MOAC: Multi-Org Access Control
MOAC provides role based access to Operating Units, and allows you to perform multiple tasks across operating units without changing responsibilitiesMulti-Org Access Control Setup:
•Responsibility: Human Resources
•Navigation: Security > Profile
In Release 12, when you define your security profile in HR using the Security profile form or the Global Security profile form, you must:
•Assign all of the operating units that you want a responsibility to access. Run a concurrent request called “Run Security List Maintenance” from HR which makes those security profile available and allows you to assign them to a responsibility via a profile option called MO: Security Profile.
Navigagion
Multi-Org Access Control – Setup – Create Operating Unit
:
•Responsibility: General Ledger Navigation: Accounting Setup Manager > Financials : Accounting Setup : Accounting Setup Manager
•Responsibility: Human Resources: Navigation: Work Structures : Organization > Description
In Release 12, you can define your operating units in two places. You can continue to define them in the Oracle HRMS Organization Form or you can define them in the new Accounting Setup Manager feature in General Ledger.
The Accounting Setup Manager streamlines the setup and implementation of Oracle Financial Applications. It centralizes the setup and maintenance of common financial components, such as legal entities, operating units, and ledgers. So when you create an accounting setup, assign a legal entity and create the ledgers that will perform the accounting for that legal entity, you can also define and assign the relevant operating units. By leveraging Accounting Setup Manager to define your OUs, you can streamline your setup.
In R12, is instead of attaching an OU to a LE, you assign it to a default legal context. All Release 11i HR Organizations classified as “Operating Units” will be preserved in Release 12. If operating units are assigned to a set of books, then they will be associated to a primary ledger in an accounting setup. You will be able view all operating units assigned to an upgraded primary ledger using Accounting Setup Manager.
Multi-Org Access Control – setup Define Security Profile:
•Responsibility: Human Resources
•Navigation: Security : Profile or
•Navigation: Security : Global
Using Oracle HRMS, you can define your security profile using two forms:
•The Security Profile form, which allows you to select operating units from only one Business Group
•The Global Security Profile form, which allows you to select operating units from multiple Business Groups
Enter a name, and select the Security Type called “Secure organizations by organization hierarchy and/or organization list”. This allows you to assign multiple OUs.
When assigning operating units, first select classification Operating Unit, and then select the organization or Operating Unit name. You can assign multiple operating units.
Multi-Org Access Control – Setup – Run System List Maintenance:
•Once the security profile has been created, run the Security List Maintenance program.
–This ensures that all of the security profiles that you created are available for assignment to your responsibilities.
Multi-Org Access Control – Setup – System Profile Options:
•The MO Security Profile controls the list of operating units that a responsibility or user can access. If you set the security profile at the responsibility level, then all users using that responsibility will have access to only the operating units available in the security profile. If you set the security profile at the user level, then the user will have access to only those operating units, irrespective of application responsibility that they log into.
•The MO: Default Operating Unit is optional and allows you to specify a default operating unit that defaults when you open different sub ledger application pages. Because you can access multiple operating units, you may want to set up a default one instead of forcing users to constantly have to choose one. User Preferences allows you to specify a default operating unit at the user level. Use the MO: Default Operating Unit profile option to set the operating unit context or default operating unit when accessing an applications.
•The last profile option is for backwards compatibility and to support products that do not use Multiple Organizations. The release 11i setting was for this is preserved during upgrade. The Release 11i MO: Operating Unit profile option is supported in Release 12 as not all customers of Oracle products require multiple organizations.
Implementation Considerations:
•Oracle HRMS
–Define operating units
–Set up Multi-Org Security Profiles
•Accounting Setup Manager
–Define operating units
–View all operating units assigned to the primary ledger
•Oracle E-Business Suite Products that Use Operating Units
–Process data across multiple operating units using Multi-Org Access Control
Multi-Org Access Control - Description:
In 11i, when users had to enter or process data for multiple operating units, they had to login to different responsibilities because each responsibility could only access one operating unit. So if there were a centralized payment processing center where users processed payments for multiple organizations, they would have to keep logging in and out of different responsibilities to process payments for a different organization or operating unit.
Now in Release 12, Multi-Org Access Control enables companies that have implemented a Shared Services operating model to efficiently process business transactions by allowing users to access, process, and report on data for an unlimited number of operating units within a single application’s responsibility.
This increases the productivity of Shared Service Centers as users no longer have to switch application responsibilities when processing transactions for multiple operating units. Data security and access privileges are still maintained using security profiles that will now support multiple operating units.
Multi-Org Access Control - Example:
For example, if you have three operating units in the center you were managing, such as a Belgium Operating Unit, a Holland Operating Unit, and a Denmark operating unit, in 11i you needed to define three different responsibilities. If you had one user who processed payables invoices across all three operating units, then you would need to assign the three responsibilities to that user and then the user would need to log in and out of each responsibility to process invoices.
In Release 12, you can create a Security Profile and assign as many operating units as you want to that security profile. So in this example, you could assign all three operating units to the same security profile. Then, you can tie that security profile to a single responsibility using a profile option called MO: Security Profile. For example, you could assign the security profile to the EMEA Payables responsibility to allow that responsibility to process invoices across all three operating units.
Processing payables invoices is just one example, with Multi-Org Access Control, you can efficiently perform other processes, such as processing receivables invoices, viewing consolidated requisitions, performing collections using Advanced Collections, and process receiving and drop shipments.
MOAC - Benefits:
•Improve Efficiency
–Process data across multiple OUs from one responsibility
–Process transactions more efficiently for companies that have centralized business functions or operate Shared Service Centers
•Obtain better information for decision making
–Obtain a global consolidated view of information
–View information, such as supplier sites and customer sites across multiple OUs
•Reduce Costs
–Speed data entry
–Reduce setup and maintenance of many responsibilities
Multi-Org Access Control Process Summary:
Each Financials product team has implemented MOAC to best suit their business process flows. For example, in AP, there’s a new operating unit field on their Invoice Workbench. The OU list of values reads from the Security Profile assigned to the responsibility to determine which OUs should be displayed in the LOV. In general, when a user logs in to a responsibility and opens an application, the application will determine which operating units can be accessed and used for processing. The user can then view or process transactions for multiple operating units
What is the uses of MOAC in practical
Let’s see what is offered by this Multiple Organization Access Control enhancement.
In order to explain, I have categorized these changes into data entry, inquiry (or review), adjustments, data processing and report generation. You can enter the data for multiple operating units from a single responsibility because the Operating Unit field is now available on all the forms (accessing the Organization striped data) where you enter the data. So, you will find the Operating Unit field added on Sales Order form, Pre-Approved Expenditure Entry form, Review Transactions form, WebADI templates, and the setup forms. As a result of these changes, the data entry operators at the Shared Service Centers can enter the data without changing the responsibility.
You do not need to change the responsibility to inquire or adjust the data for different operating units in Release 12. What you need to do is just give the access to multiple operating units from the responsibility, and then you can inquire and adjust the data from a single responsibility. So, you will find that Order Organizer form has OPERATING UNIT field in Find order window, you have access to Sales Orders across operating units. You can
query and adjust the data for different Sales Orders and operating units from this form. Similarly, you can review the invoices of multiple sales orders across operating units from the same responsibility. Also, you can check the order status for the customer of different operating units all using the same responsibility
Please note that, when I say accessing the data for multiple operating units, it is possible from a single responsibility, it does not mean you can access the data for multiple operating units at one go. You need to run the query each time you want the data for different operating unit. To put it differently, you need not change the
responsibility but you need to run the query separately for each operating unit from the same responsibility.
Coming to Data Processing and Report Generation, in Release 12, you can run the concurrent programs and reports for multiple operating units from a single responsibility. This does not mean you can run a single concurrent process across multiple operating units. You must still submit a request for each operating unit, but you can do this from a single responsibility. While running the concurrent program, you should specify the
operating unit for which you intend to run the concurrent process. For shared service center users, what it means is easy data entry followed by hassle free data processing and report generation.
Benefits of Multiple Organization Access Control functionality
First benefit is you will be able to achieve the same result in the reduced number of steps. This guy could have taken each step individually equating to three or four steps, but instead he took a shortcut, and achieved it in just one step. Similarly, if you want to enter, inquire, or process data for different operating units, you do not have to close the form, change responsibility, open the form and taken action. Instead, you can enter the data in the same form without closing it.
The second benefit is an automatic result flowing from the first one. It will definitely result in increased efficiency.