Fusion Financials Generic


1. Oracle Fusion Architecture
2. Oracle Fusion Enterprise Structure
3. Users
4. Creation of Implementation User
5. FSM(Functional Setup Manager)
6. Creation of Custom Roles
7. Security Profile/ MOAC
8. Cloud Computing
9. RBAC Security Model

1. Oracle Fusion Architecture

Fusion Applications Middleware Database
GL, AR, AP, FA, CM, PO, OM…. IDM or OIM, APM, BPM, UCM, SOA, BPEL… Oracle DB, Essbase DB
  IDM/ ODM in R11 replaced with ‘Security Console’ in R12. Means the functionalities which we can do from IDM/ ODM can be achieved using ‘Security Console’ in R12
IDM=Identity Manager

OIM=Oracle Identity Manager
Here we can create users (Implementation user), Assign roles to User, Create custom roles.
 Essbase DB
• Will be used only for GL transactions. Data will be moved from GL –>> Oracle DB –>> Essbase DB.
• FSG in EBS GL is replaced with FRS(Financial Reporting Studio) in Fusion.

• Reporting tools – FRS and Smartview.
• The solution for FRS and Smartview is taken from ‘Hyperion Financial Reporting’.
• Without Essbase, hyperion products cannot be used.
• Data will be stored in multi dimensional cubes.
• Only the primary ledger data will sync to Essbase. Journals data will be stored in Essbase.
• Hyperion Planning and Budgeting
• Oracle DB to Essbase DB we have drill down option.
• SRS in Oracle Apps = ESS Job Page (Enterprise Scheduler Service)
  APM is no longer supported in R12.
APM = Authorization/ Access Policy Manager

Used to create ‘Data Roles’ (supported in R11).
Here we maintain role templates and custom roles.
Till R11, system used to create ‘Data Roles’ automatically.

When Primary Ledger is created, system will automatically assigns to ‘GL Role Template’ which has below roles

General Accountant
General Accounting Manager
When Business Unit is created, system will automatically assigns to ‘AP Role Template’

Payables Manager
‘AR Role Template’

Receivables Manager
  BPM=Business Process Management
AME(Approvals Management Engine) in Oracle EBS replaced with BPM in Fusion. BPM is used to setup approval rules.
  UCM=Universal Content Management
We can perform data imports or exports. Ex: Conversions
  SOA=Service Oriented Architecture
Integrate Fusion with other third party applications/ systems.
  BPEL=Business Process Execution Language
Used for custom approvals. Similar to WorkFlow in EBS.
  LDAP=LightWeight Directory Access Protocol
After assigning roles to user, we need to sync with LDAP job.

2. Oracle Fusion Enterprise Structure

EBS Multi-Org Structure Fusion Enterprise Structure
Business Group(BG) Enterprise
• BG <> Enterprise
• We can create multiple BG’s but in Fusion we can have only one Enterprise in one instance. Instance = POD.
• We can set default ‘HCM’ info.
• Ex: Tata
  Divisions (Optional)
• TCS, Tata Motors
Primary Ledger(PL) Primary Ledger
• TCS PL, Tata Motors PL
Legal Entity(LE) Legal Entity
Operating Unit(OU) Business Unit
Inventory Organization(IO) Inventory Organization

3. Users

Implementation user Employee/ Business/ Application user
Should be able to complete all setups with limited access to other functionalities. Should be able to perform most of the functionalities.
Supplier site cant be created by implementation user Supplier sites can be created
Implementation user will be created using Security console. Employee user will be created in HCM
  Pre-requisite to create Employee user, we require Legal Entity and Business Unit.
  We should have LE, BU and LDG(Legislative Data Group {while creating LE we create LDG}) before creating employee user.
  Only ‘Employee user’ can be created as ‘Procurement Agent’. Only ‘Procurement Agent’ (Buyer) can create supplier site. Only ‘Procurement Agent’ (Buyer) can create Requisitions, Purchase Orders.

4. Creation of Implementation User
Navigation: Login to application using user (SCM_IMPL) which will be provided by vendor >> Navigator >> Tools >> ‘Security Console’ task >> Users >> Add User Account >> Enter mandatory fields >> Click on ‘Add Role’>> Search for below three roles and add them by clicking on ‘Add Role Membership’

Application Implementation Consultant IT Security Manager Employee
• User gets access to FSM – In FSM all module related configurations can be performed.
• User gets access to Security Console.
• From Security console, we can create new user, assign roles, create custom roles.
• Select code starting with ORA — ORA_FND_IT_SECURITY_MANAGER_JOB.
• User able to run reports
• Select code starting with ORA — ORA_PER_EMPLOYEE_ABSTRACT

**General Accounting Manager — Add this role to get ‘General Accounting’

Save and Close.

Reset password or Delete User
Navigation: Login to application using admin user (SCM_IMPL) >> Navigator >> Tools >> ‘Security Console’ task >> Users >> Under Action

**By default Oracle provides two environments. i) Pre-Prod/ Test Env ii) Prod Env

5. FSM(Functional Setup Manager)
FSM = Setup and Maintenance page

To access FSM below roles should be assigned to user
1) ‘Application Implementation Manager’
­   - Can create implementation project
­   - Can select offerings, options and features
­   - Generate task lists and tasks
­   - Assign tasks to individual functional users
­   - Monitor progress of implementation project
2) ‘Functional User Role’ (‘Human Capital Management Application Administrator’ for HCM)
­   - Can access the assigned implementation tasks
­   - Can perform the assigned tasks
­   - Can update task status
3) ‘Application Implementation Consultant’
­   - Super user, can perform both the tasks of Application Implementation Manager +  Functional User Role
­   - Also have access to import/ export

Offerings Options
Modules like Financials, SCM, CRM, HCM, Projects, and so on Financials(GL, AP, AR, FM, CM)
We have three HCM offerings or Primary business processes
i) Workforce Deployment
ii) Workforce Development
iii) Compensation Management
i) Workforce deployment – Options or Functional areas are Core HCM, Payroll, Time and Labour, Absence Management and so on
ii) Workforce development – Options or Functional areas are Goal, Performance, Talent Review….
iii) Compensation – Options are Compensation, Benefits, Total Compensation statement
­  -Benefits(Option)
­  -Workforce Compensation(Option)
­    -Custom help(Feature)
­    -Click to Dial(Feature)

Navigation: Homepage >> User Name >> Setup and Maintenance >> This is the FSM page.
Change to ‘Financials’ offerings in Setup. In case you want to see Offerings icons and their related documents then Actions >> Go to Offerings.
To ‘Enable’ the status/ Offering, click on ‘Opt in Features’ and check enable box.

• Create ‘Implementation Project’ to perform set ups and enable the required Offerings and Options.
• System creates Task List(List of Setups).
• We can track setups progress in ‘Implementation Project’.
• With the help of ‘Manage Configuration Packages’, we move setups from one instance to another instance.

Application Implementation Life cycle Plan Configure Implement Export/ Import Transactions Maintain
FSM Modules Setup and Maintenance Configure Offerings Manage Implementation Projects Manage Configuration Packages   All Tasks(Search)


6. Creation of Custom Roles
**Never edit Standard roles**

Job Role Duty Role Data Role Abstract Role
GL roles, AP roles which were assigned to user come under Job role Duty role will be part of Job role. We cannot assign duty role directly to user, its only Job role will be assigned to user. In case you want to assign duty role then create job role as well and assign job role to User. Duty role >> Job role >> User Exists till R11, obsoleted from R12  

i) Find & review the roles
ii) Compare roles
iii) Copy & modify existing role (Job & Duty)
iv) Create custom role (Job & Duty)

i) Find & review the roles
Navigator >> Tools >> Security Console >> Analytics >> We can see different Role Categories >> Click on any of the role category to review the list of roles.
Navigator >> Tools >> Security Console >> Administration >> Roles >> Here we can set prefix and suffix.
Navigator >> Tools >> Security Console >> Roles >> Search for ‘Accounts Payable Supervisor’ (code: AP_ACCOUNTS_PAYABLE_SUPERVISOR_JOB) >> Here we can find list of duty roles.
Navigator >> Tools >> Security Console >> Roles >> Search for ‘Accounts Payable Supervisor’ (code: AP_ACCOUNTS_PAYABLE_SUPERVISOR_JOB)  >> Actions >> Simulate Navigator >> Show: Access granted. Here we get list of privileges this role has.

ii) Compare roles
Navigator >> Tools >> Security Console >> Roles >> Compare Roles >> First Role: Accounts Payable Supervisor & Second Role: Accounts Payable Specialist (both codes start with AP) >> Compare.
From results, we can see that Accounts Payable Supervisor has more privileges.

iii) Copy & modify existing role (Job & Duty)
Job role:
Navigator >> Tools >> Security Console >> Roles >> Search for ‘Accounts Payable Supervisor’ (code: AP_ACCOUNTS_PAYABLE_SUPERVISOR_JOB)  >> Actions >> Copy Role >> Copy top role >> Copy Role >> Role name: Tata Accounts Payable Supervisor; Role code: TATA_AP_ACCOUNTS_PAYABLE_SUPERVISOR_JOB;  >> Next >> Next >> Next >> Next >> Add User to srikanth.employee >> Next >> Submit and Close
Search new role in your user 🙂

Duty role:
Navigator >> Tools >> Security Console >> Roles >> Search for ‘Payables Invoice Creation’ >> Copy Role >> Copy top role >> Copy Role >> Role name: Tata Payables Invoice Creation; Role code: TATA_AP_PAYABLES_INVOICE_CREATION_DUTY;  >> Next >> Next >> Next >> Next >> Next >> Submit and Close.
Now add this duty role to Job role. Search job role >> Edit>> Next >> Next >> Add duty role at Role Hierarchy >> Next >> Save and Close

iv) Create custom role (Job & Duty)
Duty role:
Navigator >> Tools >> Security console >> Create Role >>Role Name: TCS AP Manager Job Role; Role Code: TCS_AP_MANAGER_JOB_ROLE; Role Category: Financials – Job Roles >> Next >> Add Function Security Policy >> ‘Payables Invoice Creation’ duty role and ‘Payables Payment Creation’ duty role >> Next >> Create Data Security Policy >> Policy Name: BU Access; Database Resource: Business Unit; Data Set: Select by Instance set; Condition Name: Access the business units…for which they are authorized; Actions: Manage Payables Invoice >> Ok >> Next >> Next >> Add your user >> Save and Close

Next you have to run LDAP job

7. Security Profile/ MOAC
MOAC in EBS = Accessing multiple operating units from single responsibility.

MOAC in Fusion = Accessing specific BU from specific role.

i) Create Organization Security profile
ii) Assign Security profile to role
iii) Create new user & assign role to user
iv) Provide data access for user
v) Run LDAP

i) Create Organization Security profile
In FSM page search for task ‘Manage Organization Security Profile’ >> Create

Save and Close

ii) Assign Security profile to role
In FSM search for task ‘Assign Security Profiles to Role’ >> Create >> Data Role: Tata One BU Access; Job Role: Accounts Payable Manager >> Next >> Person Security Profile: Create New; Name: Tata; Enable Secure by Business Unit; Public Person Security Profile: Tata; Payroll Security Profile: Create New; Name: Tata Payroll >> Next >> Secure by Business Unit: Tata Organization Security Profile >> Assignments to Evaluate: All>> Next >> Next >> Next >> Submit

iii) Create new user & assign role to user
Security console

iv) Provide data access for user
In FSM search for task ‘Manage Data Access for Users’ >>  Create

Save and Close

v) Run LDAP
Go to ESS job page and run ‘Retrieve Latest LDAP Changes’

Now login with SRIKANTH.MOAC and Invoices >> Manage Invoices and see that we have only one BU.

8. Cloud Computing

The distinct categories of cloud computing are:
1. SaaS — Software as a Service
2. PaaS — Platform as a Service
3. IaaS — Infrastructure as a Service
4. DaaS — Data as a Service

Oracle owns and manages everything (hardware, software etc) and customer only subscribes to it. Customers have the ability to configure the software as per their needs. If there is any bug, oracle will fix it; may be immediately or later in the future releases; downtime etc are all controlled by oracle; supported by oracle via SRs  Developers own DataBase Oracle provides the database and application servers in their own data centers and supports the servers but customers will continue to own the application and can have customizations etc… this is like lift and shift from on-premise to oracle provided infrastructure/data center… and the version of oracle remains EBS 11i/R12 or whatever the client is on.Customer is responsible for application support, upgrades, patching, datafixes etc…
 Deployed over the internet.    
Subscription model = Pay as you go model. Only pay for the services which you avail    Oracle provides servers, storage, network and OS – as an on-demand service

On-Premise: The database and application servers are owned by the customer and be present in the data center owned by the customer’s office(premise). 11i/R12 etc traditionally are on-premise.

9. RBAC Security Model
RBAC = Role based access control. Restricting access to limited functionalities to a particular user. Ex: User getting restricted to access his own pay slip or to apply a leave.