Oracle Fusion, Oracle E-Business Suite

Tips, Tricks, Articles about Oracle E-Business Suite,Oracle Fusion, Oracle 11i, Oracle PL/Sql, Workflow, Order-to-Cash, Procurement-to-Pay, CRM, SOA, BPEL, WSDL, XML, OAF

Posts Tagged ‘User ‘GUEST’ does not have access to notification’

Oracle SS HR Notification – User ‘GUEST’ does not have access to notification

Posted by Senthilkumar on September 15, 2011

The user submits a transaction for approval in SSHR. Notification is sent to the approver. While attempting to open mail attachment the approver gets an error.

ERROR
———————–
User ‘GUEST’ does not have access to notification

How to open the attachment in the email notification without logging into the application?

Solution

To allow the users to access the notification without login, creates Data Security threats. Hence, after viewing the email, inorder to approve or reject the notification, user has to login to the application using his valid username and password. The approval process cannot be done without logging into the application.

It has significant functional impact for not allowing complete user session without login.

A documentation bug <<5346477>> has been logged to explain this issue.

References

BUG:5346477 – HRMS FAMILY PACK I ONWARDS, SSHR DO NOT ALLOW EMAIL NOTIFICATION WITHOUT LOGIN

You can Use Profile Option: “WF: Guest Access to Notification” With Post 11i.OWF.G Patch 6 [ID 277839.1]  to resolve this issue see below for solution and Pros/Cons.

Abstract

This note documents the re-introduction of the “Send Access Key” implementation
based on the Readme of patch 3467539 via the use of profile option “WF: GUEST
Access to Notification.”

Document History

Profile option “WF: GUEST Access to Notification” is available to customers who have
installed Oracle Workflow patchset 11i.OWF.G roll up patch 6 (3492743) or
Patch 3467539 ‘REIMPLEMENTATION OF THE SEND_ACCESS KEY FEATURE.’

Note: this feature is not recommended due to security considerations. However
customers who are confident in their own security configurations may choose
to use this.

Profile Option: “WF: Guest Access to Notification” With Post 11i.OWF.G Patch 6

Guest Access to Workflow Notifications
Steps To Enable Guest Access
Steps To Disable Guest Access
Features not Supported
Language Concerns
Known Issue
Related Documents

Summary

 After applying patchset 11i.OWF.G patch:2728236 users were forced to login when responding to Workflow notifications. The Send Access Key functionality which previously allowed the users to access the notifications without logging on was disabled with patchset 11i.OWF.G. This issue was reported in bug:3259983 and under the Known Issues' section of Note 225947.1 'About Oracle Workflow Mini-pack 11i.OWF.G.' With patch 3467539, Guest access to the Notification Details page lets users access this page from e-mail notifications without logging in to Oracle Applications with an individual user name and password. Guest Access to Workflow Notifications ====================================== While not recommended due to security reasons, this patch provides a site-level feature that allows users to access the Notification Details page through a URL without logging in directly to the Oracle E-Business Suite. In fact the user is logged in as the GUEST user in the background, and can access the Notification Details page for a given notification, as well as the Reassign and Request Information pages if they are available for that notification. This feature will typically be used by recipients of e-mail notifications that include a link to the Notification Details page. By simply clicking the link, users will be directed to the Notification Details page without having to login with their own individual user name and password. If the user is logged in already, the same session can be used though this is dependent on mail client settings. 
Steps To Enable Guest Access
=============================To implement this feature, perform the following setup steps. Both steps must be
completed together to enable guest access.

1. Set the ‘WF: GUEST Access to Notification’ profile option to “Enabled”
at the site level.

Note: the default value for this profile option is “Disabled”, which
disables guest access.

2. Create a function grant and assign the WF_GUEST_GRANTS function set to the
Guest user.

a. Navigate to the Functional Administrator responsibility. Choose the Security
tab and click the Create Function Grant button to create a grant
called “Workflow Guest User.”

b. Select Specific User and enter “Guest” as the Grantee. Click Next.

c. Enter “Workflow Guest User permission set” (short code: WF_GUEST_GRANTS)
as the Function Set. Click Next.

d. Enter todays date as the Start Date. Click Finish.

e. Stop and restart Oracle HTTP Server.

3. In Oracle Applications Manager, stop and restart all services.


Steps To Disable Guest Access
=============================At any time, you can revert back to requiring users to login to access
notifications using their individual user name and password. To do this,
you must disable guest access:

1. Set the WF: GUEST Access to Notification profile option to “Disabled”

2. Set an end date against the function grant earlier.

3. In Oracle Applications Manager, stop and restart all services.


Features not Supported
======================

Guest access to workflow notifications is not certified with the password-based
electronic signature feature for Release 11.5.9. Customers wishing to utilize
password-based electronic signatures are not supported to use the guest access
to notifications feature. It is not possible to backport this feature to
mini-pack 11i.OWF.G. Instead, it will be implemented in Release 11.5.10.

Security Concerns
=================

When users respond to a notification, reassign the notification, or request
information, Oracle Workflow updates several viewable and hidden fields with
information about the user who performed the action. Customers choosing to use
the guest access feature, where the user does not log in individually, should be
aware that these fields will be updated with information for the current user
who is logged in, which will be GUEST. Customers cannot log bugs related to
GUEST values being recorded in these fields. If a customer would like to record
the name of the actual user instead, the user must simply log in before
responding to the notification. If a customer has serious concerns about
recording information based on the GUEST user rather than individual users, they
should not utilize this feature and instead should require users always to log
in before responding to notifications

Language Concerns
=================

When a user accesses a notification through the guest access feature, Oracle
Workflow displays the notification according to the language and territory
preferences of the recipient role of the notification. The date and number
preferences will default from the Guest user. If users wish to view the
notification according to their own user preferences, they can simply log in
before accessing the notification.

Known Issue
===========

If the “Self Service Personal Home Page mode” is not set to “Framework Only”
when a user accesses the notification detail page from an email and then clicks
on the Home button, the user will be navigated to the Personal Homepage with a
“ORA-01403: no data found” error. This issue is being tracked as 3413114 NO
DATA FOUND WHEN CLICK ON HOME BUTTON.

Related Documents ================= Note 225947.1 About Oracle Workflow Mini-pack 11i.OWF.G Bug 3467539 REIMPLEMENTATION OF THE SEND_ACCESS KEY FEATURE

Posted in OAF, Oracle AME, Oracle HR, Oracle Workflow, Uncategorized | Tagged: , , | Leave a Comment »

 
Follow

Get every new post delivered to your Inbox.