Wednesday Jun 12, 2013

How to customize the user experience in Fusion Apps - Part 1 Composer Security Expressions

Access to resources such as taskflows, regions, buttons, and menus in Fusion Applications is granted by entitlements stored in a policy store and managed through the Authorization Policy Manager (APM).  Users are assigned roles comprised of  a set of entitlements (Oracle makes this quite easy  by providing you with job based seeded roles) authorizing them to  access  only the data and functions neccessary to perform their jobs and no more. On a more granular level it is also possible to control the rendering of certain UI objects by controlling their display attribute at runtime using Page Composer.

An example illustrating a conditional rendering of a Button is outlined below. The condition used in this example is the Role of the authenticated user.

2 Users and 2 Roles

In this example we have two HR Specialists, we want to prevent one of these users from saving Person records.

Figure1 Roles of Louise Beckham

Figure2. Roles of Megan Davis

Customizing the Object

Using Page Composer, the Administartor creates a security condition in Expression Builder. This condition states that the "Save" field on the "Person Management" page will be displayed if and only if the session authenticated user has the PER_HUMAN_RESOURCE_SPECIALIST_VIEW_ALL_DATA role. This happnes to be a role that our user Megan Davis has but that has not been granted to user Louise Beckham.

The statement, written in Expression Language (EL), used in this example is


NB: It is possible to have a include multiple roles as follows: #{securityContext.userInRole['Role 1'||'Role2']}, it is also possible to exclude a role by include a '!' at the beginning of the expression as follows: #{!securityContext.userInRole['Role 1']}

Figure3. Selecting the ADF Object that we want to customize

Figure4. Creating a dynamically calculated attribute value using Expression Builder

Different Display for Different Users

Below is how each of our two users sees the same UI that has now been conditionally customized. We can see the "Save" button displayed on Morgan's UI but not on Louise's.

Figure 5 - .Louise's UI without the Save Button

Figure 6.Megan's UI with the Save Button

Tuesday Nov 13, 2012

How you can extend Tasklists in Fusion Applications

In this post we describe the process of modifying and extending a Tasklist available in the Regional Area of a Fusion Applications UI Shell. This is particularly useful to Customers who would like to expose Setup Tasks (generally available in the Fusion Setup Manager application) in the various functional pillars workareas. Oracle Composer, the tool used to implement such extensions allows changes to be made at runtime. The example provided in this document is for an Oracle Fusion Financials page.

Let us examine the case of a customer role who requires access to both, a workarea and its associated functional tasks, and to an FSM (setup) task.  Both of these tasks represent ADF Taskflows but each is accessible from a different page.  We will show how an FSM task is added to a Functional tasklist and made accessible to a user from within a single workarea, eliminating the need to navigate between the FSM application and the Functional workarea where transactions are conducted. In general, tasks in Fusion Applications are grouped in two ways:

Setup tasks are grouped in tasklists available to implementers in the Functional Setup Manager (FSM). These Tasks are accessed by implementation users and in general do not represent daily operational tasks that fit into a functional business process and were consequently included in the FSM application. For these tasks, the primary organizing principle is precedence between tasks. If task "Manage Suppliers" has prerequisites, those tasks must precede it in a tasklist. Task Lists are organized to efficiently implement an offering.

Tasks frequently performed as part of business process flows are made available as links in the tasklist of their corresponding menu workarea. The primary organizing principle in the menu and task pane entries is to group tasks that are generally accessed together.

Customizing a tasklist thus becomes required for business scenarios where a task packaged under FSM as a setup task, is for a particular customer a regular maintenance task that is accessed for record updates or creation as part of normal operational activities and where the frequency of this access merits the inclusion of that task in the related operational tasklist

A user with the role of maintaining Journals in General Ledger is also responsible for maintaining Chart of Accounts Mappings.  In the Fusion Financials Product Family, Manage Journals is a task available from within the Journals Menu whereas Chart of Accounts Mapping is available via FSM under the Define Chart of Accounts tasklist


Figure 1. The Manage Chart of Accounts Mapping Task in FSM


Figure 2. The Manage Journals Task in the Task Pane of the Journals Workarea

Our goal is to simplify cross task navigation and allow the user to access both tasks from a single tasklist on a single page without having to navigate to FSM for the Mapping task and to the Journals workarea for the Manage task. To accomplish that, we use Oracle Composer to customize  the Journals tasklist by adding to it the Mapping task.

Identify the Taskflow name and path of the FSM Task

The first step in our process is to identify the underlying taskflow for the Manage Chart of Accounts Mappings task. We select to Setup and Maintenance from the Navigator to launch the FSM Application, and we query the task from Manage Tasklists and Tasks

dif2.jpgFigure 3. Task Details including Taskflow path

The Manage Chart of Accounts Mapping Task Taskflow is:



We copy that value and use it later as a parameter to our new task in the customized Journals Tasklist.

Customize the Journals Page

A user with Administration privileges can start the run time customization directly from the Administration Menu of the Global Area.  This customization is done at the Site level and once implemented becomes available to all users with access to the Journals Workarea.

dif2.jpgFigure 4.  Customization Menu

The Oracle Composer Window is displayed in the same browser and the Hierarchy of the page component is displayed and available for modification.


Figure 5.  Oracle Composer

In the composer Window select the PanelFormLayout node and click on the Edit Button.  Note that the selected component is simultaneously highlighted in the lower pane in the browser.
In the Properties popup window, select the Tasks List and Task Properties Tab, where the user finds the hierarchy of the Tasklist and is able to Edit nodes or create new ones.

src="" dif2.jpg

Figure 6.  The Tasklist in edit mode

Add a Child Task to the Tasklist

In the Edit Window the user will now create a child node at the desired level in the hierarchy by selecting the immediate parent node and clicking on the insert node button. 
This process requires four values to be set as described in Table 1 below.



How to Determine the Value

Focus View Id


This is the Focus View ID of the UI Shell where the Tasklist we want to customize is.  A simple way to determine this value is to copy it from any of the Standard tasks on the Tasklist


COA Mapping

This is the Display name of the Task as it will appear in the Tasklist

Task Type


If the value is dynamicMain, the page contains a new link in the Regional Area. When you click the link, a new tab with the loaded task opens





This is the Taskflow path we retrieved from the Task Definition in FSM earlier in the process

Table 1.  Parameters and Values for the Task to be added to the customized Tasklist


Figure 7.   The parameters window of the newly added Task  

Access the FSM Task from the Journals Workarea

Once the FSM task is added and its parameters defined, the user saves the record, closes the Composer making the new task immediately available to users with access to the Journals workarea (Refer to Figure 8 below).


Figure 8.   The COA Mapping Task is now visible and can be invoked from the Journals Workarea  

Additional Considerations

If a Task Flow is part of a product that is deployed on the same app server as the Tasklist workarea then that task flow can be added to a customized tasklist in that workarea. Otherwise that task flow can be invoked from its parent product’s workarea tasklist by selecting that workarea from the Navigator menu.
For Example
The following Taskflows  belong respectively to the Subledger Accounting, and to the General Ledger Products. 
Since both the Subledger Accounting and General Ledger products are part of the LedgerApp J2EE Applicaton and are both deployed on the General Ledger Cluster Server (Figure 8 below), the user can add both of the above taskflows to the  tasklist in the  /JournalEntryPage FocusVIewID Workarea.
Note:  both FSM Taskflows and Functional Taskflows can be added to the Tasklists as described in this document


Figure 8.   The Topology of the Fusion Financials Product Family. Note that SubLedger Accounting and General Ledger are both deployed on the Ledger App


In this document we have shown how an administrative user can edit the Tasklist in the Regional Area of a Fusion Apps page using Oracle Composer. This is useful for cases where tasks packaged in different workareas are frequently accessed by the same user. By making these tasks available from the same page, we minimize the number of steps in the navigation the user has to do to perform their transactions and queries in Fusion Apps.  The example explained above showed that tasks classified as Setup tasks, meaning made accessible to implementation users from the FSM module can be added to the workarea of their respective Fusion application. This eliminates the need to navigate to FSM to access tasks that are both setup and regular maintenance tasks.


Oracle Fusion Applications Extensibility Guide 11g Release 1 ( Part Number E16691-02 (Section 3.2)
Oracle Fusion Applications Developer's Guide 11g Release 1 (11.1.4) Part Number E15524-05

Wednesday Jul 25, 2012

Tools that help you design Roles in Fusion Applications

Role Based Access Control (RBAC) is the basis for Fusion Applications security.  Fusion Applications include a reference implementation of RBAC consisting of  over 180 Job Roles across its product families. In turn, each of these Job Roles is composed of  a collection of role centered privileges known as Duties that grant access to Applications functionality.  Fusion Applications customers can start by evaluating these predefined Job Roles and mapping them to roles in use in their enterprise.

In cases where a direct one to one mapping is not possible, customers can create their own custom roles and either aggregate a set of Job Roles ( in cases where Job Roles are too restrictive in the Duties they provide) or add a select subset of Duties from a Job Role (in cases where a Job Role grants more access than is required in the enterprise).

The Functional  Architecture  team released two documents to assist customers in modeling their enterprise roles. The first document provides a comprehensive map of the content and relationships in the reference implementation, and the second is intended to help customers who are assessing the needed menu items for their roles, understand the underlying privileges that make these menu items available in the Fusion Applications Navigator  . Both documents are in a Excel format at the request of customers who have indicated their preference for a filterable spreadsheet format.

Excel spreadsheet format of "Roles, Duties & Privileges" available via MOS Note 1460486.1

View of Event

Menu to privilege mapping currently available as a spreadsheet via MOS Note 1459828.1

View of Event


This blog shares with the broader Fusion Applications community instructional material in the areas of Enterprise Structures, Extensibility, Integration and Security with the a focus on implementation. This blog is updated by the Fusion Applications Functional Architecture organization.


« July 2016