E1: SOLEXP: The Use of Roles with EnterpriseOne
(Doc ID 626599.1)
Last updated on AUGUST 21, 2020
JD Edwards EnterpriseOne Tools - Version SP24 and later Information in this document applies to any platform.
This document details the use of Roles within the EnterpriseOne software.
Warning: Do not assign more than 30 roles to a user. There is a hard limit of 30 roles per user due to memory limitation. System will become unstable if more than 30 roles are active at the same time for a user.
Roles were introduced with the software release Xe. However, the functionality of roles was limited to task filtering with Solution Explorer. Beginning with EnterpriseOne 8.9, this functionality has been greatly expanded to provide role functionality throughout the software.
In the previous software releases of Xe and ERP 8.0, users could be assigned to a group. This group profile was used when defining Security, Object Configuration Manager (OCM) mappings and other functions within the software. Starting with EnterpriseOne 8.9, groups are obsolete and have been replaced with roles. These roles are used throughout the system in Solution Explorer, Security Workbench, User Security, Object Configuration Manager (OCM) and Object Management Workbench (OMW). With this release, users can be assigned one or many different roles depending on their job functions. When they sign onto the software, they can select to play a specific role or all roles that belong to *ALL for that user. When assigning roles to a user, the system administrator selects whether or not the role should be included in the users *ALL role. Sensitive roles such as a Payroll Administrator can be excluded from *ALL role if desired.
When signing on as *ALL for menu filtering, the system performs a menu merge or union displaying all allowed tasks from all the user's roles.
This behaved differently for Tools Releases 8.94 - 8.96. Refer to Document 639411.1 - E1: SOLEXP: Logging in with *ALL does not Merge Roles for Task Views 8.94 through 8.96 for more information on the functionality at these tools release levels
Note: There is a new setting in the Roles application (P95921) for EnterpriseOne 9.0 and later releases that allows the system administrator to indicate whether they want the role chooser enabled for menu filtering or not. Previously the role chooser setting in P95921 controlled BOTH the log-in role choosing and menu filtering role choosing. This enhancement is not planned to be rolled back to 8.12 or any other prior releases.
For security purposes, when signing on using *ALL as the role, security defined for each of the roles in Security Workbench application (P00950) assigned to the user and included in *ALL are combined unless a conflict is encountered. In the case of a security conflict, the security associated with the role with the highest sequence number will be applied. When the user changes between roles using the Role Chooser after signing on, this does not change the security that is applied. Security is applied based on the role selected at sign-on. Note that this security conflict does not applies to Menu Filtering. When signing on as *ALL for menu filtering, the system performs a menu merge or union displaying all allowed tasks from all the user's roles. For more detail, refer to Document 1218133.1 - Question 2: How is Menu Filtering applied when the User signs-on as the *ALL role?
The changing of roles after sign on only impacts the menu filtering and display of menu information. It does not impact security that was defined in P00950.
Roles contain Effective and Expiration dates, so a user can be assigned a given role for a period of time. If a user is to start working in a company next week, his entire profile can be set up today adding security records to his roles but not activating those roles until the new employee's start date. Another example would be setting this up for a consultant. Simply enter in the beginning and ending dates, and the consultant's role will be ready when they arrive. Roles are given a sequence number that determines their place in a hierarchy. This hierarchy comes into play when a user belongs to two or mores roles each of which contain different security records for the same secured object or have different Object Management Workbench transfer activity rules.
DISCLAIMER: In the images, examples, video and/or the attached document, user details/company name/address/email/ telephone number all represent a fictitious sample from the Oracle Demo Vision Database. Any similarity to actual companies or actual persons, living or dead, is purely coincidental and is in no way intentional on the part of Oracle.
This document is intended for the System Administrator who will be defining, maintaining and troubleshooting the use of roles within the EnterpriseOne software.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!