single responsibility of one or more business groups.

Advantages of MOAC:

  • MOAC is used to maintain and access bank accounts for multiple operating units.
  • To secure Inter and Intra company.
  • Multi-Org Access Control feature allows you to enter, process data and generate reports from a single responsibility.
  • To process the payment of one or more operating units using oracle payments (At a single time we can process the payment for one or more operating units)
  • To maintain the data of customer and supplier for one or more operating units. Supplier or customer is visible across business group but supplier/customer site is specific to the operating unit, so multiple accesses to different operating units is required.
  • For reporting purpose.

Let us know define Local Security Profile for MOAC

Switch to HR responsibility

Navigate to SECURITY->PROFILE

Name: MM LOCAL

Business Group: MM GROUP

Under Organization Security

Security Type: View All Organization (No Security)/ Secure organization by organization hierarchy/ Secure organization by single OU / Secure organization by OU and single organization

Secure organization by organization hierarchy—Secures only specific organization

Classifications Organization Name
Operating Units MM TRUCKS
Operating Units MM CARS

 Then SAVE.

Now we define GLOBAL SECURITY PROFILE

Navigate to SECURITY-> GLOBL PROFILE

Name: MM GLOBAL

Under Organization Security

Security Type: Secure organization by organization hierarchy

Classifications Organization Name
Operating Units MM TRUCKS
Operating Units MM CARS
Operating Units TATAGSS CARS (Under GSSTATA Group Business Group)
Operating Units TATAGSS Trucks (Under GSSTATA Group Business Group)

Then SAVE

 

Now we need to run “SECURITY LIST MAINTENANCE” Program.

SECURITY LIST MAINTENANCE enables our security profiles and generates organization List.

Navigate to VIEW->REQUEST

Program: SECURITY LIST MAINTENANCE

Parameters:

Generate list for: One Name Security Profile

Security Profile: MM LOCAL

Then SUBMIT

Similarly we run for MM GLOBALS also

Navigate to VIEW->REQUEST

Program: SECURITY LIST MAINTENANCE

Parameters:

Generate list for: One Name Security Profile

Security Profile: MM GLOBAL

Then SUBMIT

Now we define responsibilities for Inventory, PO and AP

Switch to System Administrator Responsibility

Navigate to SECURITY->RESPONSIBILITY->DEFINE

Responsibility Name: MM NEW INV

Application: Inventory

Data Group: Standard

Application: Inventory

Menu: INV_NAVIGATE

Request Group: All Inclusive GUI

Application: Inventory

Then SAVE

Now Create Responsibility for PO

Responsibility Name: MM NEW PO

Application: Purchasing

Data Group: Standard

Application: Purchasing

Menu: Purchasing Super User GUI

Request Group: All Reports for Purchasing Module

Application: Purchasing

Then SAVE

Now define the responsibility for AP

Responsibility Name: MM NEW AP

Application: Payables

Data Group: Standard

Application: Payables

Menu: AP_NAVIGATE_GUI2

Request Group: All Reports for Payables Module

Application: Payables

Then SAVE

Under System Administrator Responsibility

Navigate to PROFILE->SYSTEM

Set the profile option at Responsibility Level.

Select the responsibility: MM NEW AP

Now if we want to restrict the user to access only one Operating Unit then the profile would be

Profile: MO: OPERATING UNIT

Now under the Responsibility add MM CARDS (Operating Unit)

Then SAVE

Now if we want to access the data of multiple Operating Units then the profile would be

Profile: MO: SECURITY PROFILE

Under the responsibility assign MM LOCAL profile that was created earlier, by doing so we are giving access to two operating units to the user.

Then SAVE

If we are assigning more than one operating Unit then every time it would be asking which operating unit do you wish to continue with so we need to set the default operating unit.

Now to set the default operating unit set the profile MO: DEFAULT OPERATING UNIT

Under the responsibility assign MM CARS.

Similarly we perform the same approach for MM NEW PO responsibility

Set the profile: MO SECURITY PROFILE

Under the responsibility add MM GLOBAL, by doing so we are giving access to 4 operating units that were assigned to MM GLOBAL profile.

Then SAVE

Now set the default Profile

Profile: MO: DEFAULT OPERATING UNIT

Under Responsibility: MM CARS

Now next we need to assign the newly created responsibility to the our user MM USER

Navigate to SECURITY->USERS->DEFINE

Search for the user MM USER

Add the responsibility’s and then SAVE.

How MOAC impacts the way we work in TOAD

11i
To set the Org id in TOAD
1. Get the Org_id from HR_ORGANIZATION_UNITS

2. In toad execute the below code
        begin
        fnd_client_info.set_org_context(&org_id);
        end;

To set the responsibility context in TOAD
1. Get the User id, Responsibility Id and Application id from Front end
    Help>Diagnostic>Examine and select BLOCK as “$PROFILES$” and then get the respective IDS

2. Using the IDs execute the below code in TOAD

      begin
      FND_GLOBAL.APPS_INITIALIZE (user_id in number,resp_id in number,resp_appl_id in
      number);
      end;

R12:
To set the Org id in TOAD
1. Get the Org_id from HR_ORGANIZATION_UNITS

2. In toad execute the below code
    –Sets the 201 as single Org id
    exec MO_GLOBAL.SET_POLICY_CONTEXT (‘S’, 201);
    Pass a value “S” in case you want your current session to work against Single ORG_ID
    Pass a value of “M” in case you want your current session to work against multiple ORG_ID’s

To set the responsibility context and initiate MOAC in TOAD
1. Get the User id, Responsibility Id and Application id from Front end
     Help>Diagnostic>Examine and select BLOCK as “$PROFILES$” and then get the respective IDS

2. Using the IDs execute the below code in TOAD

       a. exec  FND_GLOBAL.INITIALIZE
          This will set your responsibility id, user_id etc

       b. call MO_GLOBAL.INIT(‘AR’)
           This will read the MO profile option values for your responsibility/user, and will initialize the
           Multi Org Access.

        
MOAC for table access
In 11i _ALL Tables where non Org specific and Org specific views were created on these tables.

But in R12 its different concept
  a. For the table AP_INVOICES_ALL a synonym  AP_INVOICES_ALL is created in APPS.

  b. Also another synonym AP_INVOICES is created which refers to AP_INOICES_ALL.

  c. A Row Level security is applied to AP_INVOICES, using package function 
      MO_GLOBAL.ORG_SECURITY.
     This can be double-checked by running SQL select * from all_policies where
      object_name=’AP_INVOICES’

d. The effect of this policy is that,whenever you access AP_INVOICES, Oracle RLS will
    dynamically append WHERE CLAUSE similar to below

    SELECT * FROM AP_INVOICES
    WHERE EXISTS (SELECT 1 FROM mo_glob_org_access_tmp oa WHERE oa.organization_id =
     org_id)

Note: All the above examples that are been used only to understand the concept well and keeping in mind that these are already been defined in the application earlier.

Advertisements
Comments
2 Responses to “MOAC (Multi Org Access Control)”
  1. JP says:

    Excellent ….
    I understood MOAC much better

    Thanks you

  2. Prem Bandi says:

    Content given on MOAC is awesom.
    Thank you for your knowledge sharing to under the concept in clear manner.

    Thanks,
    Prem

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: