Oracle EBS R12: Create User & Assign Responsibility — Step-by-Step DBA Guide with SQL Verification

Steps

Oracle EBS R12  ·  Security Series

Create User & Assign Responsibility
in Oracle EBS R12

A complete step-by-step DBA guide — from login to SQL verification, with field tables, tips, and production-tested queries.

Punit Oracle DBA May 2026 8 min read EBS Security · FND_USER · System Administrator

Managing Oracle E-Business Suite R12 user accounts is one of the most frequent tasks for an EBS DBA. Whether onboarding a new employee or extending access for an existing user, knowing the exact steps — and how to verify them at the database level — keeps your environment secure, auditable, and well-documented.

This guide walks through all 10 steps: from System Administrator login to ticket closure, with field references, SQL verification queries, and real-world DBA tips throughout.

✓ Prerequisites

• You have System Administrator responsibility assigned to your login
• You know the responsibility name(s) to assign to the new user
• Employee record exists in HR (if linking the user to a Person)
• User's email address is available for workflow notifications
• Password policy is reviewed and agreed with your security team

💡

DBA Pre-check Always query FND_USER before creating to avoid duplicates. A user already exists if end_date is null or in the future — just reactivate instead of creating new.

SQL — Pre-check

-- Check if user already exists before creating
SELECT user_id, user_name, start_date, end_date
FROM   fnd_user
WHERE  user_name = 'JSMITH';

⚡ Step-by-Step Guide

01

Login as System Administrator Responsibility Selection

Open Oracle EBS in your browser and authenticate with your named DBA account. Select the System Administrator responsibility from the list.

1 Open your browser and navigate to the Oracle EBS R12 login URL (e.g., http://<host>:<port>/OA_HTML/AppsLogin)

2 Enter your named DBA credentials — username and password

3 From the responsibility list, click System Administrator

4 Confirm the Oracle Applications Navigator loads correctly

🔒

SecurityNever use a shared admin account. Always use a named account for a clean audit trail — this is a top requirement in SOX and internal audit reviews.

02

Navigate to the Users Form Security → User → Define

From the System Administrator responsibility, navigate through the menu to open the Users definition form (FNDSCAUS).

Navigation Path

Navigator  →  Security  →  User  →  Define

1 Click the Navigator icon or menu at the top of the screen

2 Expand Security in the left-hand tree panel

3 Expand User, then click Define

4 The Users form (FNDSCAUS) opens — this is an Oracle Forms screen

⌨️

ShortcutIn some EBS configurations you can type FNDSCAUS directly into the Navigator search bar to open the form immediately.

⚠️

Forms EnvironmentThis is an Oracle Forms-based screen. Ensure your browser has Java Plugin / Oracle Forms Webstart configured, or that the Forms Applet is running correctly.

03

Enter User Header Details Users Form — Header Block

Fill in all required fields in the top section of the Users form. These define the user's identity, access window, and notification channel.

Field	Value / Example	Status
User Name	JSMITH	Required
Password	Welcome#123	Required
Description	John Smith – AP Clerk	Optional
Email Address	jsmith@company.com	Required
Password Expiration	90 Days	Per Policy
Start Date	Today's Date	Required
End Date	(Leave blank)	Blank = Active

🔑

Password TipThe user will be prompted to change their password on first login. Check FND_PROFILE password complexity settings before assigning an initial password.

04

Link Employee / Person (Recommended) Person Field — LOV (F9)

Linking the user to an HR person record is required for Self-Service HR, iExpense, iProcurement, and workflow notification routing. Always link when an employee record exists.

1 Click in the Person field in the Users form header area

2 Press F9 or click the LOV icon — the List of Values popup opens

3 Search by last name — type %Smith% and press Find

4 Select the correct person and verify the employee number matches HR records

🗄️

Verify in DB FirstAlways confirm the employee record is active in PER_ALL_PEOPLE_F before linking.

SQL — Verify Employee

SELECT full_name, employee_number, effective_start_date
FROM   per_all_people_f
WHERE  last_name LIKE '%SMITH%'
AND    SYSDATE BETWEEN effective_start_date
               AND NVL(effective_end_date, SYSDATE);

05

Assign Responsibilities Responsibilities Block — LOV (F9)

Responsibilities control what the user can see and do inside EBS. Each responsibility maps to a menu, security group, and application. Scroll to the lower block of the Users form to assign them.

1 Scroll to the Responsibilities block in the lower half of the Users form

2 Click in the Responsibility Name field in the first blank row

3 Press F9 — search using a partial name like %AP% or %Payables%

4 Select the responsibility — Application and Security Group auto-populate

5 Set the From Date (today's date or the user's start date)

6 Leave To Date blank for indefinite access, or set a date for temporary access

7 Repeat for each additional responsibility — add a new row for each one needed

Field	Value / Example	Status
Responsibility Name	AP Manager	Required
Application	Payables	Auto-filled
Security Group	Standard	Auto-filled
From Date	Today's Date	Required
To Date	(Leave blank)	Optional

⚠️

Least PrivilegeAssign ONLY the responsibilities the user requires. Over-privileged accounts are the most common finding in Oracle EBS security audits. When in doubt, consult the business process owner.

06

Save the Record Ctrl+S / Save Icon

Commit all changes to the database. Confirm the status bar shows a successful save message before proceeding.

1 Click the Save icon (floppy disk) in the toolbar, or press Ctrl+S

2 Confirm the status bar shows: Transaction complete: 1 records applied and saved

3 Note the user_id for documentation and SQL verification

✅

Best PracticeAlways verify the commit immediately using SQL. Do not assume the save was successful without querying the database — always confirm at the data layer.

07

Verify via SQL FND_USER · FND_USER_RESP_GROUPS_ALL

Run these two queries immediately after saving to confirm the user record and responsibility assignments are correctly committed to the database.

SQL — Verify User Record

-- Confirm user was created successfully
SELECT user_id, user_name, email_address,
       start_date, end_date, person_party_id
FROM   fnd_user
WHERE  user_name = 'JSMITH';

SQL — Verify Responsibilities Assigned

-- Confirm all responsibilities are assigned with correct dates
SELECT fu.user_name,
       fr.responsibility_name,
       fur.start_date,
       fur.end_date
FROM   fnd_user_resp_groups_all  fur,
       fnd_user                  fu,
       fnd_responsibility_tl     fr
WHERE  fu.user_id           = fur.user_id
AND   fur.responsibility_id = fr.responsibility_id
AND   fu.user_name         = 'JSMITH'
AND   fr.language          = 'US';

📊

Expected ResultYou should see one row in FND_USER with a null end_date, and one row per responsibility in FND_USER_RESP_GROUPS_ALL with the correct start_date.

08

Test the User Login End-to-End Validation

Login as the new user in a separate browser session to confirm everything is working end-to-end before closing the ticket.

1 Open EBS in a separate browser / incognito window

2 Login as the new user with the initial password

3 Confirm the password-change prompt appears on first login

4 Verify the assigned responsibilities appear in the Navigator

5 Click into one responsibility and confirm the menu loads correctly

09

Set Profile Options System Administrator → Profile → System

For multi-org environments or module-specific access, set these profile options at the user level. Navigate via System Administrator → Profile → System, query the user, and update accordingly.

Profile Option	Typical Value	When Required
MO: Operating Unit	Vision Operations	Multi-org setups
GL: Ledger Name	Vision Operations (USD)	GL module access
HR: User Type	Full Access	SSHR / HR access
ICX: Language	American English	Non-default language

10

Document & Close the Ticket ITSM / Audit Compliance

Every user creation must be documented for SOX, internal audit, or IT governance. Log the change with full details before closing the ticket.

1 Log the ticket in your ITSM system (JIRA, ServiceNow) with the user_id and responsibilities assigned

2 Record the creation date, requestor name, and approver name

3 Attach the access request approval email or form

4 Notify the user and their team lead that access is active

5 Set a reminder to review and revoke access when the employee leaves

🔴

Offboarding CriticalWhen a user leaves, set the end_date on the FND_USER record AND on each responsibility row immediately. Dormant active accounts are a top audit finding in Oracle EBS environments.

🗄️ Key Database Tables

Table Name	Purpose
FND_USER	All EBS application users — username, password hash, email, start/end dates
FND_USER_RESP_GROUPS_ALL	Links users to responsibilities with effective date ranges
FND_RESPONSIBILITY_TL	Translatable responsibility names and descriptions
FND_RESPONSIBILITY	Responsibility definitions — menu, data group, security group
PER_ALL_PEOPLE_F	HR person records — used when linking a user to an employee
FND_PROFILE_OPTION_VALUES	Profile option values at all levels including user level

📋 Post-Creation Checklist

User record visible in FND_USER with correct start date and null end date

All responsibilities appear in FND_USER_RESP_GROUPS_ALL with correct dates

User can login successfully and sees all assigned responsibilities

Password change prompt appeared on first login

Profile options set correctly for operating unit and ledger

Ticket logged with user_id, responsibilities, requestor, and approver

User and team lead notified — access is active and ready

💬 Final Thoughts

User creation in Oracle EBS R12 looks simple on the surface — but getting it right means linking the HR person, assigning the correct responsibilities, verifying at the database level, and documenting for audit. That difference separates a reactive DBA from a proactive one.

The SQL queries in this guide take 30 seconds to run and save hours of troubleshooting if something goes wrong. Make them part of every user creation workflow.

🤝

ConnectFound this helpful? Share it with your Oracle DBA team. Questions or a scenario you've encountered? Drop them in the comments — I read and reply to every one. Follow punitoracledba.blogspot.com for more EBS DBA guides.