Security
Reports Wand leverages the security built in to the Oracle e-Business suite as follows:
- The user is required to sign on with their applications user name and password.
- The user must select one or more responsibilities assigned to their user name.
- Reports Wand definitions are linked to a Request Group which is in turn assigned to a responsibility. A user can therefore only access and execute those report definitions which have been assigned to them.
- In Oracle 11i, certain views are secured using the ORG_ID field. This security mechanism restricts access to data based on the ORG_ID via a field set on the database session. This field is set when the applications session is initialized.
- In Oracle R12 the new row level security mechanism is used and is initialized using the mo_global.INIT stored procedure. Reports Wand calls this procedure which means that you can use this row level security mechanism in the e-Business Suite database to enforce security.
- GL security is enforced using security rules defined on the accounting flexfield. Oracle provides an API in the gl_security_pkg which allows you to validate a requested account combination against the security rules. In order to use this API the initialize routine must be called. Reports Wand interrogates the SQL statement for the report and will call the initialize routine if it determines that the GL security API is being called by this query. The call to the API to validate whether the user has access to an account combination is as follows:
WHERE gl_security_pkg.validate_access(set_of_books_id,c.code_combination_id) = ‘TRUE’
Please note this “Where clause” will add a performance overhead to the query.