Configure Data Security for Service Request Attachments

This feature allows control of service request attachment visibility through Role-Based Access Control (RBAC) in Oracle E-Business Suite. You can define role-specific permissions to view and edit both service requests and case attachments. For example, you can configure RBAC so that only the service request creator can view and update attachments, while restricting access to other agents.

This feature provides improved data security and compliance by ensuring sensitive service request attachments are accessible only to authorized roles. Use this feature to reduce the risk of unauthorized access, protect customer information, and streamline operations by giving users access only to the attachments relevant to the role.

Steps to Enable

  1. Create a new document category using the Application Developer responsibility, Document Categories window.

Navigation: Application Developer > Attachments > Document Categories.

Document Categories

Use SQL query to note down the NAME of the document category. 

In this example, the document category is Service Request Attachment (USER_NAME) and the NAME is CUSTOM1001647 as shown in the screenshot.

SQL Query
 

  1. Create a role and grant it using the User Management responsibility.
    1. Navigate to the Roles & Responsibilities page.
    2. In the Search region, select Roles & Responsibilities as the type.
    3. In the Name field, enter the responsibility name: Customer Support Specialist.
    4. Select Service as the application.
    5. Click Go.

Search Role

    1. Click on View in Hierarchy
    2. Click Create Role, and create a role under “Miscellaneous” category:

Create Role

    1. Click Save.
    2. Click Create Grant: and create a Grant as follows:
    3. Enter a name, description, and select Fnd Document Categories as the object.

Role and Role Interface

    1. On Create Grant: Select Object Data Context page, select Instance as the data context:

Create Grant

On the Create Grant: Define Object Parameters and Select Set page:

  • In the Instance Details region, enter the name of the category created in Step 1.
  • In the Set region, select the set Fnd Attachment Full Access, which is a seeded set used for FND DOCUMENTS object.

This set gives full edit access to attachments for roles that have this permission.

Create Grant Define Object Parameter

Click Next, check the details and click Finish.

  1. Now, click Add Note for the Customer Support Specialist responsibility and select the role that you just created.

Role Inheritance Hierachy

  1. Repeat the same steps for the Case Worker responsibility, but ensure that you use the Fnd Attachment Viewer as the set because for the case worker responsibility view-only capability is to be granted.

Create the role as follows:

Attachment Viewer

Create the grant as follows:

Update Grant Case Worker

  1. Use Personalization feature to make changes to the Attachments region for the Customer Support Specialist and Case Worker responsibilities.

Customer Support Specialist Responsibility

    1. Using the Customer Support Specialist responsibility, navigate to the Update Service Request page.
    2. Click Settings and then select Personalize Page.
    3. For the Problem and Diagnosis region, choose SITE as the personalization level.
    4. Add the following:
    5. Click Create Item icon under Entity Map: AttachmentsxRN.CsIncidents


 Personalization Structure

    1. Create a categoryMap as follows:
    2. Specify an ID, add the category as the new Category NAME that was create in Step 1
    3. Ensure to specify secured property as “true”.

Category Map

After completing these steps, any attachment that you add from the Customer Support Specialist responsibility will be editable by the service request owner.

Attachments

             Similarly, for the Case Worker responsibility, personalize the UpdateCasePG.xml to  create an entity map as shown in the screenshot.

Update Item

Notice that the attachments on the service request, when viewed from the Case Worker responsibility, the attachments belonging to the newly created category are in View mode  and are not editable.

Tasks and Related Information

Tips And Considerations

  • Define clear role policies: Review business requirements and decide which roles should have view or edit permissions before configuring RBAC.

  • Follow least privilege principle: Grant only the minimum level of access required to perform the job.

  • Test configurations: Validate role assignments in a test environment to ensure the correct users can access the right attachments.

  • Monitor and audit: Regularly review role permissions and access logs to maintain compliance and security.

Key Resources

Oracle TeleService Implementation and User Guide

  • Chapter: Setting Up Security
    • Topic: Configuring Data Security for Service Request Attachments