EBS R12多组织访问控制

整理自：https://blogs.oracle.com/ptian/entry/oracle_r12_%E5%A4%9A%E7%BB%84%E7%BB%87%E8%AE%BF%E9%97%AE%E7%9A%84%E6%8E%A7%E5%88%B6_moac_multi

什么是MOAC

MOAC(Multi-Org Access Control)为多组织访问控制，是Oracle EBS R12的重要新功能，它可以实现在一个Responsibility下对多个Operation Unit(OU)进行操作。MOAC允许用户在不切换responsibility的情况下，在一个responsibility下处理多个OU组织的事 务。

User --> Responsibilities --> Single Operation Unit Mode  /  Multiple Operation Unit Mode

一个应用场景:

某集团公司下边主要分为三个区域（北美，欧洲，亚太），亚太区你是一采购部经理，负责所有七个Operation Unit。
这 种情况下，系统管理员可以创建一个security profile，这个security profile设置成可以访问这七个亚太组织，并把这个security profile赋予到你的responsibility下，这样你就能在同一个职责下访问这七个OU了，就不用不停地切换职责来访问不同OU了。

另外如果你要经常处理中国OU下的事务，那么你可以设置Profile:MO: Default Operating Unit到中国，那么业务默认的OU就是中国了。

MOAC相关的Profile

有三个主要的Profile

MO: Security Profile :provides access to multiple operating units from a single responsibility.If the MO: Security Profile is set, then the MO: Operating Unit profile will be ignored.

MO: Default Operating Unit :If you set the MO: Security Profile profile option, you can also set an operating unit as the default operating unit using the MO: Default Operating Unit profile option. This is useful when you transact in multiple operating unit but frequently transact in one operating unit.

MO:  Operating Unit :MO: Operating Unit profile option only provides access to one operating unit.

MOAC profiles rules

 1) If the profile  option “MO: Security Profile” is not set, then “MO:  Operating Unit”  value is used  as the default Operating Unit even if “MO:  Default Operating Unit” profile is set to a different value.

 2) If the profile option “MO: Security Profile” is set and gives access to only one Operating Unit, the default Operating Unit will return this  value even if “MO: Default Operating Unit” is set to a different  value.

 3) If the profile option “MO: Security  Profile” is set and gives access to  multiple Operating Units :
      -  If the profile value “MO: Default Operating Unit”  is set,  it  is validated  against the list of Operating Units in “MO: Security Profile”.
         + If  the Operating Unit is included in the security profile then it is  returned as the default value.
          + Else there is no defaulted Operating Unit . 
     -  If the Profile Option “MO: Default Operating Unit”  is not  set,  then there is zero (no)  default Operating Unit.

单组织的案例

单组织即一个Responsibility只访问一个OU，设置情况大体如下，对于职责：Manufacturing and Distribution Manager，

MO: Operating Unit=Vision Operations

MO: Security Profile=空

多组织的案例

首 先定义一个Security Profile，路径：HRMS Super User Responsibility > Security > Define Security Profile，Business Group:Vision Corporation,'Security Type'选择'Secure organizations by organization hierarchy and/or organization list'，并且我们把在Organization Name列表中添加三个OU:Vision Operations，Vision Corporation ，Vision Services.

保 存定义的Security Profile,然后在HR职责下，运行“Security List Maintenance” program，“Generate lists for”= One Named Security Profile ，Security Profile是刚刚定义的'PTIAN_SECURITY_PROFILE'。

Security List Maintenance的作用是让你定义的Security Profile生效，能够设置到Profile "MO: Security Profile"（The Security List Maintenance concurrent program must be run each time you add or change Security Profiles.）