PROCESSIT 7.4 R1
For Oracle Fusion Middleware 11g

User Maintenance

©2025 Copyright ReadSoft AG (publ). All rights reserved. The contents of this document are subject to change without notice. ReadSoft is a registered trademark of ReadSoft AB. Other product and company names herein may be the trademarks or registered trademarks of their respective owners.
Questions or comments about this document may be emailed to documentation@readsoft.com.

ReadSoft AB (Head office) | Södra Kyrkogatan 4 | SE-252 23 Helsingborg | Sweden | Phone: +46 42 490 21 00 | Fax: +46 42 490 21 20
ReadSoft AG | Falkstrasse 5 | 60487 Frankfurt | Germany | Phone: +49 69 1539402-0 | Fax: +49 69 1539402-13
info@readsoft.com | www.readsoft.com

Parameter User SettingsWorkflow AdministratorUser running AP import jobResponsibility Running AP Import JobDefault user for PO MatchingMain User SetupUser setup controlFND User LoginSetting users to employeeConfiguring employee usersRole MaintenanceAvailable BPEL rolesCreate new roleMapping EBS Responsibilities to BPEL RolesUsersAccess control via role maintenanceAuditorWorklist AccessAdviser AccessSearch AccessOptions Menu AccessSupplier CreationOracle E-Business Suite User Password Notes

Parameter User Settings

Workflow Administrator

The Workflow Administrator is set via the configuration parameter Workflow administrator name. This user is defined as an administrative superuser, who receives notifications about exceptions.

By default, the superuser can view all documents in their Worklist, and has access to all functionality and configuration areas. This permission can be limited by the Role Maintenance access settings in the PROCESSIT Configuration Manager.

All invoices with validation errors are sent to the Workflow Administrator's Worklist. If no invoice hold receivers have been defined, the Workflow Administrator receives hold notifications.

You can setup a shared worklist for the Workflow Administrator to distribute Worklist tasks amongst several users to better balance the processing workload.

If you use the fnd user setup, you can specify access permissions similar to the Workflow Administrator's, if you have mapped a responsibility in Oracle E-Business Suite to BPMWorkflowAdmin or BPMSystemAdmin.

You should still define a user in this configuration parameter.

User running AP import job

The configuration parameter User Running Accounts Payable Import Job. defines the Import job username. This user role is associated with the action of running the Accounts Payable import job to import invoices to the ERP system.

Make sure the defined user has the dedicated Oracle Responsibility for this task, and that the responsibility is setup to run the two concurrent Oracle Jobs for import and validaiton.

Responsibility Running AP Import Job

The configuration parameter Responsibility Running Accounts Payable Import defines the responsibility used to run Accounts Payable import job and the Oracle Invoice validation concurrent job.

Default user for PO Matching

This user receives notifications about invoices that require manual matching to purchase orders. You can setup shared worklist for the PO matching user to distribute the workload amongst several users.

Main User Setup

User setup control

You can choose to use either Oracle E-Business Suite fnd user credentials or employee credentials for PROCESSIT user authentication. Selecting Fnd Users means that PROCESSIT reuses credentials associated with Oracle E-Business Suite users, including login credentials, approval hierarchy settings and responsibility permissions. Conversely, using the Employee authentication method means that you setup and maintain individual users within PROCESSIT itself.

The Fnd User implementation configuration is controlled by the configuration parameter User implementation to use.

When PROCESSIT is installed, the default setup is fnd user authentication.

FND User Login

If you select to use fnd user authentication, users log in with their existing Oracle fnd user name and password, and PROCESSIT applies security and approval settings according to your Oracle configuration.

Setting users to employee

If you do not wish to use Fnd Users as your method of authentication, you can configure PROCESSIT defined users. If you later want to change to employee, you should login to PROCESSIT with the login name of SETUP, using a password set during installation. This setup user only has access to configuration parameter settings. You can now select the Configuration Manager.

  • Set the configuration parameter User implementation to employee
  • Change all parameters that require a user, and apply an employee.

If you select to use employee authentication, every user must supply a password the first time they log in to the PROCESSIT Worklist, or log in from an email notification. The password can be configured in the parameters, and can be changed by the SETUP user, or a user with the BPMWorkflowAdmin role.

Configuring employee users

  1. Navigate to the configuration category User Maintenance
  2. Search for the user to configure.
  3. Select the user in the User name table.
  4. Define the roles for the user. Click Add new role to create an additional role.
  5. Define the active organizations for the user. Click Add new organization to connect the user to an additional organization.
  6. Continue until you have configured roles and organization access for all employees.
  7. Click Save.

Role Maintenance

Available BPEL roles

The default BPEL roles are initialized by the system during installation. You can change the settings for these roles, and use them to define access and task handling permissions by associating them with Oracle E-Business Suite responsibilities and specific users. It is not recommended that you delete these default roles. As standard, any users considered as system administrators should be mapped to the BPMSystemAdmin and/or BPMWorkflowAdmin roles.

The PDAuser role is used by PROCESSIT Mobile to control user access for Mobile approval.

  • BPMSystemAdmin
  • BPMWorkflowAdmin
  • BPMWorkflowReassign
  • BPMWorkflowSuspend
  • PDAUser

Create new role

You can create and configure any number of new roles, if you wish to setup customized roles to define permissions and access levels for certain user groups.

  1. Click Create role
  2. Define a name for the role.
  3. Set the permissions for the role.
  4. Map the role to responsibilities and/or users.

Mapping EBS Responsibilities to BPEL Roles

In the table list Responsibilities you can associate BPEL roles with Oracle E-Business Suite responsibilities. The table is based on the database table D4_ROLES_RESPONSIBILITIES, which defines PROCESSIT system roles and their mapping to Oracle E-Business Suite.

Each user with an E-Business Suite responsibility that is associated to a certain BPEL role can act and access in accordance with the settings for that role in PROCESSIT.

For instance, you can associate the E-Business Suite responsibility SYSTEM_ADMINISTRATOR with the BPEL role BPMSystemAdmin, which means that all E-Business Suite users with the SYSTEM_ADMINISTRATOR responsibility also have the BPMSystemAdmin role in PROCESSIT.

  1. Click Add Responsibility.
  2. Specify the Oracle E-Business Suite responsibility in the field in the column Responsibility.
  3. Select the role in the field in the column Role Name.
  4. Click Save.
  5. All users with the E-Business Suite responsibility now have access and can act in accordance with the BPEL role.

Users

You can also associate a role directly with a user in the Users table.

  1. Click Add user role.
  2. Specify the user in the field under the column User.
  3. Select the role in the field under the column Role Name.
  4. Click Save.
  5. The specified user now has access and can act in accordance with that role, no matter the E-Business Suite responsibilities.

Access control via role maintenance

You can also control application feature access via the Role Maintenance tool. For each role, you can enable limited access or full access to certain areas of the application, either by checking the box, or by selecting the access level in the correspoding column, in the row for the respective role.

The Organization column determines which Oracle E-Business Suite organizations the role can access. The default is set to All Organizations. The Role column is the row to which the settings apply. You can associate responsbilities with roles in the Responsibilities table.

To enable a role, make sure the Enabled column checkbox is checked. If it is not, the role is disabled and no actions or access can be aquired for the role.

These access areas are either enabled or disabled for users associated with the role:

If a user is associated with one or more roles or responsibilities that grant permission to an area, that user has that permission, regardless if other roles or reponsibilities denies it.

These following access areas can be set to either full or partial access:

Auditor

Determines the level of access that this role has within PROCESSIT Auditor.

  • Full Access: Access is allowed to all areas of PROCESSIT Auditor, including Auditor Advanced Edition features, if this add-on module is licensed.
  • Limited Access: Access is allowed to all areas of PROCESSIT Auditor, except Invoice Reconciliation.
  • No Access: All access to PROCESSIT Auditor is denied.
  • User Access: Access is limited to the Invoice Main Flow tab within PROCESSIT Auditor.

Worklist Access

Determines which Worklist notifications the users associated with each role can view in the PROCESSIT Worklist.

  • Full Access: All notifications for all users are available via the View Context. Users with Full Access can submit notifications on behalf of the assigned user of the task.
  • Admin Assistant: All notifications for all users are available via the View Context. The Admin Assistant can change User Rules (e.g. Vacation Rules), and can also reassign notifications. This person cannot submit or modify task notifications on behalf of the assigned user of the task.
  • Reassign Rules Admin: The Reassign Rules Admin can change User Rules (e.g. Vacation Rules), but can only view task notifications that have been either assigned or shared with them.
  • Reassign Task Admin: The Reassign Task Admin has access to view and reassign all task notifications for every user via the View Context, but cannot save or submit these notifications on behalf of the assigned user of the task.
  • User: Only notifications for the user logged in are available. The user cannot view shared Worklist notifications.

Adviser Access

Determines the level of access that this role has in PROCESSIT Adviser.

  • Full Access: Access granted to all areas in PROCESSIT Adviser.
  • No Access: Access to PROCESSIT Adviser denied.
  • Main Only: Access to Workflow Process Maintenance and Recovery Console denied.
  • Recovery: Access allowed to all areas of the Adviser, including the Recovery Console.

Search Access

Determines the available invoices in search result for the user or role. The highest granted access level for a user always overwrites lower grant for an organization.

See the Search topic for further details and examples of invoice result access configuration.

  • Administrator: Can retrieve and view all documents within Search.
  • User: Can retrieve and view all documents in Search for which the the user has participated in its processing.

Options Menu Access

Determines which items are available in the Options menu shown in the PROCESSIT Worklist for the associated role.

  • Create Invoices: Allowed to access the create invoice functionality.
  • Recurring Invoices: Allowed to access the recurring invoices setup, and able to define schedules for triggering recurring invoices.
  • Full Access: Allowed to access to both Create Invoice and Recurring Invoices.
  • No Access: Permission to access Create Invoice and Recurring Invoices is denied.

Supplier Creation

  • Approver Suppliers: Permission is granted to approve new suppliers created via PROCESSIT.
  • Create Suppliers: Permission is granted to create new suppliers in PROCESSIT if an invoice referencing a new suppplier is being processed. The created supplier must be approved prior to processing the invoice.
  • Full Access: Permission is granted to both create and approve new suppliers.
  • No Access: Permission to create new suppliers from PROCESSIT is denied.

Oracle E-Business Suite User Password Notes

  1. APPS: If password for the apps user is changed, it must be changed in the PROCESSIT configuration files as well.
  2. root on server: Password is changed when inital config is run. Can be changed without implication.
  3. oracle on server: Password can be changed without implication.