The key definition is the responsibility, which allows access to the records specified by the security profile, using the windows specified by the menu structure, and the reports and processes specified by the report security group.
At most, one responsibility can see all records for one Business Group. When you create a new Business Group, a view-all security profile is automatically created. It provides access to all employee records, and all applicant records in the Business Group. The system administrator creates a responsibility that includes this view-all security profile, then assigns this responsibility to the users who are setting up the system. They in turn can set up security profiles for other users.
All secure users connect to the APPS ORACLE ID. This is created when the system is installed. However, for reporting users, you should create one or more new reporting user ORACLE IDs and associate each with a restricted security profile.
The first step in this procedure is the job of the ORACLE database administrator. The other steps are normally done by the system administrator.