Вы находитесь на странице: 1из 23

R12 Multi Org Access Control Concept

MOAC : From Multi-Org.To Multi-Access

Multi-Org architecture was first introduced in Oracle Applications Release
10.6. Its primary objective was to secure data from unauthorized access
by individual in different Operating Unit in enterprise. Although security by
Operating Units has been widely used as a reliable method to protect from
unauthorized access to information, many customers have requested to
increase flexibility to enable user to access one or more Operating Units
per user responsibility. Multi-Org Access Control feature allows reduction
in operating costs, but more importantly, it lays a more flexible software
foundation to allow Oracle Applications to support complex business model
such as Shared Services without compromising data security.

Access Control
The Multi-Org Access Control feature, also known as "Security by
Operating Unit", will enable users to access to secured data in one or more
Operating Units within one responsibility. The feature uses Security Profile
concept introduced in Release 11i Oracle Human Resources Management
System, which allows system administrator to predefine the scope of
access privilege as a profile option. A security profile may be defined in
hierarchical or listing mode, which may consist one or more Operating

A profile option, "MO: Security Profile", is used to associate predefined

security profile to a user responsibility.

The following two process flows illustrate current and new models for
defining Multi-Org.
Select Operating Unit

With the ability to access multiple Multi-Org Operating Units from a single
application responsibility, users are able to enter setup and transaction data
and run concurrent programs for multiple Operating Units without having to
switch the responsibility. Except in a few cases, all Multi-Org enabled
setup and transaction user interface will have "Operating Unit" field. Users
will be able to select the Operating Unit from a list of values assigned to the
user via the security profile and responsibility. Operating Unit context can
also be defaulted or derived from other operating unit sensitive attribute.
Detail on these variations is covered in subsequent sections.

Creating the Security Profile :

Use the screen below to create a security profile:
Run Security List Maintenance Program
This concurrent program must be run from the Standard Report Submission screen after creation of
security profile. It populates the PER_ORGANIZATION_LIST table with the list of organizations included
in the security profile. The organizations included in the "View All" security profiles are not stored in this

The "Security List Maintenance Program" could be preferably run for one named security profile to
prevent disturbing other security profile setup.

Assign MO: Security Profile to Application Responsibility

The last step is to assign a security profile to user responsibility via System Profile Values window. "MO:
Security Profile" can be set at Site and Responsibility level.
MOAC Benefits..

Multi-Org Access Control feature allows you to enter, process data and generate reports
from a single responsibility

This is achieved by providing the Operating Unit field on the forms/pages and while
running the concurrent processes

To Set this feature you need to define the security profile containing operating units and
set it at MO: Security Profile

You can default the Operating Unit on forms/pages by setting the MO: Default Operating
Unit profile

What are the new changes from Multi Organization(Multi Org) to Multiple Organization
Access Control.

As discussed above, security Profiles for data security

o MO: Security Profile

o List of operating units for a responsibility

OU field on UI

o all transactions

o setup data specific to OU, like transaction type

Enhanced Multi-Org Reporting and Processing

Ledger/Ledger Set parameter on accounting reports and processes

OU parameter on other standard reports and processes

o For example: submit the Payables Open Interface Import w/OU param null to
import all records across all OUs
Multi - Org Concept in Oracle Apps R12

Multi-Org in simple term means the implementation of

multiple business units (or Organization) under a single
installation of Oracle Applications. The concept of Multi-Org will
manage the operations of an enterprise which has got
subsidiaries across globe under a single oracle apps window,
taking appropriate care of data security and data maintenance.
Below are some of the features of multiple organization

Any number of Business Units in an Enterprise can be

supported within a single installation of Oracle Application

User can access the data corresponding to and limited to the

operating unit

Reporting can be managed at different organization levels

like, Business Group, Ledger, Operating unit etc

Transactions like Procurement, Receiving, Selling, Shipping

Etc. with the same Party Can be Performed through Different
Organization and can be managed internally through inter
company postings
To achieve the new objective, Oracle has introduced new functionality called Multi-Org
Access Control (MOAC) in release 12. Following are the set up steps needs to follow for
implementing the MOAC architecture for a particular application

Multi Org Setup Steps in R12

1. Define Location

Open HRMS Manager Responsibility and navigate to Work Structure Location

Define your location Specific Details (BG Address and time zone) for your Business Group in
Address Details tab and Shipping details in Shipping Details tab as below.

Save the Changes

Following table will hold location details

2. Define Business Group

Open HRMS Manger responsibility and navigate to

Work StructureOrganizationDescription

Enter the business group name and assign the location created in the previous step and
save the changes

Select the LOV as business group under the Organization Classification block

Select Business Group from the LOV and check Enabled check box for the business group
name and save changes
Now click on Others button and select the Business Group info from the additional window
and click OK, then another window will get opened with name Additional Organizations
Information like below

Press TAB and enter the mandatory details like below

Click OK Button, then you will be prompted to save the changes. Press on YES button. The
details will get saved.
Following Table will hold business group information

3. Create Legal Entity

As per the structure defined, we have to create the one legal entity for AU operation.
Switch the responsibility to General Ledger and navigate to the following
SetupFinancialsAccounting Setup ManagerAccounting Setups
In Release R12, the legal entity setup is a part of accounting setup.
Press button Create Legal Entity and enter the Details

Click on Create New Address to create the new address

Click APPLY to save the changes.

Legal Entity details will be available in the following table

4. Define Ledger

Navigate to Accounting Setup Manager and define the New Ledger for the Legal Entity

Ledger Details Will be available in the Following table


5. Create and assign Operating units to Legal Entities to Ledger

In this step we will assign operating unit to Legal Entity. This will be defining from General
Ledger responsibility

Navigate to Setup > Financials > Accounting Setup Manager > Accounting Setups
In the Ledger Definition window, enter the Ledger name and press GO button. Once the
search finishes and resulted with the Ledger name, Click on Update Accounting Options

Then Assign the Legal Entity to the ledger by clicking Add Legal Entity button

Search for the legal entity created in our previous step and click on apply button to save the
changes. Now the legal Entity is assigned to Ledger
Now click on Update button next to the operating unit setup option

Click on Add operating unit

Enter the details. Assign the business group and legal entity created from the above steps to
the operating unit and click on apply button
After completing all ledger option press Complete button to complete the accounting setup

6. Create Inventory Information

Switch to Human Resource responsibility and Navigate to the following

Work Structure OrganizationDescription
Click on New Button to create the new Inventory Organization

From the Organization Classifications Frame, select the option Inventory Organization from
the LOV.

Press OK to save the Details

No click on Others button and select Accounting Information option. A small window will
open, Press TAB to enter the details in this window
Assign the following to the inventory organization we have created in our previous steps

Primary Ledger
Legal Entity
Operating Unit

Click OK and Click Yes to save the changes

Again Click Others button and select the Inventory Information from the list
Then add all inventory details and save the changes.

Once the setup is done, run the following reports/programs to use the operating unit we

In order to use the operating unit, run the following program and it should be run for all the
new operating unit structure

Switch the responsibility to System Administrator

Program :- Replicate Seed Data
Parameter: - <Operating Unit>

Run the following program

Multi-Org Setup Validation Report

Now the operating units and other related setups are ready to use. Now we have to think
how we can enable the multiple organization can be enabled from a single responsibility.

Enabling Multi Org Access Control (MOAC)

MOAC is implemented in R12 to allow the users to submit requests and access data of
different operating units in a single responsibility. This functionality can be done by setting

There are 2 security profiles:

SECURITY PROFILE: is used for the selection of operating units from the same
business group

GLOBAL SECURITY PROFILE: is used for the selection of operating units from the
different business group

Set up of Multi-Org Access Control:

Setup Security Profile in HRMS

Switch the responsibility to Human resource

Navigate to the following

Security Profile

Select the name for the profile and attach the business group created

In order to have access to the security profile we created, we need to create a responsibility
and assign this profile option to the responsibility

Switch to System Administrator responsibility and navigate to the following


Once the responsibility is defined, assign the new security profile option to the responsibility
by navigating the following

Profile System
This is it!!!

We have done with the setup of Multi-Org. This is a key functionality in Oracle R12 which is
serving as the stepping stone to Oracle Multi-Org implementation.
Following SQL query can give the relation between Ledger, Legal entity and Operating Units
in Oracle Apps R12

SELECT hrl.country, hroutl_bg.NAME bg, hroutl_bg.organization_id,

lep.legal_entity_id, lep.NAME legal_entity,
hroutl_ou.NAME ou_name, hroutl_ou.organization_id org_id,
FROM xle_entity_profiles lep,
xle_registrations reg,
hr_locations_all hrl,
hz_parties hzp,
fnd_territories_vl ter,
hr_operating_units hro,
hr_all_organization_units_tl hroutl_bg,
hr_all_organization_units_tl hroutl_ou,
hr_organization_units gloperatingunitseo,
gl_legal_entities_bsvs glev
WHERE lep.transacting_entity_flag = 'Y'
AND lep.party_id = hzp.party_id
AND lep.legal_entity_id = reg.source_id
AND reg.source_table = 'XLE_ENTITY_PROFILES'
AND hrl.location_id = reg.location_id
AND reg.identifying_flag = 'Y'
AND ter.territory_code = hrl.country
AND lep.legal_entity_id = hro.default_legal_context_id
AND gloperatingunitseo.organization_id = hro.organization_id
AND hroutl_bg.organization_id = hro.business_group_id
AND hroutl_ou.organization_id = hro.organization_id
AND glev.legal_entity_id = lep.legal_entity_id
Understanding Multi-Organization
Structure in EBS
In order to allow use of the system by multiple business units, accommodating differing
requirements for functional currencies, accounting structures and security, whilst at the same
time ensuring a central core design Oracle provides functionality known as "Multiple
Organizations" in short is called " multi-Org".This allows different business units to have their
own view of the applications, in particular for the financials AP ( Payables), AR ( Receivables),
FA (Fixed Assets), CE (Case Management) and INV ( Inventory).

Multi-Org is an important feature of Oracle Applications for several reasons:

Allows multiple sets of books and multiple legal entities to be configured and to operate
in the same instance

Provides support for data security between business units within a single applications

Permits users to sell and ship products from different legal entities (in different sets of
books) with automatic intercompany accounting

Supports internal requisitions and purchasing/receiving products from different inventory

organizations (within the same set of books)

Enables an enterprise to be housed in one database instance of Oracle, spanning multiple

countries, currencies, and legal entities without a reduction in response times

Multiple Organizations Reporting enhances the reporting capabilities of Oracle

Applications products by allowing you to report at the:Set of Books level, Legal entity
level or Operating unit level
Multiple Organization in Oracle Applications depends primarily on defining your organizational
structure in the multi-level hierarchy used by Oracle Applications. The levels are:

Business groups

Accounting sets of books

Legal entities

Operating units]

Inventory organizations

Business Groups: Oracle Applications secures human resources information, including

organization definition, by business group. At least one Business Group will be required for
every country since the employee legislation is specific for each country and employee profile is
set up at the Business Group level. Security access to the sensitive Human Resources data is
secured at the highest level at the Business Group. In short Business Group partitions Human
Resources information in a multi-organization structure. Organization Structures and
Organization Hierarchy is defined within the Business Group.

Multiple sets of books can share the same business group if they share the same business group
attributes, including HR flex-field structures (Grade, positions flex-fields etc).

Accounting sets of books: A General Ledger concept for having separate financial reporting
entities for which chart of accounts, calendar, or functional currency differs. In addition for
scalability and ensuring independent numbering system for all the accounting transactions as
well as the ability to open and close each of the legal entities period independently a separate set
of books will be configured for each legal entity.

Legal entities: An organization that represents a legal company for which you prepare fiscal or
tax reports. You assign tax identifiers and other relevant legal company information to this entity.

Operating units: An organization that partitions and uses data for Payables, Purchasing, Order
Management, Cash Management, Fixed Assets and Receivables. Operating Units allow for
configuration of the Oracle Applications across Multiple Business Groups using a single
installation of the software.

Inventory organizations: An organization that tracks inventory transactions and balances,

and/or that manufactures or distributes products or components. Segregate Item data objects for
Inventory, Purchasing, Order Entry, and the Manufacturing Applications (Organization_Id).

Examples could be manufacturing plants, warehouses, distribution centers, and sales offices

The following applications secure information by inventory organization: Oracle Inventory, Bills
of Material, Engineering, Work in Process, Master Scheduling/MRP, Capacity, and Purchasing
receiving functions. To run any of these applications, you must choose an organization that has
been classified as an inventory organization.

HR Organization
Internal Departments to which Employees are Assigned.

Asset Organizations
An asset organization is an organization that allows you to perform assetrelated activities for
a specific Oracle Assets corporate depreciation book. Oracle Assets uses only organizations
designated as asset organizations