Goal: Review and record the hierarchy of security roles owned by a

particular Fusion Applications BI User.

Security Roles can be reviewed using OIM and APM, although they are not configured using thgse
utilities. To document the role hierarchy, screenshots are used, up to FA 11.1.8.

Security Role Hierarchy

For Fusion Applications BI issues, the hierarchy of Roles needed to enable display of data, must
include both the application stripe eg "hcm" AND also the BI stripe "obi"

At various levels these roles may have been customized, so what is needed is an analysis of
which roles the problem user is using. Caution: not to pick the seeded roles, if you user is
assigned custom roles

When you take screenshots, if the list is too long for the screen.....typically you may need to scroll
down, and then take a second screenshot

The hierarchy will be similar to this:

- User (*Note that for HCM the User is never associated directly with a Job Role but with a Data Role)

- Data Role (always unique to your company)

- Job (External) Role (may be seeded or custom)

- Duty (Application) Roles (may be seeded or custom)

- Abstract Role eg Line Manager

- Duty
(Application) Roles (may be seeded or custom)

Duty Roles
For HCM BI to work, each Duty role must be represented in each of the hcm and the obi stripe (the
same Duty Role resides in BOTH stripes. In the hcm stripe this Duty Role will have a child xxxx
Reporting Data Duty. In the obi stripe this same Duty Role will have a child Bixxxxx duty role
(usually BIAuthor).
Duty Rolesfor HCM will appear like this in APM:

Hcm

- Duty Role

o Reporting Data Duty

o Reporting Data Duty

- Duty Role...etc

obi

- Duty Role

o BI Application Role (usually BI Author)

- Duty Role..etc

Suggested Steps

1. Before you review the roles, understand which job role and duty roles are needed for accessing the
Subject Area. The OTBI User Guide
(http://docs.oracle.com/cd/E36909_01/fusionapps.1111/e38447/frameset.htm?toc.htm)

lists the seeded roles, but your company might have a custom version such as

Job Role: YourCo Compensation Manager

Duty Role: YourCo Compensation Transaction Analysis Duty

2. Using OIM, ask your Security Administrator to review and screenshot the security Data Roles
assigned to the problematic User. These will be custom roles which map to your company's data filters -
they are unique to your company

for example : YourCo Compensation Manager APAC

3. Review and Screenshot the Job (External ) Role(s) which are children of the Data Roles
4. Request your security Administrator to connect to APM

Search for "External Roles" for the Job (External) Role(s) from step 3. eg YourCo Compensation
Manager, review and take a screenshot

Double click the Job Role (make sure you have picked the right the one owned by the Data Role
owned by the problem user, it may be the seeded role or it may be a custom job role)
5. On the External Role Hierarchy tab
Review and Screenshot that the Job Role inherits

Transactional Business Intelligence Worker and

Business Intelligence Applications Worker

6. On the Application Role Mapping tab

Review and Screenshot that there is an app sub-hierarchy such as "hcm"

AND

BI sub-hierarchy such as "obi"

Expand the "hcm" sub-hierarchy

7. Review and Screenshot that it contains the Duty Role as listed in the User Guide eg Compensation
Transactional Analysis duty (HCM) . Note in the "hcm" sub-hierarchy , "(HCM)" is appended at the
end of the Duty role name.

8. Review and Screenshot that the " xxx Transactional Analysis Duty (HCM)" contains one or more
reporting data duty eg "xxx Reporting Data Duty"
Expand the "obi" sub-hierarchy

9. Review and Screenshot that it contains "xxx Transactional Analysis Duty" and it has a child which is
a BI Application role (typically "BIAuthor")