This document will continue to evolve as existing sections change and new information is added. All updates are logged below, with the most recent updates at the top.
27 JUL 2017
Added feature that was backported to Release 12.
26 MAY 2017
Added feature that was backported to Release 12.
26 MAY 2017
Added feature that was backported to Release 12.
23 FEB 2017
Added feature that was backported to Release 12.
05 DEC 2016
Initial Document Creation
Oracle Fusion Applications Security provides a single console where IT Security Managers and Administrators can perform various functions including user lifecycle management, role definition, security policy management (both functional and data), role hierarchy maintenance, username and password policy administration, and certificate management. The console also enables users to simulate the effect of security changes, to run security reports, and download a connector for integration with Microsoft Active Directory.
In Release 12, Oracle Fusion Applications Security offers several new capabilities that offer customers the following benefits:
- A Simplified User Experience for the IT Security Manager - Prior to Release 12, security administration functions were distributed across Oracle Identity Management (OIM) and Authorization Policy Manager (APM). In Release 12, these functions are delivered through a single interface – the Security Console. OIM and APM are no longer available in R12.
- Easy Integration with Identity and Access Management (IDM/IAM) Systems - New capabilities to synchronize user account information with Identity and Access Management (IDM/IAM) systems. This synchronization enables the delivery of a Single Sign-On experience through these systems.
- An Upgrade-Safe Reference Role Model - Starting in Release 12, pre-defined roles that are shipped with Oracle Applications Security will be locked down. Customers will not be able to modify the functional and data security policies that are associated with these roles. They can, however, add new data security policies to these pre-defined roles. In addition, privileges and resources are protected. Users cannot create or modify these artifacts
- Enhanced Set of Self-Service Capabilities - Administrators are able to manage the entire user lifecycle. They can customize how notifications are generated and sent for various user lifecycle events including user account creation, and password management.
For Microsoft Active Directory (AD) and Oracle Identity Management (OIM), customers can download and install connectors that will automatically synchronize user account information between Oracle Fusion Applications and these IDM systems. As in Release 11, customers must continue to log a Service Request (SR) to set up federated Single Sign-On (SSO) between these systems. Once federation is enabled, the connectors will synchronize the information.
Release 12 also delivers a REST API based on the SCIM (System for Cross-Domain Identity Management) standard. Customers can use this API to create user accounts, modify user attributes (e.g. email), enable/disable users, and fetch user account and role information.
Locking down these security artifacts enables safe upgrades to pre-defined roles, since the possibility of conflict with customer introduced changes to these roles is now eliminated. This, in turn enables customers to safely adopt new enhancements that may be delivered with pre-defined roles in future releases. As in Release 11, customers can make copies of pre-defined roles and freely customize these copies.
Administrators can also tailor username and password generation by choosing from a list of shipped policies.
Create, manage, and assign user accounts using the Security Console. You can also search, retrieve, and manage user accounts automatically created for employees, contingent workers, supplier contacts, or partner contacts.
Manage passwords of other user accounts as an administrator. You can auto-generate or manually enter a password for a user account. You can also define password lifecycle and complexity policies. Passwords will be automatically validated against these policies.
View only certain components of a role in the graphic visualizer. You can view only the privileges, aggregate privileges or roles assigned to a role. You can also view the graphic visualizer in full screen mode and pan over a specific region in the graph.
For complex roles, these features enable you to reduce the amount of information visualized and to focus on the area within the role hierarchy that requires your attention.
Define user name generation rules that will be used to auto-generate the user name when a user is created. You can define user name generation rules to be based on the user’s first and last names, first initial plus last name, e-mail or person or party number. You can also choose to use a system generated user name if the rule fails to generate a user name.
Define policies for password management. These policies can define the duration for various password lifecycle events like password expiration and password warning generation. You can also set the complexity of generated passwords by choosing from a pre-defined list of rules.
Define custom notification templates for your user account life cycle events. You can also use pre-defined notification templates. These templates will be used to generate notifications for events like user account created, user password reset and user password expiry warning.
Identify a predefined (factory shipped) Oracle role when viewing the role. Predefined Oracle roles are locked and you cannot customize the Oracle delivered functional and data security policies associated with these roles. You can, however, add data security policies to these roles.
Simplify Single Sign-On with Microsoft Active Directory by downloading and installing the Active Directory Bridge from the Security Console. Automatically synchronize user account information between Oracle Fusion Applications Security and Microsoft Active Directory.
Enhanced password reset flow. Now a notification email will be sent to the user who requests a password reset. The user will be required to click on this link within a specific period of time to change the password. This replaces the previous flow where users were required to answer a series of challenge questions to reset the password.
Streamline use of some of the functionality that you have used in the past with the Security Console. The Security Console now includes the following functionality:
- User Account information such as password, lock and unlock are managed in the security console.
- Roles are now managed directly in the Security Console and are no longer managed within Oracle Identity Manager or Authorization Policy Manager.
- Privileges are predefined by Oracle and are no longer created or managed by the user.
- You can now view, create or change roles without first selecting an application.
Resources are now granted through privilege and are no longer granted directly to Roles.
Oracle Fusion Project Foundation includes common components that are shared across products within Oracle Fusion Project Portfolio Management. It includes the basic project plan structure and components such as resource breakdown structures, rate schedules, pricing, burdening, and cross-charge processing.
A new data security model was introduced in Release 11 that only applied to new Oracle ERP Cloud customers. In Release 12 all users will now be assigned to the appropriate data sets using the new Manage Data Access for Users page, without the need for assigning data roles generated from data role templates. Since data roles are no longer used, they will no longer be automatically generated upon the creation of a new data security element, such as a new business unit or a new ledger.
This new feature is available to all products in Oracle ERP Cloud, including Financials, Procurement, Project Portfolio Management, Supply Chain Management, and Incentive Compensation.
While customers who started using Oracle ERP Cloud in Release 11 have been introduced to this new model, customers who were using Oracle ERP Cloud prior to Release 11 have continued to use the data role based data security in Release 11. In Release 12, the usage of generated data roles for data security will be discontinued and customers who are using the data role based model will be upgraded to use the new user-role-data assignment model.
Support the integration of Microsoft Project versions 2010, 2013, and 2016 for desktop with Project Financial Management applications. The integration supports some of the new features such as manual tasks, inactive tasks, and calculation of assignment allocation.
Leverage the latest user interface design innovation to enhance the overall user experience.
Manage and report on projects more effectively by capturing additional information in project and task descriptive flexfields. You can add up to 50 character, 15 numeric, and 15 date attributes each on projects and tasks.
Utilize a web service to assign and manage project classifications.
Oracle Fusion Project Billing accelerates invoice processing while reducing billing errors through a functionally rich work area offering visibility into formatted invoices with estimated taxes. Embedded analytics for contract revenue, invoice, profitability and margin give insight into potential contract and payment problems.
Specify currency conversion rate overrides on a bill plan to convert invoice and revenue amounts in bill transaction currency to contract or invoice and revenue currency.
Analyze and track billing events using real-time analytics.
Analyze and track project contract invoices integrated with an external receivables application using real-time analytics.
Use web services to simplify integration with external applications. Automate the creation of billing rate overrides on your contract bill plans from your existing applications.
Improve the integration with external receivables applications, including:
- Adding descriptive flexfields to the invoice export for import into the external receivables application.
- Identifying whether the external receivables application accepted or rejected the invoice.
- Storing and displaying the external receivables application invoice number.
- Completing the invoice processing for invoices accepted by the external receivables application, including: deriving accounting dates and periods, converting amounts into ledger and project currency, setting invoice distributions to ready for as billed revenue recognition, and calling contract invoice summarization.
Oracle Fusion Project Control provides full-function project planning, progress management, budgeting and forecasting, as well as delivered integration to Microsoft Project.
Edit the resource assignment dates in the financial project plan without spreading the periodic amounts again. The project manager can add periods to a resource assignment and subsequently plan for new periods. The project manager can also modify a resource assignment to finish early, and select a period from which to spread the unallocated amounts.
Report on project progress captured in Project Financial Management using real-time analytics. Analyze project progress and view specific progress details such as actual cost, estimated effort to complete, cost percent spent, physical percent complete, and estimated cost at completion. Measure project performance using earned value metrics, including cost variance, cost performance index, and schedule performance index. Analyze performance trends as progress is captured over time and use that information to estimate and control project outcomes.
Report on budgets, actual costs, and commitments by various planning resource elements, such as expenditure category, expenditure type, and person using real-time analytics.
Load progress information from external applications using a web service. Update the draft progress values for the physical percent complete, the estimated start and finish dates, and the actual start and finish dates.
Oracle Fusion Project Costing captures commitments and costs from across the Fusion applications and supports third-party integrations. The unique cost collection and processing needs of different sources are streamlined to provide timely insight into validated project costs.
Ensures that time entries, expense reports, supplier invoices, and receipts from integrating applications are for valid projects and tasks by revalidating transactions during cost import.
Use web services to simplify integration with external applications. Automate the creation of asset usage, burden, time card, expense report, supplier invoice, miscellaneous, work in progress, inventory and commitment transactions from your existing applications.
Ensure costs are reserved against the project control budgets by enabling the project for budgetary control. Additionally, for a project enabled for budgetary control, the budget date must be within the start and end date of the calendar defined for the project control budget.
Oracle Fusion Project Management extends project planning, management, and scheduling capabilities to all individuals within the enterprise who are required to manage project-based work. Project managers can engage with team members to develop tasks, resolve issues, report progress, and monitor the status of the project to ensure that objectives are realized.
Use the Project Management - Project Issues Real Time subject area to analyze and report on issues and action items. For example, report on outstanding issues by project, or analyze completion times by type of issue. View real time issue and action item information by dimension such as issue type, issue status, project, issue owner, and dates.
Integrate Microsoft Project versions 2010, 2013, and 2016 for desktop with Oracle Fusion Project Management. The integration supports new features of Microsoft Project such as manual tasks, inactive tasks, and calculation of assignment allocation.
With Oracle Fusion Project Resource Management organizations can optimize the allocation and utilization of their most precious resource: their people. Innovative and intuitive tools let resource managers and project managers ensure that the best-fit resource is identified and placed on each and every project assignment, to the benefit of the organization, the project resource, and the end customer, whether it be for internal or external billable projects.
Notify approvers about assignment adjustments to improve communication between project managers and staffing owners and ensure that assignments are updated with the most accurate schedules. Specify the workflow notification recipients when a resource assignment schedule changes or an assignment is canceled. Project application administrators configure the workflow by specifying which roles receive a notification to approve a resource assignment adjustment and which roles receive an information-only notification about the adjustment. For example, if a resource manager adjusts an assignment, the affected project manager receives a notification to approve the adjustment. If a project manager adjusts an assignment, the affected staffing owner receives a notification to approve the adjustment. You can add workflow participants to approve the adjustment, such as the resource's line manager, or to receive information-only notifications about the adjustment, such as the resource pool owner.
Efficiently establish your resource pool hierarchy and create pool memberships during implementation with the ability to import pools and memberships. After import, you can view and maintain resource pools and memberships on the Manage Resource Pools page.
View detailed resource information outside the context of a project resource request. Search for resources by resource pool, organization, job title, and other resource attributes. View resource details such as rates, e-mail, and manager, and assignment details such as project experience and schedule for the next quarter. View all resource qualifications related to competencies, languages, memberships, degrees, honors and awards, and licenses and certifications. Access detailed resource reporting including resource capacity planning. After viewing detailed resource information, create a resource assignment without the need for a project resource request. Resource managers gain insight into resource available capacity to make more informed staffing decisions.
Define and capture additional information on project resource requests to reduce the turnaround time when requesting resources from centralized resource pools. During implementation, the project application administrator can define both global and contextual descriptive flexfields to capture additional project resource request details. For example, you can capture a classification or a specific business justification for a resource request.
Copyright © 2016, 2017, Oracle and/or its affiliates. All rights reserved.
This document is provided for information purposes only, and the contents hereof are subject to change without notice.This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced ortransmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.