Permissions
Hubble makes use of standard EBS Views, Packages and Functions to ensure we can replicate specific elements of this functionality. The most notable of these to a DBA might be:
GRANT SELECT, INSERT ON APPS.FND_LOG_MESSAGES
To replicate EBS security, we follow How To Run FND_GLOBAL.APPS_INITIALIZE Using A User Other Than APPS (Oracle Doc ID 822225.1). This document states we need to
“GRANT ALL on FND_LOG_MESSAGES to …” the database user. We have limited the grants to SELECT and INSERT.
GRANT SELECT, INSERT, DELETE ON MO_GLOB_ORG_ACCESS_ TMP
To allow us to use Oracle’s Multi Org functionality, we follow SQL Queries and Multi-Org Architecture in Release 12 (Oracle Doc ID 462383.1) as advised in MO_GLOBAL.INIT('PO') Failure In Sqlplus ORA-01031: insufficient privileges (Oracle Doc ID 1564525.1). We also need to grant additional privileges on APPS.MO_GLOB_ORG_ACCESS_TMP to the database user.
GRANT SELECT, DELETE ON FND_MO_SP_PREFERENCES
Again to allow us to use Oracle's Multi Org functionality, in Release 12, we need to grant Select and Delete privileges on FND_MO_SP_PREFERENCES.
We only require GRANT ALL access in the three cases above. Attached below is a list of all EXECUTE permissions we need and why we require them.
TABLE NAME USAGE
FND_LOG_MESSAGES This is used to identify information about the user who has logged
in so the correct security can be applied as per Oracle Doc ID 822225.1. Hubble will not directly write to these tables.
MO_GLOB_ORG_ACCESS_TMP Used for the MOAC Process Oracle Doc ID 462383.1.
APP_EXCEPTION This is used to identify information about the user who has logged
in to apply the correct security as per Oracle Doc ID 822225.1 Referenced by the AP_INVOICES_PKG.
Referenced by MO_GLOBAL.
AP_INVOICES_UTILITY_PKG Referenced by the Oracle AP_INVOICES_V view.
AP_PAYMENT_UTIL_PKG Required to allow Hubble to use the seeded Oracle View
AP_DOCUMENTS_PAYABLE.
AP_PREPAY_UTILS_PKG Required for AP Approval Status PL/SQL Package.
AP_ETAX_SERVICES_PKG' Required for AP Approval Status PL/SQL Package.
FND_CACHE_VERSIONS_PKG
This is used to identify information about the user who has logged
in so we can apply the correct security as per Doc ID 822225.1. (fnd_cache_versions is a synonym for this package.)
FND_CLIENT_INFO This is used to identify information about the user who has logged
FND_CONTEXT Referenced by FND_GLOBAL.
FND_DATE Used to format and convert dates.
FND_GLOBAL
This is used to identify information about the user who has logged
in so we can apply the correct security as per Oracle Doc ID 822225.1
Referenced by FND_PROFILE.
Referenced by MO_GLOBAL. Referenced by HR_SIGNON.
FND_LOG This is used to identify information about the user who has logged in so we can apply the correct security as per Oracle Doc ID 822225.1.
Referenced by APP_EXCEPTION. Referenced by MO_GLOBAL.
TABLE NAME USAGE
FND_LOG_REPOSITORY
This is used to identify information about the user who has logged
in so we can apply the correct security as per Oracle Doc ID 822225.1.
Referenced by FND_GLOBAL.
FND_MESSAGE This is used to identify information about the user that has logged in
to apply the correct security as per Oracle Doc ID 822225.1. Referenced by APP_EXCEPTION.
Referenced by FND_PROFILE.
Referenced by FND_CACHE_VERSIONS_PKG. Referenced by MO_GLOBAL.
Referenced by HR_SIGNON.
FND_NUMBER Referenced by FND_GLOBAL.
FND_PROFILE This is used to identify information about the user who has logged in so we can apply the correct security as per Oracle Doc ID 822225.1.
GL_ACCESS_SET_SECURITY_PKG Performs DML operations on temporary tables.
HR_SIGNON This is used to identify information about the user who has logged in so the correct security can be applied as per Oracle Doc ID 822225.1.
This is used as part of the security.
IBY_UTILITY_PVT Used by the Oracle View IBY_SEC_EXT_BANK_ACCOUNT_V
JG_CONTEXT This is used to identify information about the user who has logged in so we can apply the correct security as per Oracle Doc ID 822225.1.
MO_GLOBAL Used as part of the Multi Org Process Doc ID (462383.1).