Oracle User Management

February 23rd, 2006

Oracle Applications version 11.5.10 introduced an new piece of the Oracle Application Object Library named Oracle User Management. User Management totally changes the user management paradigm. Although I am relatively new to Oracle Applications, I had to quickly understand how users and permissions worked to grant access in the system. With User Management all of that changes… sort of.

The old model consisted of users and responsibilities. A user would be given several different responsibilities (ie Payables User, Inventory Inquiry), and each responsibility would give access to a given application or subset of functions within an application. The user would change responsibility to access different functions of the system.

The new User Management module (short name: UMX) introduces roles. Roles and responsibilities don’t seem to be too different at the surface, but demonstrate many differences when you dive into the details.

One major update is role inheritance. This should simplify user management because of the cascading privileges. For example let’s say a company has three inventory roles: Inventory Inquiry, Inventory User and Inventory Manager. The Oracle group decides to add a new inventory report which should be accessed by all users with any of the three inventory roles. Add permissions for that report to the Inventory Inquiry role and it will be inherited automatically by the Inventory User and Inventory Manager roles. Role inheritance is quite easy to set up.

Allegedly, Oracle User Management also includes the functionality to allow for delegated administration. I haven’t been able to set this up and get it working yet, but it seems like a nice concept. Delegated administration allows a given role to manage other roles. In our example above, the Inventory Manager would be able to bump up an existing user from Inventory Inquiry to the Inventory User role. Because our Oracle group spends several hours per week on this type of issue, getting this functioning properly would free us up to improve other areas of the system.
Similarly, Oracle User Management allows for some self-service by users. They can request additional access to the system, which travels through the workflow approval. Others can request access to the system initially by completing a web form that is accessible at the initial login screen. All of these requests can be monitored and approved or denied through the workflow engine.

Personally, I don’t think User Management is quite ready for primetime. I’ve encountered several bugs and issues during setup, several of which weren’t addressed or fixed to my satisfaction. Many of those problems seem to be because Oracle User Management is new and because it is a significant change from the previous model. We will try it again in 11.5.10.2 and hope Oracle has spent significant time improving the User Management module. Please let me know if you have any more luck than I have had so far.

Entry Filed under: Oracle

Share This

Leave a Comment

Required

Required, hidden

Subscribe to the comments via RSS Feed

Recent Articles