Restricting Inventory Organization Access in Oracle 11i and R12

If there has a request that you have to restrict Inventory Organization access for a responsibility, what should you do (e.g. Item Master Org should be hidden in all case except to the people who need to take care the Item Master) ?

The first thing come in mind is the "Organization Access" functionality:

Inventory -> Setup -> Organizations -> Organization Access

It is a very straight forward Form that you can assign which Inventory Organization(s) available to a responsibility. The trick of this Form (or the concept behind) is that once a responsibility is used, the default is that this responsibility does not allow to access all Inv. Org., unless you explicitly assign it.  The good side is that this setting is effective immediately; no need to submit what-is-the-name-again process, setup all-look-like-the-same profile options.

There has another way to do it.  I just learnt it yesterday.

I was looking at an instance which has HR loosely setup (just work for bookkeeping HR info).  Staff is unable to access all Inv. Org. in different Inventory responsibilities (Change Organization Window). 

Obviously the spot I checked immediately is the Organization Access Form.  No data in there.

The system was originally setup by Oracle consultants, and as you can expect, no one in the company actually knows how the setup was done.  Want to do some changes but don't know how to do? Please call this number and consultant will come to your house.  What's next is a big bill.

The actual setup which is capable to do this restriction is in somewhere not very related.  Yes, it is the HR security:

Super HRMS Manager -> Security -> Define Security Profile (11i)

Super HRMS Manager -> Security -> Profile / Global Profile (R12)

HR security a feature to restrict certain group of HR information or Operation Unit from being accessible in different places.  It is a pretty well-known and commonly-used features if the instance has organization hierarchy setting up properly and is well-structured.  It's little to be known that it can restrict Inventory Organization as well, as shown (restrict to use one Inv. Org. only):

After it is created, run the "Security List Maintenance" Concurrent Request under HRMS responsibility to make it effective.

Assign this security profile to Profile Option HR: Security Profile at Responsibility level (e.g. Inventory).  Then it has the same effect as using Organization Access.  For some reason, Profile Option MO: Security Profile (which is more make sense) does not work for this purpose.

If you want to apply the restriction to a particular user you really hate, you can set the Profile Option 

Enable Security Groups (Enable multiple security groups per responsibility, default is No) to Yes, and go to 

Super HRMS Manager -> Security -> Assign Security Profile

Assign this restriction to a particular FND user and responsibility. BTW, it only works for HR-related application.