Delegated Proxy Access in E-Business Suite R12.2

Delegated Proxy Access in E-Business Suite R12.2

I’ve posted a few things over the previous months regarding new or changed functionality in E-Business Suite R12.2, and here is something that I think will be particularly useful. In previous versions of E-Business Suite it’s possible to grant access to full account level access to another user, however as of 12.2 this has been enhanced to responsibility-level access. So you no longer have to give another user full access to your account, you can delegate just the specific responsibilities you wish.

It’s probably easiest to show this via a demo. I log in using my user “beyond” and select Manage Proxies from the options menu. You might notice I’m using the Framework Simplified view here too! The reason for which will be apparent later 🙂

Select Manage Proxies


 

I now get a screen where I can select a user, the dates that I wish to grant this access, and the actual access I want to grant for both responsibilities and workflow. In this example I am going to grant the General Ledger Super User responsibility to the Sysadmin user until the 10th August 2016. I’ve also added in a little note to display to the grantee.

Grant Access

So after clicking submit I log in as the Sysadmin user, and the first thing I see is a workflow notification telling me that I have been granted the ability to act as a proxy for Beyond for the given dates, as well as the note I specified earlier.

Workflow Notificiation

The next thing to notice is that I now have an additional icon in my navigation bar.

New Icon

Those two people next to the notifications icon, which is the Switch User icon. Clicking on that shows me a list of the users to which I have been granted proxy access – one in this case, the Beyond user. I can now click on Switch to act as a proxy for that user.

Proxy List

Upon doing so, the first thing to notice is that my homepage has now changed to the simplified view! Even though I am logged in as Sysadmin, I am acting as Beyond and hence I inherit all the profile values for that user. I also get the little notice to the right of the screen highlighting that I’m in “proxy mode” for Beyond.

Proxy Mode

Now what I find interesting about this, and probably not surprising when you think about it, is that by acting as a proxy I actually inherit all of that users context; that includes their user ID. So logged in as Sysadmin but acting as a proxy for Beyond, I update a record through the professional forms interface and then view the record history.

Record History

So any records I update whilst acting as a proxy appear as if they have been done by that user themselves. This is obviously something to consider when granting out proxy access, however one would of course only grant out what was required and to who they trusted.

Finally, is this a good thing? Well… I can certainly see it being very useful, simply for the reason I demonstrated above. The functionality empowers users with their own access rights, however from past experience that can be a scary thing for some organisations who like to keep strict controls and external audit trails over access to data. Proxy access is however highly configurable; an administrator can choose who has the ability to grant proxy access, which responsibilities can not be delegated (i.e. we might not want to allow delegated access to the System Administrator responsibility), and the users to whom a person can delegate to (i.e. can only delegate upwards in the supervisor hierarchy).Further information on proxy access configuration can be found in the E-Business Suite Security Guide for R12.2.
So yes, ultimately I think it can be an extremely useful feature, but one that requires proper thought and policing before releasing to users. The last thing this should become is a different way for users to share passwords due to their access rights not being set up to support their job/role. If anybody is using this in their production environment then I’d be very interested to hear of their experiences!

Leave a Reply

Your email address will not be published. Required fields are marked *

six − two =

This site uses Akismet to reduce spam. Learn how your comment data is processed.