Oracle Workflow Access Protection: A Technical Note


Oracle Workflow assigns a protection and customization level to every workflow object definition stored in the database and requires every user of Oracle Workflow to operate at a certain access level.

The combination of protection, customization, and access levels build the access protection feature and determine whether a user can modify a given workflow object. The level, in all three cases, is a numeric value ranging from 0 to 1000 that indicates the relationship between different organizations as providers and consumers of seed data.

The following ranges of levels are there in Oracle Workflow:

0-9 Oracle Workflow
10-19 Oracle Application Object Library
20-99 Oracle Applications development
100-999 Customer organization. You can determine how you want this range to be interpreted. For example, 100 can represent headquarters, while 101 can represent a regional office, and so on.
1000 Public

Access Level:

Each user of Oracle Workflow operates the system at a certain access level according to the range of levels listed above. A “user of Oracle Workflow” in this case, represents someone who is operating Oracle Workflow Builder, or the Workflow Definitions Loader program, which loads workflow process definitions from a file into a database.

Navigation to view your access level:

Oracle Workflow Builder > Help > About Workflow

Workflow Access Level

Note: If you are going to run the Workflow Definitions Loader program to download workflow process definitions from the database to a file, check the value for the environment variable WF_ACCESS_LEVEL on your workflow server.

The Access tab lets you define whether:

  • Future customizations to the object are preserved during a workflow definition upgrade.
  • The object can be edited by users operating at a higher access level.

Protection Level:

Whenever you create a workflow object in Oracle Workflow Builder, you have the option of protecting the object at a certain level. An object’s protection level helps control whether other users can modify the object based on their access levels, by allowing only users with an access level equal to or lower than the object’s protection level to modify the object.

Navigation to set the protection level of an object:

Oracle Workflow Builder > object’s property page > Access tab

Notes:

  • If you protect an object against customization, you effectively assign the object a protection level equal to your current access level.
  • Objects protected against customizations are considered “seed data.”
  • Only users operating at an access level equal to or lower than the protection level of the object can modify the object.
  • Users operating at an access level greater than the protection level of the object will see a small lock on the icon for the object in the navigator tree, indicating that the object is read-only.

Customization Level:

An object’s customization level helps control whether other users can modify the object based on their access levels, by allowing only users with an access level equal to or higher than the object’s customization level to modify the object.

Navigation to set the customization level of an object:

Oracle Workflow Builder > object’s property page > Access tab

Setting the customization level ensures that a customizable object that has been customized never gets overwritten during a seed data upgrade, because the upgrade always occurs with the Workflow Definitions Loader operating at an access level below the customized object’s customization level.

Use the Options region to set the protection and customization levels of an object.

Lock at this Access Level: Protects the object at the current access level and does not allow the object to be customized by higher access levels

Preserve Customizations: Prevents customized objects from being overwritten during a workflow definition upgrade.

Situation
Access Level
Lock at this Access Level
Preserve Customization
Level Summary
1 Set as 100

No

No

A: 100, P: 1000, C: 0
2 Set as 100

Yes

No

A: 100, P: 100, C: 0
3 Set as 100

No

Yes

A: 100, P: 1000, C: 100
4 Set as 100

Yes

Yes

A: 100, P: 100, C: 100

The indicator bar provides a visual range of access levels that can edit the object:

Black vertical line: Current access level

White range: Can’t edit the object

Solid green: Can edit the object

Cross-hatch green: Usually cannot modify the object because it has been customized, but can now do so because Oracle Workflow Builder is set to upload mode so that customized objects can be modified.

1] Allow access to everyone

Workflow Protection Level-1

None: Object can be updated at any time by any access level.

2] Limit access to users with access levels equal to your own or lower

Workflow Protection Level-2

Lock at this Access Level: Protects the object at the current access level and does not allow the object to be customized, except by access levels 0-100.

3] Limit access to users with access levels equal to your own or higher

Workflow Protection Level-3

Preserve Customizations: Disallows customized objects from being overwritten during a workflow upgrade.

  • Object may be updated by access levels 100-1000.
  • If the Allow modifications of customized objects check box is selected, customized objects can also be updated by access levels 0-99 as represented by green crosshatches in the indicator bar.

4] Limit access to users with access levels equal to your own

Workflow Protection Level-4

Both: Object can only be updated by the access level at which the object is protected.

  • Object may only be updated by access level 100.
  • If the Allow Modifications of Customized Objects check box is selected, customized objects can also be updated by access levels 0-99 as represented by green crosshatches in the indicator bar.

Oracle E-Business Suite customers should select both the Preserve Customizations and Lock at this Access Level check boxes to protect your workflow objects during upgrades.

During an Oracle Workflow seed data upgrade, the Workflow Definitions Loader is always run in Upgrade mode at an access level less than 100. As a result, the upgrade will not overwrite any object with a customization level of 100 or higher.

References:

docs.oracle.com

oracle.anilpassi.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: