Scribd
Upload
31 views14 pages

3.1.security in Fusion HCM

The document outlines the security framework in HCM Cloud, focusing on role-based access control (RBAC) and the various types of roles including job roles, data roles, abstract roles, duty roles, and privileges. It details how to assign job roles, create custom roles, and manage data access through security profiles. Additionally, it includes a demonstration of creating users and assigning roles to manage visibility of data within the application.

Uploaded by

raavigopal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
31 views14 pages

3.1.security in Fusion HCM

The document outlines the security framework in HCM Cloud, focusing on role-based access control (RBAC) and the various types of roles including job roles, data roles, abstract roles, duty roles, and privileges. It details how to assign job roles, create custom roles, and manage data access through security profiles. Additionally, it includes a demonstration of creating users and assigning roles to manage visibility of data within the application.

Uploaded by

raavigopal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Security in

HCM Cloud

HCM TRAINING
BY U N O G E E K S

HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 1


Agenda

 Role based access control - RBAC

 Privileges, Duty roles, Job Roles, Abstract roles

 Assigning job roles to user and see the changes in application UI

 Security in HCM Cloud

 Grant Data Access to user

 Explain other options available in IT Security Console

 Create a custom role and compare it to standard role

HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 2


Cloud Security

Security in oracle fusion cloud works on the basis of roles and


controls who can do what in which set of data.

WHO WHAT WHICH


Employee View Payslip His own Payslip
Human Resource Hire/Rehire US1 Legal Entity
Specialist Employee
General Accountant Enter and Post US Primary Ledger
Journals
Accounts Payable Manage Invoices US1 Business Unit
Manager

HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 3


Security Framework
• Hire Employee
Priv • Rehire Employee
ileg
es

Dut • Employee Hire (ORA_PER_EMPLOYEE_HIRE_DUTY)


y
Rol
es

Job • Human Resource Specialist


Rol
e

HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 4


HCM Security Demo
1. Create User – Add Human Resource Specialist

2. Login as new user – New Person or Person Management – No data visible

3. FSM -> Manage Data Role and Security Profiles

4. Create a data role – UG HCM Access Data Role – Use View All Security Profiles

5. Assign the data role to new user

6. Login in as new user – Should be able to view all the LEs and Employees from all BUs (Curtis
%)

7. Create Organization Profile – UG US1 Org Security Profile - US1 Legal Entity – Legal Employer

8. Create Person Profile – UG US1 Person Security Profile - US1 Legal Entity

9. Update data role and assign above security profiles

10. Login as new user and only US1 Legal Entity should be visible now

HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 5


HCM Security Profiles
• Organization – US Legal Entity or View All Organizations
Sec
urit • Person – US Legal Entity or View All Persons
y • Position etc.
Prof
iles

Dat • XX HCM Access Data Role (XX_HCM_Access_Data_Role)


a
Rol
es

• Assign data role to users


Use
r

HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 6


HCM Data Role Components

HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 7


HCM Security Profiles
HCM data roles combine a job role with the data that users with the role must access. You
identify the data in security profiles. As data roles are specific to the enterprise, no
predefined HCM data roles exist.

To create an HCM data role, you perform the Assign Security Profiles to Role task in the
Setup and Maintenance work area. After implementation, you can also perform this task in
the Workforce Structures work area. The Assign Security Profiles to Role task opens the
Manage Data Roles and Security Profiles page. You must have the IT Security Manager job
role to perform this task.

When you create an HCM data role, you include a job role. The secured HCM object types
that the job role accesses are identified automatically, and sections for the appropriate
security profiles appear.

For example, if you select the job role Human Resource Analyst, then sections for
managed person, public person, organization, position, LDG, document type, and payroll
HTTPS://WWW.UNOGEEKS.COM +91 73960 33555
flow appear. You select or create security profiles for those object types in the HCM data 8
Predefined HCM Security Profiles
Security Profile
Security Profile Name Type Data Instance Set
View All Countries Country All countries in the FND_TERRITORIES table

View All Document Types Document Type All administrator-defined document types in
the enterprise

View All Flows Payroll Flow All payroll flows in the enterprise

View All Job Requisitions Job Requisition All job requisitions in the enterprise

View All Legislative Data LDG All LDGs in the enterprise


Groups
View All Organizations Organization All organizations in the enterprise

View All Payrolls Payroll All payrolls in the enterprise

View All People Person All person records in the enterprise

View All Positions Position All positions in the enterprise


HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 9
Role Hierarchy

HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 10


Type of Roles

 Data Roles
Data roles are combination of worker’s job and the data instances on which jobs can be
performed. For example, a data role Payroll Administrator Payroll US combines a job
(Payroll Administrator) with a data instance (Payroll US). As job is the one factor it inherits
Job Role and for the data, we attached a security profile with it.

 Job Roles
Job role aligns with the job that a worker is hired to perform. Human Resource Analyst and
Payroll Manager are examples of predefined job roles. Typically, you include job roles in
data roles and assign those data roles to users. The IT Security Manager and Application
Implementation Consultant job roles are exceptions, because they are not considered
HCM job roles and do not restrict data using HCM security profiles.

HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 11


Type of Roles

 Abstract Roles
Abstract roles represent a worker’s role in the enterprise, independently of the job that
the worker is hired to do. There are three seeded abstract roles delivered with Oracle
Fusion HCM. These are the Employee, Line Manager, and Contingent Worker roles.
Abstract roles are assigned to user automatically when some event occurs like Hire an
employee, Terminate an employee or Promote an employee.

 Duty Roles
Data Role aligns with the individual duties that users perform as part of their job but not
assigned to user directly. This role also grants access to work areas, dashboards, task
flows, application pages, reports, batch programs, and so on. Duty roles are inherited by
job and abstract roles, and can also be inherited by other duty roles. Needless to say we
can create custom role also, if needed. Duty Roles can also be referred to as a group of
Privileges.

HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 12


Type of Roles

 Privileges
A privilege is the right to perform a particular action, or to perform a particular action on
a particular type of object. For example, Managing / Viewing Salary of employees.
Privilege is the most minute level control that fusion provides in terms of Role
Customizations.

HTTPS://WWW.UNOGEEKS.COM +91 73960 33555 13


THANK YOU

Unogeeks Training Institute

+91 73960 33555

[email protected]

https://www.unogeeks.com

https://www.unogeeks.com 14

You might also like