Multi Organization Access Control(MOAC) is maintained using Virtual Private Database (VPD). VPD applies security policies to the tables, views and synonyms. VPD replaced views for operating unit access in R12. In R12, org-specific views are replaced with synonyms
Setting operating unit context in R11i
exec fnd_client_info.set_org_context(&org_id);
Setting Operating Unit context in R12:
- Single Organization/Operating Unit
exec mo_global.set_policy_context(‘S’,<Operating Unit Id>) like exec mo_global.set_policy_context(‘S’,1680)
- Multiple Operating Units
exec fnd_global.apps_initialize(<UserId>, <Resp Id>, <Resp Appl Id>) like fnd_global.apps_initialize(7902,53604,201)
exec mo_global.init(‘&product_short_name’) like mo_global.init(‘PO’)
exec mo_global.set_policy_context(‘M’,NULL)
Run the query as below
like SELECT * FROM PO_HEADERS
SELECT * FROM OE_ORDER_HEADERS
It returns data from the multiple operating units since responsibility id referenced in the fnd_global.apps_initiate has access to multiple operating units.
Internally mo_glob_org_access_tmp table is populated after initializing the policy context.
mo_global.get_current_org_id functional returns current operating unit context.
select MO_GLOBAL.GET_CURRENT_ORG_ID from dual
Applying VPD to MOAC:
- Define Organizations and Operating Units
- Define Global Security Profile (HR Responsibility->Security->Profile)
- Run the Security List Maintenance Program
- Assign Profiles
- Assign MO: Security Profile
- Assign MO: Default Operating Unit (Optional)
- Assign MO: Operating Unit(Mandatory for only Single Org or if MO: Security Profile is not defined)
MO: Operating Unit is Original operating unit profile. Still it works for single OU responsibility when org security profile is not set.
- MO: Security Profile: Controls operating units that one can access by responsibility
Reference Oracle Support Notes:
Oracle Applications Multiple Organizations Access Control for Custom Code