Professional Documents
Culture Documents
Ofch - Security
Ofch - Security
Ofch - Security
Every person who wants to access the fusion application must have a User account. Every User
account will be associated with some roles and based on the roles, person (user) can access the
fusion application. And if a person who has a user account but not associated with any roles then he
cant access the fusion application.
Note:
No Role No access
Employee and Line Manager Roles are called as Abstract Role and Human Resource Specialist Role is
called as HCM Data Role or Data Role.
We can find this data roles in other modules also like finance Data role etc. But HCM Data roles are
different from other Data roles.
Note:
Every User should have at least one Data Role & one Abstract Role.
ROLE TYPES
Oracle Applications Uses 5 types of Roles for Security Management
Data Roles:
Hcm Data Role is a combination of Function Security and Data Security.
Function Security is used to grant the access to the pages.
Ex: HR Specialist needs to access his functional pages like Hiring, Promotion and Transfer Pages.
By Function Security HR specialist will get access to the pages.
Function Security is a combination of Job Role, Duty Role and Aggregate Privileges.
Abstract Roles: Is a Role which gives access to ESS, MSS and Person Search or Employee Directory
(we can search for other employees who are working in our organization).
3 Abstract Roles are defined by oracle they are,
Employee Abstract Role
Line manager Abstract Role
Contingent worker Abstract Role
Job Roles: Job Role will tell what person you are.
Every user needs to be associated with Job role.
Duty Roles: Duty role will tell us what the user can do.
Note:
Data Roles are not delivered by Oracle. (The first challenge in implementation project is to
create Data Role to the user by considering the remaining roles and security profiles.)
One Data Role will have only one Job role. (one to one mapping)
Abstract Role, Job roles, Aggregate Privileges and Duty roles are delivered. We cannot create
and modify Aggregate privileges whereas we can create and customize Abstract Role, Job
roles and Duty roles
Person (managed)
Person (public)
Organization
Position
Legislative Data Group
Country
Document Type
Payroll
Payroll Flow
Above all are called as Scurried objects. A secured object will not be accessed by a user until we
create a security profile and give access to that particular user.
Generally View all Specific Security profiles are delivered by Oracle. If we want to create Security
profiles then we need to go to specific task like, Mange Person Security profile or Manage
Organization Security Profile etc.
Generally in real time Person (public) is defined as View All Security profile as the employee in the
organization is allowed to collaborate with all the employees in the organization.
USER ACCOUNTS
Without user account we cannot associate roles to the person or user.
TO create user accounts, we need to
- configure Oracle HCM Cloud security to create user accounts for new workers automatically.
User Accounts are maintained in OIM (Oracle Identity Management) which is a part of LDAP (Light
weight Directory Access Protocol) Store which is a part of Middle Ware.
- use "Manage Users" Task.(This approach is not recommended once implementation is done).
When we want to create a user for testing then we use Manage Users.
- use "Create Implementation Users" Task to create Implementation users.
Note:
The person who is having IT security Manager Role and access to OIM can reset the password when
required.
We can access data roles, delivered job roles and delivered abstract roles form OIM.
Authorization policy manager only will give access to the duty roles.
Use the "Assign Security Profiles to Role" Task to manage Data Roles and Assign Security Profiles to
them.