Users/Roles Security in Oracle R12

Application Security is vital for ERP systems. Especially administrator has to monitor number of users accessing system and what roles and responsibilities does people have.

Manage start and end period of users to access into application.

Activate and de-activate user accounts and their responsibilities according to your corporate security policies

SQL query to find active users and their responsibilities

select user_name, application_name, responsibility_name,

       security_group_name,

       greatest(u.start_date, ur.start_date, r.start_date) start_date,

       decode(

             least(nvl(u.end_date, to_date('01/01/4712','DD/MM/YYYY')),

                      nvl(ur.end_date, to_date('01/01/4712','DD/MM/YYYY')),

                      nvl(r.end_date, to_date('01/01/4712','DD/MM/YYYY'))),

             to_date('01/01/4712','DD/MM/YYYY'), '',

             least(nvl(u.end_date,  nvl(ur.end_date, r.end_date)),

                      nvl(ur.end_date, nvl(u.end_date,  r.end_date)),

                      nvl(r.end_date,  nvl(u.end_date,  ur.end_date)))) end_date

from fnd_user u, fnd_user_resp_groups_all ur, 

     fnd_responsibility_vl r, fnd_application_vl a,

     fnd_security_groups_vl s

where a.application_id = r.application_id

and u.user_id = ur.user_id

and r.application_id = ur.responsibility_application_id

and r.responsibility_id = ur.responsibility_id

and ur.start_date <= sysdate

and nvl(ur.end_date, sysdate + 1) > sysdate

and u.start_date <= sysdate

and nvl(u.end_date, sysdate + 1) > sysdate

and r.start_date <= sysdate

and nvl(r.end_date, sysdate + 1) > sysdate

and ur.security_group_id = s.security_group_id

and r.version in ('4','W','M')

order by user_name, application_name, responsibility_name, 

      security_group_name

SQL query to find active responsibilities and their active users

select  application_name,responsibility_name,

       security_group_name, user_name,

       greatest(u.start_date, ur.start_date, r.start_date) start_date,

        decode(

             least(nvl(u.end_date,to_date('01/01/4712','DD/MM/YYYY')),

                     nvl(ur.end_date,to_date('01/01/4712','DD/MM/YYYY')),

                      nvl(r.end_date,to_date('01/01/4712','DD/MM/YYYY'))),

             to_date('01/01/4712','DD/MM/YYYY'),'',

 least(nvl(u.end_date,  nvl(ur.end_date, r.end_date)),

             nvl(ur.end_date, nvl(u.end_date,  r.end_date)),

             nvl(r.end_date,  nvl(u.end_date,  ur.end_date)))) end_date

from fnd_user u,fnd_user_resp_groups_all ur,

     fnd_responsibility_vl r,fnd_application_vl a, 

     fnd_security_groups_vl s

where a.application_id = r.application_id

and   u.user_id = ur.user_id

and   r.application_id = ur.responsibility_application_id

and   r.responsibility_id = ur.responsibility_id

and   ur.start_date <= sysdate

and   nvl(ur.end_date, sysdate + 1) > sysdate

and   u.start_date <= sysdate

and   nvl(u.end_date, sysdate + 1) > sysdate

and   r.start_date <= sysdate

and   nvl(r.end_date, sysdate + 1) > sysdate

and   ur.security_group_id = s.security_group_id

and   r.version in ('4','W','M')

order by application_name,responsibility_name,security_group_name, user_name