|
方法:
参照以下配置可以做到看到所有人的请求、输出、日志
(效果是在任何职责下,均可以查询任意用户的请求、输出、日志。均需要在sysadmin用户下操作,注意,不是system administrator职责)
配置逻辑是设置一个权限,然后分配给用户。
1. As the SYSADMIN user with “User Management”, go to Roles and Role Inheritance tab.
Create a Role and then create a Grant for the Role.
Enter Name and Description for the new Grant. Application name "Application Object Library".
For the Data Security Object enter “Concurrent Requests”.
Click Next and provide the Data Content Type of “all rows”.
Click Next
The permission Set is “Request Operations”.
(Note: There are no parameters for the grant).
2. Assign this role to users as needed. The users with this role will be able to see the log and output files for the same as responsibility.
Query the User Name you want to add the new role to.
Click on the Update icon.
Click Assign Roles button and find the new role.
Save and Apply to activate the new role.
之后切换回自己的用户,就发现可以看到别人的请求和输出了。
Note: If you go through CONCURRENT -- REQUESTS the output button will still be disabled, this is an issue that is haven't been solved yet.
----
1. As the SYSAMIN user with “Functional Developer”, update object "Concurrent Requests".
Search for FND_CONCURRENT_REQUESTS.
Click on "Concurrent Requests".
Click on "Object Instance Sets" tab.
Click on Create Instance Set button.
Enter Name, Code and Description for new instance set.
- Enter the following for predicate:
&TABLE_ALIAS.request_id in (select cr.request_id from fnd_concurrent_requests cr where
cr.responsibility_id = fnd_global.resp_id and cr.responsibility_application_id =
fnd_global.resp_appl_id)
2. As the SYSAMIN user with “User Management”, go to Role Categories tab
Update -- Add another row
Enter name for a new category and apply
Under Tab Roles & Role Inheritance
3. As the SYSAMIN user with “User Management”, go to Roles and Role Inheritance tab.
3.1 Create a Role and then create a Grant for the Role. (For each responsibility that you want to modify)
Enter Name and Description for the new Grant.
Enter Category created on step 2.
Search for Application name "Application Object Library".
Save
3.2 Create Grant (2 new Grants)
3.2.1 Enter Name and Description for the new Grant. (Responsibility)
For the Data Security Object enter “Concurrent Requests”.
Click Next and provide the Data Content Type of “Instance Set”.
Click Next and for Instance Set choose instance set created in step #1.
Click Next For Instance Set Details add the following parameters
- parameter 1: Name_for_the_responsibility (i.e System Administrator)
- parameter 2: FND
For Set (Select the permission set or menu navigation set that defines the grantee's access.) use "Request Operations".
Finish
3.2.2 Enter Name and Description for the new Grant. (Request_Group)
For the Data Security Object enter “Concurrent Programs”.
Click Next and provide the Data Content Type of “Instance Set”.
Click Next and for Instance Set choose instance set "Programs that can be accessed".
Click Next For Instance Set Details add the following parameters
- parameter 1: Name_from_the_responsibility_Request_Group (i.e System Administrator Reports)
- parameter 2: FND
For Set (Select the permission set or menu navigation set that defines the grantee's access.) use "Request Operations".
Finish
4. Assign this role to users as needed. The users with this role will be able to see the log and
output files for other user in the same responsibility.
Sing as sysadmin --> User Management Responsibility --> SubMenu User
Query the User Name you want to add the new role to.
Click on the Update icon.
Click Assign Roles button and find the new role.
Save and Apply to activate the new role.
5. Run concurrent program :
5.1 "Workflow Directory Services User/Role Validation" Parameters : 10000, Yes, Yes, Yes
NOTE: the request must be executed by using the following Navigation Menu:
6. Log Into the Application
VIEW--REQUESTS
Note: If you go through CONCURRENT -- REQUESTS the output button will still be disabled, this is an issue that is haven't been solved yet.
This is an expected behavior , because the Standard form to view requests will be provide a different behavior depending on what mode is begin run(administrator mode or normal mode).
As we can see:
Responsibility/Navigation: System Administrator - Requests - View ,
it's calling the function FND_FNDCPQCR_SYS (View All Concurrent Requests (Administrator Mode)) With the parameter MODE="SYS".
In the other one is calling the function with Normal mode. That's the reason of the difference.
You can see explanation about Administrator Mode.
Using Administrator Mode : Using the Responsibility Navigation menu -> Requests ->View to open the Find Requests form,
opens the form in administrator mode and does not use RBAC. Although you may be able to query another user's requests,
the view output button will be disabled even if a valid grant exists.
The view requests form needs to be opened in RBAC mode using the 'View -> Requests' navigation.
With a valid grant in place, the view output button should be enabled.