Revision History

This document will continue to evolve as existing sections change and new information is added. All updates are logged below, with the most recent updates at the top.

Date

What's Changed

Notes

30 JAN 2018

Archive and Purge Workflow Tasks

Updated document. Added new Feature.

30 JUN 2017

Large Icons

Updated document. Revised the image in the Large Icons feature.

17 JAN 2017

Created initial document.

Overview

This guide outlines the information you need to know about new or improved functionality in Oracle Security Release 12 and describes any tasks you might need to perform for the update. Each section includes a brief description of the feature, the steps you need to take to enable or begin using the feature, any tips or considerations that you should keep in mind, and the resources available to help you.

Security & New Features

We would like to remind you if your system has modified security structures you may need to advise your security administrator of new features you would like to take advantage of. To assist you Appendix A provides a listing of the new features and the security attributes needed to employ the new features when you have decided to implement them.

Give Us Feedback

We welcome your comments and suggestions to improve the content. Please send us your feedback at oracle_fusion_applications_help_ww_grp@oracle.com.

Release Feature Summary

Some of the new Release 12 features are automatically available to users after the upgrade and some require action from the user, the company administrator, or Oracle.

The table below offers a quick view of the actions required to enable each of the Release 11 features.

Action Required to Enable Feature

Feature

Automatically Available

End User Action Required

Administrator Action Required

Oracle Service Request Required

User Experience

Archive and Purge Workflow Tasks

Personalize Home Experience

Pagination Dots

Announcement Preview

Notification Actions

Extensibility

Large Icons

Applications Security

User Account Management

Administrator Password Management

User Password Management (Self-Service)

User Account Locking

Enhanced Role Visualization

Tabular Role Hierarchy View

Search in Role Hierarchy Visualization

User Name Generation Rules

Password Policies

Notification Templates

Upgrade-Safe Management of Factory Shipped Roles

Bridge for Microsoft Active Directory

User Password Changes Audit Report

Integrate Custom Identity Management Solution

Password Reset

Security Console

New Function Security Privileges for Applications Security

User Experience

Oracle’s focus on providing an exceptional user experience pervades Oracle Applications Cloud. Of the highest priority is creating a compelling, pleasing user interface that provides only what you need, when you need it.

Archive and Purge Workflow Tasks

Workflow tasks with a final status, such as Completed and Expired, are archived and purged based on a set schedule, without any action from you.

End User Personalization of the Navigator and Springboard

We have enabled the end user to personalize their home experience.

Personalize Home Experience

Personalizations impact only the user making the change while preserving these changes across sessions.

Steps to Enable

No additional steps are needed to enable the feature.

Key Resources

Pagination Dots

The home page experience has been enhanced by allowing users to embedding full page Business Intelligence dashboards into it. You can use these additional dashboard pages for a specific role, enhanced analytics insight.

Steps to Enable

To enable pagination dots, an admin, needs to go to the structure pane, and select the sales pages that they would like to see enabled, under SET SYSTEM OPTIONS. Up to five pagination dots (sales pages) can be enabled in a given environment.

Key Resources

Announcement Preview

Preview your announcements before posting them to the Announcements panel on the home page. This allows users to see how the announcements will show up in the announcement s panel.

Steps to Enable

No additional steps are needed to enable the feature.

Key Resources

Notification Actions

Enhance your bell notifications dialog box to include custom and system actions. User can approve, reject and take actions directly from the notifications.

Steps to Enable

No additional steps are needed to enable the feature.

Key Resources

Extensibility

Configuring the user experience is easier than ever, with Oracle's modern cloud extensibility tools.

Large Icons

Choose to select small or large springboard icons with this new option.

Steps to Enable

No additional steps are needed to enable the feature.

Key Resources

Applications Security

Oracle Fusion Applications Security provides a single console where IT Security Managers and Administrators can perform various functions including user lifecycle management, role definition, security policy management(both functional and data), role hierarchy maintenance, username and password policy administration, and certificate management. The console also enables users to simulate the effect of security changes, to run security reports, and download a connector for integration with Microsoft Active Directory.

In Release 12, Oracle Fusion Applications Security offers several new capabilities that offer customers the following benefits:

Administrators can also tailor username and password generation by choosing from a list of shipped policies.

Please refer to your product upgrade guide for any steps that may be required to prepare for and adopt this feature.

User Account Management

You can now create and manage implementation user accounts within Oracle Fusion Applications Security. You can assign roles to these user accounts using the following navigation: Tools > Security Console > User tab. You can also search, retrieve, and manage user accounts automatically created for employees, contingent workers, supplier contacts, or partner contacts.

Search User Accounts Page

Add User Account Page

Steps to Enable

There are no steps necessary to enable this feature.

Role Information

The following function security privileges are required for this feature.

Privilege Name and Code

Job Role Name and Code

Create User Account

ASE_CREATE_USER_ACCOUNT_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

Delete User Account

ASE_DELETE_USER_ACCOUNT_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

Edit User Account

ASE_EDIT_USER_ACCOUNT_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

View User Account

ASE_VIEW_USER_ACCOUNT_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

Key Resources

For more information on the Security Console, go to the Help Center for the following guide:

Administrator Password Management

As an administrator, you can manage passwords of other users using the Security Console. You can auto-generate or manually enter a password for a user account. You can also define password lifecycle and complexity policies. Passwords will be automatically validated against these policies.

Administrator’s Reset Password Page

Steps to Enable

There are no steps necessary to enable this feature.

Key Resources

For more information on the Security Console, go to the Help Center for the following guide:

User Password Management (Self-Service)

You can now manage your own user account password using the Security Console. The password will be automatically validated against the defined password lifecycle and complexity policies.

Self-Service Password Reset Page

Steps to Enable

There are no steps necessary to enable this feature.

User Account Locking

As an administrator, you can now lock user accounts. If you lock a user account, you will be temporarily preventing the user from logging in with that user account. You can also unlock a locked user account.

Lock User Account in Edit User Account Page

Steps to Enable

There are no steps necessary to enable this feature.

Enhanced Role Visualization

You can now view only certain components of a role in the graphic visualizer. You can view only the privileges, aggregate privileges or roles assigned to a role. You can also view the graph in full screen mode and pan over a specific region in the graph.

For complex roles, these features enable you to reduce the amount of information visualized and to focus on the area within the role hierarchy that requires your attention.

View Only the Privileges for a Role

View Only the Inherited Roles for a Role

Pan and View Top Left Region of the Graph

Steps to Enable

There are no steps necessary to enable this feature.

Tabular Role Hierarchy View

You can now view role hierarchies in a tabular view. You can switch between the graphic visualizer view and the tabular view. You can also export the date displayed in the tabular view.

Tabular View of Direct and Indirectly Inherited Roles for a Role

Tabular View of Direct and Indirectly Assigned Privileges for a Role

Tabular View of Direct and Indirectly Assigned Users for a Role

Export of Direct and Indirectly Inherited Privileges for a Role

Steps to Enable

There are no steps necessary to enable this feature.

Search in Role Hierarchy Visualization

You can now search and quickly locate security artifacts (nodes) in the role hierarchy visualization. You can search for privileges, roles or users in the visualization.

Search in Role Hierarchy Graph

Steps to Enable

There are no steps necessary to enable this feature.

User Name Generation Rules

You can now define the user name generation rules used to auto-generate the user name in Oracle Fusion Applications Security. User name generation rules can be based on the user’s first and last names, e-mail or person number. You can also choose to use a system generated user name if the rule fails to generate a user name.

User Name Generation Rules Region in the Administration Page

Steps to Enable

There are no steps necessary to enable this feature.

Tips and Considerations

If your company submitted a service request for Oracle to set up a custom username generation rule, review the Validate User Lifecycle Settings topic in the product-specific Security Upgrade guide which may be listed in Oracle Support Document 2016990.1.

Password Policies

You can now define policies for password management. These policies can define the duration for various password lifecycle events like password expiration and password warning generation. You can also set the complexity of generated passwords by choosing from a pre-defined list of rules.

Password Policy Region in the Administration Page

Steps to Enable

There are no steps necessary to enable this feature.

Tips and Considerations

If your company submitted a service request for Oracle to set up a custom password policy, review the Validate User Lifecycle Settings topic in the product-specific Security Upgrade guide which may be listed in Oracle Support Document 2016990.1.

Role Information

The following function security privilege is required for this feature:

Privilege Name and Code

Job Role Name and Code

Run Password Expiry Job

ASE_PASSWORD_EXPIRY_ESS_JOB_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

Notification Templates

You can now define custom notification templates for user account life cycle events. You can also use pre-defined notification templates.

These templates will be used to generate notifications for events like user account created, user password reset and user password expiry warning.

Notification Templates Region in the Administration Page

Edit Notification Template Page

Steps to Enable

There are no steps necessary to enable this feature.

Tips and Considerations

If your company submitted a service request for Oracle to set up a custom notification template, review the Validate User Lifecycle Settings topic in the product-specific Security Upgrade guide which may be listed in Oracle Support Document 2016990.1.

Upgrade-Safe Management of Factory Shipped Roles

You can now identify a predefined (factory shipped) Oracle role when viewing the role. Predefined Oracle roles are locked and you cannot customize the Oracle delivered functional and data security policies associated with these roles. You can, however, add data security policies to these roles.

Predefined Oracle roles are displayed in a different color in the graph visualizer.

Predefined Role Indicator in the Edit Role Page

Predefined Role Indicator in the Role Hierarchy Graph

Steps to Enable

There are no steps necessary to enable this feature.

Bridge for Microsoft Active Directory

Simplify Single Sign-On with Microsoft Active Directory by downloading and installing the Active Directory Bridge from the Security Console. Automatically synchronize user account information between Oracle Fusion Applications Security and Microsoft Active Directory.

Active Directory Bridge Base Configuration Page

Active Directory Bridge User Attribute Mappings Page

Active Directory Bridge Synchronization Status Page

Steps to Enable

There are no steps necessary to enable this feature.

User Password Changes Audit Report

You can now generate a report that lists password changes made by users. The report can be generated for changes made by specific users or for all changes made during a specific period.

User Password Changes Audit Report Process Details Page

Steps to Enable

There are no steps necessary to enable this feature.

Role Information

The following function security privilege is required for this feature:

Privilege Name and Code

Job Role Name and Code

Run User Password Changes Audit Report

ASE_USER_PASSWORD_CHANGES_AUDIT_REPORT_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

Steps to Enable

There are no steps necessary to enable this feature.

Integrate Custom Identity Management Solution

You can now optionally Integrate with your Identity Management solution for user and role management using industry standard System for Cross-domain Identity Management (SCIM) REST APIs and ATOM feeds.

Steps to Enable

There are no steps necessary to enable this feature.

Password Reset

The password reset flow has been changed in Release 12. A notification email will be sent to the user who requests a password reset. The user will be required to click on this link, within a specific period of time, to change the password. This replaces the previous flow where users were required to answer a series of challenge questions to reset the password.

Email Notification to Reset Password

User Reset Password Page

Steps to Enable

There are no steps necessary to enable this feature.

Security Console

The unified security administrator interface, combined with the ability to safely upgrade the reference security implementation will result in the following changes in functionality in the Security Console.

Steps to Enable

There are no steps necessary to enable this feature.

New Function Security Privileges for Applications Security

This section provides product-specific information that you need when implementing new Release 12 features in your existing roles.

If you are not using the predefined reference roles, then you need to add the function security privilege to relevant custom job roles.

This table identifies the required function security privilege and the predefined role that automatically inherits the privileges during the upgrade.

Privilege Name and Code

Job Role Name

Create User Account

ASE_CREATE_USER_ACCOUNT_PRIV

IT Security Manager

Delete User Account

ASE_DELETE_USER_ACCOUNT_PRIV

IT Security Manager

Edit User Account

ASE_EDIT_USER_ACCOUNT_PRIV

IT Security Manager

View User Account

ASE_VIEW_USER_ACCOUNT_PRIV

IT Security Manager

Enable Database Resource Management

ASE_ENABLE_DATABASE_RESOURCE_MGMT_PRIV

IT Security Manager

Run Password Expiry Job

ASE_PASSWORD_EXPIRY_ESS_JOB_PRIV

IT Security Manager

Run User Password Changes Audit Report

ASE_USER_PASSWORD_CHANGES_AUDIT_REPORT_PRIV

IT Security Manager

Functional Setup Manager

Oracle Functional Setup Manager provides a new simplified UI in Release 11 that improves user experience by streamlining the Offering setup.

Improved Landing Experience

The new Setup and Maintenance landing page presents your subscribed Offerings by default. However, you still have the choice to browse all other available Offerings. In addition, all relevant documents that will help you to plan for an Offering implementation are directly available from this page.

   

Functional Setup Manager: Setup and Maintenance screen

Steps to Enable

No steps are needed to enable this feature.

Tips and Considerations

The new simplified UI has removed the Task Pane to give a streamlined look and feel. However, the entries previously found in the Task Pane are still easily accessible from the page.

Key Resources

For more information, refer to the following Release 11 guide: Oracle Applications Cloud Using Functional Setup Manager

Guided Navigation

Navigation through setup process has been enhanced to make it more intuitive to the user. At the same time, the new flow increased user efficiency by requiring fewer clicks to navigate through the end-to-end setup process.

Steps to Enable

No steps are needed to enable this feature.

Tips and Considerations

For more information, refer to the following Release 11 guide: Oracle Applications Cloud Using Functional Setup Manager

Key Resources

For more information, refer to the following Release 11 guide: Oracle Applications Cloud Using Functional Setup Manager

Offering Configuration

Configure page has a new look and feel as well. Offerings are presented one at a time based on user’s selection to give the page a cleaner look. Furthermore, as you enable Offerings and Functional Areas, your selections are saved automatically.

FSM: Configure Finacials page

Steps to Enable

There are no steps are needed to enable this feature.

Tips and Considerations

For more information, refer to the following Release 11 guide: Oracle Applications Cloud Using Functional Setup Manager

Key Resources

For more information, refer to the following Release 11 guide: Oracle Applications Cloud Using Functional Setup Manager

Offering and Functional Area Based Setup

Application Administration, which provided ability to set up Offerings by Functional Areas, also has a new streamlined look and feel.

To setup an Offering by Functional Areas is an alternative approach to using Implementation Projects. It allows managing setup of an Offering -- during initial implementation as well as for maintaining setup over time – in a modular fashion so that you can complete setup and begin transaction in the functional areas that are most relevant to you immediate business needs without performing setup of the entire Offering.

In the new Setup page, the Functional Areas and the tasks necessary to set up each of them are presented next to each other giving higher visibility to setup requirements of each Functional Area as well as reducing the number of clicks necessary to navigate to the tasks.

FSM: Setup Procurement page

Steps to Enable

There are no steps are needed to enable this feature.

Tips and Considerations

Key Resources

For more information, refer to the following Release 11 guide: Oracle Applications Cloud Using Functional Setup Manager

Offering and Functional Area Based Export and Import

From the new Setup page, a simplified export and import flow now supports migration of setup data without creating Configuration Packages. You may choose to export and import setup data of the entire Offering or select specific Functional Areas for incremental migration.

FSM: Setup Manufacturing and Supply Chain Materials Management page

In addition, the new flow presents a list of relevant business objects that can be used during export to filter setup data by default and thereby, gives you better visibility to what’s available.

FSM: Setup Manufacturing and Supply Chain Materials Management page

Steps to Enable

There are no steps are needed to enable this feature.

Key Resources

For more information, refer to the following Release 11 guide: Oracle Applications Cloud Using Functional Setup Manager

Guided Navigation

Navigation through setup process has been enhanced to make it more intuitive to the user. At the same time, the new flow increased user efficiency by requiring fewer clicks to navigate through the end-to-end setup process.

Steps to Enable

No steps are needed to enable this feature.

Key Resources

For more information, refer to the following Release 11 guide: Oracle Applications Cloud Using Functional Setup Manager

Offering Configuration Migration

Navigation through setup process has been enhanced to make it more intuitive to the user. At the same time, the new flow increased user efficiency by requiring fewer clicks to navigate through the end-to-end setup process.

FSM: Import Offering Setup page

Steps to Enable

To migrate offering configuration select ‘Import feature selection’ option available under Import Options when submitting an Import process.

Tips and Considerations


---

A special Oracle logo highlighting Oracle's commitment to developing practices and products that protect the environment. copyrightlogo

12.14