Before TCA:

  • There are multiple customer definitions across the enterprise.
  • It was very difficult to track current and historical information about the customers.
  • There was a lack of support for mixed business.
  • It was quite tough to understand relationships between customers and others (suppliers, partners, competitors).

Customers: More important than anything else!

In any business, Customers and their data are always important. More than that what is important is to understand who your customer interacts with inside and outside the enterprise.

What is Trading Community?

The summation of all entities, inclusive of partners, suppliers, and competitors, that are related to your customers is called a Trading Community.

Trading Community Architecture:

Trading Community Architecture is the implementation of technology and applications to allow users to create and maintain relationships among entities. It is a way to understand who your customer interacts with inside and outside the enterprise.

It’s Main Purpose:

  • Create a central repository for the entire E-Business Suite to store information relating to all members of a trading community versus separate tables for each member-Prospects, Customers, Contacts, Employees, Partners, Distributors, Suppliers, Banks, etc.
  • Record complex business relationships between Trading Community entities (including 3rd party relationships).
  • Support all business models, industries, and geographies.

TCA Data Model Components:

1] Party:

It represents any entity that can enter into business relationships with your organization – Organization, Person, or Group.

  • Person – A unique individual (dead or alive) of interest to the user.
  • Organization  – A legal entity recognized by some government authority.
  • Group  – A combination of two or more people, organizations or groups.

2] Party Relationship:
It is a binary relationship between two parties such as a partnership.

  • Has a Role – Specifies the nature of the relationship between parties (e.g., member of, contact at, married to).
  • Indicates the Nature of the relationship – hierarchy or matrix.
  • Indicates the Direction of the relationship – superior – subordinate.
  • Can become a Party – a Relationship becomes a party in itself.

The relationship model enables you to:

  • Understand the complex relationships among members of your trading community
  • Use this information to make better business decisions

3] Location:
A Location is a point in geographical space described by a street address. In previous releases of Oracle, there was a risk of some data redundancy if more than one customer shared the same site or location. The new model eliminates this redundancy.

  • Any number of location types can be defined. (e.g., bill-to, ship-to, mail-to).
  • There is no duplication of an address.
  • It is possible to maintain Customer History per address.
  • It is also possible to maintain Important Install Base info.

4] Party Site:
It links a Party with a Location

  • Describes the usage of that Location for the Party  (e.g., mailing address, billing address, home address, etc.).
  • Allows Parties to be associated to one or more Locations and any one Location to be associated with Parties.

5] Contact:
A Contact is a person in the context of an organization, modeled as a relationship between an organization and a person or between two people, (this can be either a party contact or an account contact).
6] Contact Point:
A Contact Point is a means of contacting a party, for example, a phone number, e-mail address, or fax number.
This can be applied to:

  • A Party (person, organization, group or relationship)
  • A Site or Location
  • A Party at a Site or Location

An entity may have one or more Contact Points.
7] Customer Account:
A Customer Account represents the business (selling) relationship that a company deploying Oracle Applications has with a party.

  • Stores details about the Financial relationship between a Party and your business.
  • A Party may have one or more Customer Accounts.

8] Customer Account Site:
A Customer Account Site is a party site that is used by a customer account, for example, for billing or shipping purposes.
9] Customer Account Contacts:
A party contact that is used as a means of contacting the customer regarding his/her account.

Parties vs. Accounts

  • From an application perspective, one of the most important things to understand about the TCA model is that the concept of “customer” is separated into two layers: The Party layer and the Account layer. 
  • When CRM applications refer to “Customer” they are referring to the Party Layer.
  • On the other hand, when ERP applications refer to “Customer” they are referring to the Account Layer. 

New Trading Entities in R12

Below are the new entities that are merged in TCA architecture in R12.

  • Banks & Bank Branches
  • Suppliers
  • Legal Entity
The Worklist pages let you view and respond to your notifications using a Web browser. The Advanced Worklist provides an overview of your notifications, from which you can drill down to view an individual notification in the Notification Details page. You can also reassign notifications to another user, request more information about a notification from another user, respond to requests for information, and define vacation rules to handle notifications automatically in your absence.
Oracle Workflow also provides the Personal Worklist, which includes additional options to specify what notifications to display in your Worklist and what information to display for those notifications. Before you can use the Personal Worklist, your system administrator must give you access to it.
Worklist Access

The Advanced Worklist also lets you grant access to your worklist to another user. That user can then act as your proxy to handle the notifications in your list on your behalf. You can either grant a user access for a specific period or allow the user’s access to continue indefinitely.
The worklist access feature lets you allow another user to handle your notifications without giving that user access to any other privileges or responsibilities that you have in Oracle Applications. However, note that a user who has access to your worklist can view all the details of your notifications and take most actions that you can take on the notifications. Ensure that you take all necessary security considerations into account when you choose to grant worklist access to another user.
Advantages
If another user has granted you access to his or her worklist, you can switch the Advanced Worklist to display that user’s notifications instead of your own. When viewing another user’s worklist, you can perform the following actions:
View the details of the user’s notifications.
Respond to notifications that require a response.
Close notifications that do not require a response.
Reassign notifications to a different user.
Request more information about a notification from a different user.
Respond to a request for more information.
Limitations
If the user whose worklist you are accessing has a notification sent from you, you can only view that notification and cannot take any action on it. For example, you cannot respond to a notification that you reassigned to the other user, nor to a notification marked as being sent from you by special logic in the workflow, such as an expense report that you submitted to the other user for approval.
You cannot define vacation rules for the user whose worklist you are viewing. You also cannot grant access to that user’s worklist to anyone else.

Web ADI brings Oracle E-Business Suite functionality to the desktop where the familiar  Microsoft Excel, Word, and Project applications can be used to complete your Oracle E-Business Suite tasks. This guide provides instructions on using the Microsoft Excel functionality.
The Web ADI integration with Microsoft Excel enables you to bring your E-Business Suite data to a spreadsheet where familiar data entry and modeling techniques can be used to complete Oracle E-Business Suite tasks. You can create formatted spreadsheets on your desktop that allow you to download, view, edit, and create Oracle E-Business Suite data. Use data entry shortcuts (such as copying and pasting or dragging and dropping ranges of cells) or Excel formulas to calculate amounts to save time. You can combine speed and accuracy by invoking lists of values for fields within the spreadsheet.
After editing the spreadsheet, you can use Web ADI’s validation functionality to validate the data before uploading it to the Oracle E-Business Suite. Validation messages are returned to the spreadsheet, allowing you to identify and correct invalid data.
The fields that appear in the spreadsheet, their positions, and their default values can all be customized through Web ADI’s Layout functionality. This allows you to create a more productive work environment by removing unnecessary fields from the spreadsheet, and by organizing the spreadsheet in a way that conforms to your
practices.
Key Features
Oracle Web ADI includes the following features:

Works Via Internet

Web ADI uses Internet computing architecture to lower the total cost of ownership by having the product centrally installed and maintained. No installation is required on client machines; you need only a Web browser and Microsoft Excel. This architecture also provides superior performance over a WAN or dialup connection, since the exchange between client and server is simplified through the use of HTML.
Presents E-Business Suite Data in a Spreadsheet Interface
Spreadsheets provide a familiar interface that is common in the business environment. You can use familiar editing capabilities such as copying and pasting data, and moving ranges of cells to create or edit large amounts of data. Recurring data entry is possible by saving a spreadsheet, and then uploading it at needed intervals, such as every month or every quarter. Spreadsheets offer additional flexibility in the way work is done; they can be sent to others for approval or review, and they can be edited when disconnected from a network.
Validates Data
All data in the spreadsheet can be validated against Oracle E-Business Suite business  rules before it is uploaded. This includes validation against key and descriptive flexfields. Data is validated against accounts, segment security rules, and cross validation rules. If any errors are found, messages are returned directly to the spreadsheet, enabling you to correct the errors and successfully upload the data.
Enables Customizations
You can use the layout functionality to determine what fields appear in your spreadsheet, where they appear, and if they contain default values. These definitions can be saved, reused, and modified as needed.
Automatically Imports Data
Wed ADI automatically imports data into your Web ADI spreadsheets whenever you create them. This information can come from the Oracle E-Business Suite or from a text file. Imported information can be quickly modified in Excel, validated, and uploaded to the Oracle E-Business Suite. This feature can be useful when migrating data from a legacy system to the Oracle E-Business Suite.
The base layer of access control within Oracle Applications is Function Security. Function  Security restricts user access to the individual menus and menu options within the system.
The next layer of access control within Oracle Applications is Data Security. Working in  conjunction with Function Security, Data Security provides additional access control on the data  a user can see and what actions a user can perform on that data, within Oracle Applications.  Using Data Security, for example, you could control access to the set of orders that an order  administrator can update within the Order Management application.
User Management (UMX) provide the UIs for modeling data security within Oracle Applications.

The foundation of security is access control, which refers to how the system is being accessed and by whom. User security consists of three principal components: authentication, authorization and an audit trail.
Authentication validates the user’s identity, authorization controls the user’s access based on responsibilities assigned, and the audit trail keeps track of the user’s transactions to ensure that the user’s privileges are not being misused.
Authentication
Identifying and verifying who is allowed to access the system is the first line of defense. The most common approach is password-based authentication: if the legitimate user is the only one who knows the password, then whoever just entered the correct password is very likely to be the person authorized to use the account.
In a single-sign on environment, a single password allows access to more than one application, so the consequences of it being discovered or divulged are
proportionately much more serious.
Authorization
On entering the system, the user should only be granted access to the features and specific data needed to perform his job. Routine access to highly sensitive data should only be given to trusted users who need that level of access. The Function Security feature allows the System Administrator to manage the access privileges of individual users. By enforcing tighter security policies for more sensitive accounts, Function Security can mitigate the risk of unauthorized users’ access to highly sensitive information
Audit Trail
Even the most carefully planned user authentication and authorization policies cannot eliminate the risk of exploitation when the attacker is an authorized user. An audit trail can be used to keep track of a user’s transactions to verify that the user is not misusing his access privileges. Oracle E-Business Suite can record details of every user’s login,
including time stamp, session ID, and information about the Function Security rules applying to that session. Information about the identity of the user is also attached to all transactions. This provides a method for detecting the party responsible for any transaction, or determining which users viewed sensitive data in a given time period.

Network Security
An organization may or may not have physical control over the network infrastructure in use. The Internet is the best example of a network where it will not have control, and where extra steps must be taken to ensure security is not compromised.

A common concern regarding use of a public network such as the Internet is the possibility of someone eavesdropping on password transmissions by using a network sniffer. In such a case, though, the concern should be wider, and reflect the possibility of someone eavesdropping on sensitive information in general. In such cases, HTTPS (secure HTTP) connection to the E-Business Suite is recommended. All current browser-based password login screens send the password as a parameter in the HTTP form submission. Using an HTTPS connection will encrypt this information. The best practice is therefore to use HTTPS for all web-based access. On the other hand, if you have control over your network to the point where you can rule out eavesdropping, then password interception should not be an issue.
The main reason not to run HTTPS by default is performance, since it does introduce some overhead. A more strategic way to address this concern is to integrate the Oracle E-Business Suite with Oracle Application Server 10g Single Sign-On (SSO). Here, the SSO server that is responsible for user authentication is a different Web server from the one used with the E-Business Suite. Hence you can run the SSO server in HTTPS mode, while running the E-Business Suite Web server in the better-performing HTTP mode.
Oracle User Management
Oracle User Management (UMX) is a secure and scalable system that enables organizations to define administrative functions and manage users based on specific requirements such as job role or geographic location.
With Oracle User Management, instead of exclusively relying on a centralized administrator to manage all its users, an organization can, if desired, create functional administrators and grant them sufficient privileges to manage a specific subset of the organization’s users. This provides the organization with a more granular level of security, and the ability to make the most effective use of its administrative capabilities.
For example, a new feature in Release 12 provides a login assistance mechanism that is easily accessed from the E-Business Suite Login Page. A user simply clicks on the “Login Assistance” link located below the Login and Cancel buttons, and can then go to a Forgot Password section or Forgot User Name section to have the necessary action
taken automatically, without the need for an administrator to become involved.
Another new feature in Release 12 allows users with the relevant privileges to enable other users to act on their behalf, as delegates, without having to share the account password. For example, managers may need to grant peers or subordinates limited authority to act on their behalf while they are out of the office. This Proxy User feature allows control over the pages, functions, and data security policies that can be granted, and includes an on-screen display that indicates when a user is acting on behalf of another user.
Role Based Access Control
Oracle User Management implements several different layers of security, requiring organizations to specify:

  •  The set of users that will be granted access to specific areas of Oracle Applications
  •  The information these users will require to do their jobs
  •  The extent to which the users can use this information

Oracle’s function and data security models constitute the base layers of this system, and contain the traditional  ystem administrative capabilities.
Organizations can optionally add more layers to the system depending on the degree of flexibility they require. Role Based Access Control (RBAC) enables organizations to create roles based on specific job functions, and to assign these roles the appropriate permissions. With RBAC, administrative privileges and user access are determined by assigning individuals the appropriate roles.
Key features of RBAC include:

  • Delegated Administration – Enables system administrators to delegate some of their administrative privileges to individuals that manage a subset of the organization’s users.
  • Registration Processes – Enable organizations to provide end-users with a method for requesting various levels of access to the system, based on their eligibility.
  • Self-service Requests and Approvals – Enable end users to request initial access or additional access to the system by clicking on links embedded in a Web application.