Академический Документы
Профессиональный Документы
Культура Документы
Sep-2009
A Practical Example
Shasikkumar Veeramani
Oracle Applications Techno-Functional Consultant
Key Equipment Finance Limited, United Kingdom
Introduction: .............................................................................................................................. 3
About the Document: ................................................................................................................ 3
Corporate Security Rules:.......................................................................................................... 3
Implementation:......................................................................................................................... 3
Rule 1 – Corporate Security disclaimer..................................................................................... 3
Rule 2 – Rule 7 – All password validation rules ....................................................................... 5
Rule 8 - Password re-use policy ................................................................................................ 7
Rule 9 – Password expire .......................................................................................................... 8
Error Messages Setup:............................................................................................................... 9
Rule 10 and Rule 11 – Username and password examples in the login page ......................... 14
Additional Notes to incorporate the rule for existing Application users ................................. 15
Scope for improvement and drawbacks: ................................................................................. 16
Developer Reference – Code for java function ....................................................................... 16
Oracle E-Business Suite has a very good User Management Framework which is
flexible and customisable so that any company implementing Oracle E-Business suite can
customise the user management framework to abide by their corporate security guidelines.
This document would also provide the code necessary along with the screenshots so
that it can extended to use for any corporate security implementation
1. In the login page of Oracle Applications – We must display the Corporate Security
disclaimer as under
“This is a private and proprietary system. Unauthorized access is unlawful and may
result in disciplinary action and/or legal proceedings. Any access to this
system/network may be monitored”
Implementation:
Rule 1 – Corporate Security disclaimer
To implement the corporate security disclaimer rule in Oracle Applications 11.5.10 follow the
below mentioned steps,
“This is a private and proprietary system. Unauthorized access is unlawful and may
result in disciplinary action and/or legal proceedings. Any access to this
system/network may be monitored”
Note: If we want the message text to be replicated in different languages then run the
concurrent program “Generate Messages” within Application Developer responsibility
for each such language. We will not be using as our UI will only be in English
Note:
We are using 103 as we are not using all of the features of the user management framework.
Setting the profile option value to 127 would enable all of the following in the login page –
Username Hint, Password Hint, Cancel Button, Forgot Password Link, Register Link,
Rule 2 to Rule 7 is all about validation of password changes for existing users and any new
user validation. Oracle E-Business suite provides a customisable Java function (Sample
provided along with E-business standard product) which can extended to implement the
corporate security rules.
Customised version of this java file for all the above mentioned validations is given in the
developer reference section at the end – Which can be saved as
AppsPasswordValidationCUS.java,
Note: This is the file, would ideally be coded by a technical developer in Java for
implementing the custom password validation rules. Also SYSADMIN user is excluded from
the username length validation – This can be extended to any other users as well by changing
that portion of code to include additional users
. Also execute the following query by logging into SQL*PLUS as “Apps” user to verify if
the java class is loaded to the database correctly
CLASS_NAME STATUS
-------------------------------------------------- -------
oracle/apps/fnd/security/AppsPasswordValidationCUS VALID
Note: Restart the apache at the very end to make it effective for the OA Framework pages
To implement the password expiration to 180 days perform the following steps,
Note: We now want to regenerate the message text file, so run the concurrent program
“Generate Messages” within Application Developer responsibility
Rule 10 and Rule 11 – Username and password examples in the login page
Following steps show the implementation of a custom username hint and password hint in the
login page which is more inline abiding by the corporate rules
All existing users now need to have their passwords reset and expiration dates set according
to the new standards. Below is the SQL to do so.
/*
Purpose:
. To make the password lifespan to be 180 days for all existing business users
. To make all business users’s password expire so that they need to change upon next
login
Enhancement Notes:
. If we plan to have a concurrent program which takes in a username input and expires
the password for that user (Also if not passed expires all business user's password)
. If we are using the above feature then we might want to consider having a separate
update statement for changing the password lifespan
*/
UPDATE FND_USER
SET PASSWORD_DATE = NULL,
PASSWORD_LIFESPAN_DAYS = 180
WHERE USER_NAME NOT IN ('AME_INVALID_APPROVER',
'ANONYMOUS',
'APPSMGR',
'ASGADM',
'ASGUEST',
'AUTOINSTALL',
'CONCURRENT MANAGER',
'FEEDER SYSTEM',
'GUEST',
'IBEGUEST',
'IBE_ADMIN',
'IBE_GUEST',
'IEXADMIN',
'INITIAL SETUP',
'IRC_EMP_GUEST',
'IRC_EXT_GUEST',
'MOBILEADM',
'MULTIORGUSER',
'OLM1BATCH',
'OP_CUST_CARE_ADMIN',
'OP_SYSADMIN',
'PORTAL30',
'PORTAL30_SSO',
'SYSADMIN',
'WIZARD',
'XML_USER'
);
COMMIT;
Following are the drawbacks which was found while customising the user management
framework,
Note: As per the research done in Metalink – Release 12 User Management Framework
addresses this issue and we would able to fully leverage the customisation with all the default
user management functionality
package oracle.apps.fnd.security;
import oracle.apps.fnd.common.VersionInfo;