Introduction
This document describes the procedure for managing Security Grants in Oracle E-Business Suite (EBS) using the Ant utility. It outlines the automated process of granting user access to specific REST services within the Integrated SOA Gateway (ISG) framework. Implementing Ant scripts enhances consistency, simplifies security administration, and minimizes manual configuration efforts.
Scope
Oracle E-Business Suite R12.2 environments where service integrations are managed through ISG.It includes verifying the existence of the target user (for example, EBS_TST) and executing Ant commands to assign service-level access. The intended audience includes EBS administrators and integration specialists responsible for maintaining secure and automated service access controls.
Step-by-Step to Create Security Grants
Verify the Grantee User
Before creating grants, ensure the target user (e.g., EBS_TST) exists in Oracle EBS. You can verify this using the following SQL query from APPS schema:
SELECT user_name, start_date, end_date, account_status FROM fnd_user WHERE user_name = ‘EBS_TST’;
Proceed only if the user exists and the account is active.
Navigate to the Ant Script Directory. Ensure you are in the directory where the ISG Ant build file is located:
cd $JAVA_TOP/oracle/apps/fnd/isg/ant/
Execute Ant Commands to Create Security Grants
Run the following commands to create grants for the specified services.
Each command defines a specific repository name (-DirepNames) and the user receiving access (-DgranteeKey).
Each command grants access to specific ISG services.
EBS Metadata Provider Services:
ant -f $JAVA_TOP/oracle/apps/fnd/isg/ant/isgDesigner.xml -Dactions=create -DserviceType=GRANT -DirepNames=oracle.apps.fnd.rep.ws.service.EbsMetadataProvider[getEvents:getInterfaces:getMethods:getOIColumns:getOpenInterfaces:getProductFamilies:isActive:getXMLGatewayInfo:postXML] -Dverbose=ON -DgranteeType=USER -DgranteeKey=EBS_TST
Workflow Event Manager
ant -f $JAVA_TOP/oracle/apps/fnd/isg/ant/isgDesigner.xml -Dactions=create -DserviceType=GRANT -DirepNames=oracle.apps.fnd.wf.bes.EventManager[createSubscription:deleteSubscription] -Dverbose=ON -DgranteeType=USER -DgranteeKey=EBS_TST
Purchase Order Service
ant -f $JAVA_TOP/oracle/apps/fnd/isg/ant/isgDesigner.xml -Dactions=create -DserviceType=GRANT -DirepNames=/oracle/apps/po/service/PurchaseOrderService[createPurchaseOrder:createPurchaseOrderMod:getPurchaseOrder:getPurchaseOrderMod:performDocControlAction:updatePurchaseOrder:updatePurchaseOrderMod] -Dverbose=ON -DgranteeType=USER -DgranteeKey=EBS_TST
Validate Security Grants
After execution, verify that the grants were successfully created using:
ISG Administrator Responsibility → Security → Grants
Search for the user SRV_EBS_TST_ADM.
Verify that all specified services are listed and marked as Granted.
Or by checking the FND_ISG_GRANTS table:
SELECT grantee_type, grantee_key, service_internal_name, created_by, creation_date
FROM fnd_isg_grants WHERE grantee_key = ‘EBS_TST’;
Conclusion
Creating security grants using the Ant utility streamlines user access management in Oracle E-Business Suite ISG. It ensures consistent, secure, and automated assignment of service privileges across environments. By verifying the grantee user and executing predefined Ant scripts, administrators can efficiently manage and control integration-level security.
