In Self Service personalizations, there are two ways to change properties like Rendered or Read Only or Required. Either you hardcode a value of True/False during personalization or you attach a SPEL syntax to these properties via personalization. SPEL is nothing but an expression that returns TRUE or FALSE. In this article we will see how you can create a SPEL Expression by leveraging Permission Sets and Grants in AOL. For programmable SPEL refer to the earlier article linked here
This example is useful in cases whereby you have a need to perform same type of personalization across many different responsibilities, with each such responsibility pertaining to same set of Menu Items. In such cases, you can either personalize at responsibility level for each and every responsibility or you can simply personalize the fields just once at site level by attaching a SPEL expression. Even though we use this example with Responsibility, however in reality you can use this technique for any Role in the system.
The steps followed for this demonstration has the following high level steps :-
1. Ensure that you have a Form Function to use or else create a new Function
2. Create a Permission Set that includes the desired functions
3. Remove global grant on that function from Permission Set, so that Permission Set if not available to everyone. We latter roll out this permission set to specific set of roles or responsibilities,
4. Create Grants for that permission set for selected few responsibilities.
5. Personalize at site level, using SPEL expression that contains reference to the Function that you included in Permission set.
For example, if you grant XXFUNC to responsibility XXRESP1 but do not grant this function to XXRESP2. Then SPEL syntax of ${oa.FunctionSecurity.XXFUNC} will evaluate to TRUE if the function is available to that login context. For XXRESP1 this syntax will return TRUE whereas for XXRESP2 this syntax will return FALSE. If this SPEL is attached to a Read-Only Property of a field, then this field will be enterable in XXRESP1 and will be read-only in XXRESP2. Note that you will do personalization just once and thereafter you can totally control the read only and other properties using Grants functionality. This SPEL expression can be attached to the following properties via personalizations Rendered, Read Only, Disabled and Required. [Assuming Oracle Product developers have not disabled admin personalization for the fields that you are trying to personalize.]
In this example we will use responsibility “OA Framework ToolBox Tutorial”. Login to this responsibility and click Menu named Transactions and then click “Create Supplier”. Here you will see a field named “Start Date” that we wish to make enterable or read-only depending upon Function Grant.
For these demonstrations, we will create three responsibilities that have the same menu attached as per the responsibility “OA Framework ToolBox Tutorial”.
We need to make “Supplier Date” Enterable in Create Supplier Window for responsibility “XX1 Framework ToolBox Tutorial”; but the same field will be read-only for “XX2 Framework ToolBox Tutorial” and “XX3 Framework ToolBox Tutorial” responsibilities.
This can be easily done using personalization. But if you have dozens of responsibilities, some of which you wish to make read only responsibilities. In such cases, it is not practical to go and personalize each and every responsibility and retrospectively maintain personalizations at so many levels. Therefore you can create a Security Function and grant that Security Function to a set of responsibilities. There are some “minor bugs” in R12 when it comes to defining these grants. Therefore you should follow these steps exactly in the sequence shown in this white paper.
Responsibility 1
Responsibility 2
Responsibility 3
Assign these three responsibilities to your username
Step 1: Create function XX_SUPPLIER_DATE_ENTERABLE
This function will be available to XX1 Responsibility
This function will not be available to XX2 Responsibility
This function will not be available to XX3 Responsibility
This function will be of Type JSP
Name = XX Function Make Supplier Date Enterable
Code= XX_SUPPLIER_DATE_ENTERABLE
Type=SSWA jsp Function
HTML Call= OA.jsp?page=/dummy
Step 2: In Menu screen, Create Permission Set named “XX Permission Set Supplier Date”
Menu = XX_PERMISSION_SET_SUP_DT
User Menu Name = XX Permission Set Supplier Date
Menu Type = Permission Set
Add Function “XX Function Make Supplier Date Enterable” to this, and ensure that Global Grant is removed by unchecking checkbox “Grant”.
Save the data.
Step3
Grant this permission set “XX Permission Set Supplier Date” to XX1% responsibility
Navigate to Functional Administrator
Click on Security Tab, and click on Grants, and then Create Grant
Name= XX Grant Supplier Date Data Entry
Grantee Type = Group of users
Grantee = XX1%
Select the Responsibility “XX1 Framework ToolBox Tutorial” from LOV [source=FND_RESP]
Also enter the responsibility name
Click on Next, and in Set field, attach the permission set “XX Permission Set Supplier Date”
Click Next and then click Finish.
Effectively by doing this step, we have granted all the functions within the Permission Set “XX Permission Set Supplier Date” to a group of users that have responsibility “XX1 Framework ToolBox Tutorial”. Therefore when user accesses a page via responsibility “XX1 Framework ToolBox Tutorial” then they will have access to Function XX_SUPPLIER_DATE_ENTERABLE
Clear the global cache via Functional Administrator, and now in the end we need to attach Function via SPEL to read only property.
Step 4
Now personalize and set the Read Only Property to SPEL with value of SPEL being ${oa.FunctionSecurity.XX_SUPPLIER_DATE_ENTERABLE}
Navigate to responsibility “XX1 Framework ToolBox Tutorial”
Click on Transactions and then Click create supplier
Click on personalize page on top right corner
And personalize Supplier Start Date
In the read only property, at site level, select SPEL and enter ${oa.FunctionSecurity.XX_SUPPLIER_DATE_ENTERABLE}
Click Apply and then return to application.
Clear cache via Functional Administrator going to Caching Framework/Global Configuration
Navigate to responsibility “XX2 Framework ToolBox Tutorial” or XX3% responsibility
Click on Transactions and then Click create supplier
You will find that Start Date for Supplier is read-only
However, in responsibility “XX1 Framework ToolBox Tutorial”, this field will be enterable, as “XX1 Framework ToolBox Tutorial” responsibility has been granted permissions to function XX_SUPPLIER_DATE_ENTERABLE via permission set. This function is attached read-only property.
In future, you can attach SPEL to ${oa.FunctionSecurity.XX_SUPPLIER_DATE_ENTERABLE} for any other fields in these responsibility. Once that personalization with SPEL has been accomplished, then you may simply grant permissions on that permission set to the desired responsibilities.
Apps2Fusion Articles 
Comments
I'm new to OAFramework. I have a new requirement at the client site. Where in customer wants to hide some fields in iSupport 11.5.10 page for certain set of users.
Please let me know, How this can be achieved.
Than ks
Usha
I have tried the function security spel for conditionally rendering a button.
If to an existing user ,I add the responsibility ,then it works well and fine.(the button comes up)(expected functionality)
But if to an existing user the button does not comes up(unexpected functionality)
Please guide ,I have bounced the instance after that
I found your experience very very helpfull thus i wan to ask you can i make the messageRadioGro up read only and still functioning for saving record for example: I defaulted the Option "Save" in the LOv but when i make it read only and click on GO, it is not saving anything.???
C an any one help me please
I need to make the "Doc Attachment" field mandatory in Employee Self Service. Specifically for Add/Update of Dependent Information. All Help is appreciated.
T hanks,
Vishal
From time to time, I have had a need to change properties based on more complicated rules which could be sought from a PL/SQL function easily. How could you pass in the result of a PL/SQL function to the Read-Only property?
Thank s
Mike
Thanks for any information you are able to provide.
Kate
My requirement is i need to make field B required based on a condition and condition is if field A has these values like ('1','2','3') then B required. please tell me how can i solve it.
Where I added that SPEL, it got read only in that responsibility. In other responsibilitie s, field is updatable.
Can you please help.
RSS feed for comments to this post