Professional Documents
Culture Documents
PTT Global HR Day 4 Security - Instructor Presentation
PTT Global HR Day 4 Security - Instructor Presentation
1
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information
purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in making purchasing decisions. The
development, release, timing, and pricing of any features or functionality described for Oracle’s
products may change and remains at the sole discretion of Oracle Corporation.
Statements in this presentation relating to Oracle’s future plans, expectations, beliefs, intentions and
prospects are “forward-looking statements” and are subject to material risks and uncertainties. A
detailed discussion of these factors and other risks that affect our business is contained in Oracle’s
Securities and Exchange Commission (SEC) filings, including our most recent reports on Form 10-K
and Form 10-Q under the heading “Risk Factors.” These filings are available on the SEC’s website or on
Oracle’s website at http://www.oracle.com/investor. All information in this presentation is current as
of September 2019 and Oracle undertakes no duty to update any statement in light of new
information or future events.
Use Case:
• Large manufacturing customer has a centralized team for managing Compensation
functions and Salary data of all Employees.
• Line Managers & HR Specialists should not have access to Employee’s Salary data.
Solution:
• Create copy of the seeded roles Line Manager & Human Resource Specialist.
• Remove the privileges & roles related to Salary & Compensation in the
copied/custom role.
Abstract Role Shallow Copy New Abstract Role Abstract Role Deep Copy New Abstract Role
Line Manager Line Manager Copy Line Manager Line Manager Copy
Solution:
• Configure role provisioning rules. Autoprovision setting.
• Autoprovision Roles for all Users process.
Solution:
• Define Areas of Responsibility for HR Specialists.
• Define Person Security profile based on AOR & attach it in data role.
HR Specialist for HR Specialist for HR Specialist for HR Specialist for HR Specialist for
Users USA Canada India UK Australia
Job Role
Human Resource Specialist
10 Confidential – © 2020 Oracle Internal/Restricted/Highly Restricted: PTT Created Material
Use Case Scenario 4: Assignment-Level Security
Use Cases:
1. With Person-Level security, user having access to Person has access to all their
assignments. This may be data breach for some customers and may cause legal
issues.
2. Line manager should see only those Worker assignments which report to them,
should not see additional assignments the Worker has.
3. HR Specialist should access worker assignments only within their responsibility
scope.
• If using Custom criteria in Person Security Profile: Manually review each and change if needed
• If using Employment Contracts, run the process Migrate Employment Data, in mode Enhance
contract data to enable it's use in the responsive UI
Release Readiness
Solution: Solution:
• IP Whitelisting. • Location Based Access Control.
• Submit SR for IP Whitelisting entitlement. • All setups in the application itself.
OTBI BI Publisher
• Data access: Restricted by Security profiles • Data access in SQL data model:
— For full access: Core/unsecured tables
• Subject Areas access: Granted by duty roles — For data restricted by Security profiles: Secured
*Transaction Analysis* List Views
• Catalog folders & reports: Secured using the • Catalog folders & reports: Secured using
same duty roles that secure Subject Areas & function security privileges & also BI Roles
also BI Roles
BI Roles:
BI Consumer Role, BI Author Role, BI Administrator Role, BI Publisher Data Model Developer
Refer Release
20D: Readiness for
comprehensive list
• Assignment-Level Security
• New job set Regenerate Data Security Profiles and Grants