Professional Documents
Culture Documents
Fusion HCM Technical Trainng Security
Fusion HCM Technical Trainng Security
Agenda
• Fusion HCM Security Concept
• Security Console – Features
• Create custom roles in Security Console
• Security Profiles
• HCM Data Roles
• Role Provisioning
Security Model
• Users gain access to functions and data within the applications through
roles.
• All of a user’s roles are active concurrently.
• Users don’t need to select a specific role when they log in.
Role Types
Oracle Fusion Applications use the following types of roles for security management:
Data Roles, Abstract Roles, Job Roles, Duty Roles, Aggregative Privileges
Abstract roles represent an employee’s role in the enterprise, independently of the job that
the worker is hired to do. Three abstract roles are delivered with Oracle Fusion HCM. These
are the Employee, Line Manager, and Contingent Worker. You can create custom abstract
roles. You assign abstract roles directly to users.
Job roles align with the job that a worker is hired to perform. (e.g. Human Resource
Analyst). You can create custom job roles. Typically, you include job roles in data roles and
assign those data roles to users.
Data role is a combination of an employee’s job and the data instances that users with the
role need access to. They aren’t delivered as part of the Security Reference Implementation
but are always locally defined. They are assigned directly to users.
Role Types
Duty roles align with the individual duties that users perform as part of their job. Grant
access to work areas, dashboards, task flows, application pages, reports, batch programs
and so on. May carry both function and data security grants. Inherited by job and abstract
roles, and can also be inherited by other duty roles. Delivered as part of the Security
Reference Implementation, and can be used as building blocks for custom job and abstract
roles. Not assigned directly to users.
Security Console
• Introduced in Release 9
• Significant improvements in
Release 10 and 11
• Starting from Release 12, it is
the only means of managing
roles. Completely replacing
Authorization Policy Manager
(APM)
• Typically, you copy a predefined
role and use it as a model for a
custom role
• Simulate the Navigator for a
user or role
Removing the Terminate Action – This will be done using Page Customization
• Easier way to remove access rather than removing duties/privileges from the
role
Example: Client wants to remove
Competition and Reputation links as
they are not leveraging those
functionalities in phase 1
Solution: This can be easily accomplished by removing the links from the structure using a sandbox. Find the item and
set the visible to No
Security Profiles
You can create HCM security profiles for the following HCM business objects:
• Person (managed) - identifies people you can perform actions against
• Person (public) - identifies people you can search for in the worker directory
• Organization
• Position
• LDG - Legislative Data Group
• Country
• Document Type
• Payroll
• Payroll Flow
Role Provisioning
Role provisioning is based on Fusion HCM flows. You can initiate the automatic
provisioning and revoking of roles from within the following flows:
• Hire an Employee
• Promote Worker
• Transfer Worker
Role Provisioning
Options:
Delegation Allowed – users who have the role or can provision it can delegate it to other
users
Requestable – managers and HR Specialists can assign the role manually
Self-requestable – users can request the role for themselves
Autoprovision – role is assigned automatically to users who satisfy the conditions
Thank you
Visit us at www.erpwebtutor.com