Browser version script Skip Headers

Oracle® Fusion Applications Sales Implementation Guide
11g Release 1 (11.1.2)
Part Number E20373-02
Go to contents  page
Contents
Go to Previous  page
Previous
Go to previous page
Next

3 Common Applications Configuration: Define Implementation Users

This chapter contains the following:

Initial Security Administration: Critical Choices

Initial Security Administration: Critical Choices

Initial security administration is performed by an administrative user who is created and provisioned with the IT Security Manager role.

Note

The Oracle Fusion Applications installation process creates a super user account, which is available for signing into Oracle Fusion Applications to create a user provisioned with the IT Security Manager role.

Initial security administration primarily establishes at least one implementation user. The IT security manager must provision the initial implementation user with sufficient access to set up the enterprise, including provisioning of the Application Implementation Consultant role to the implementation users.

Perform the following tasks to establish implementation users with appropriate access.

Creating Implementation Users

Create one or more implementation users by performing the Create Implementation Users task in Oracle Identity Management (OIM). An implementation user must exist to set up the enterprise in Oracle Fusion Applications.

Note

User and user account information is stored in the Lightweight Directory Access Protocol (LDAP) store. The implementation user does not need to be associated with a person in Human Resources (HR).

In the security reference implementation, the IT Security Manager job role hierarchy includes the User Management Duty role, which is entitled to create and manage users (the entitlement is Manage User Principal). This entitlement provides the access necessary to perform the Create Implementation Users task in OIM.

Creating a Data Role for Performing HCM Setup Steps

No predefined roles exist in the Oracle Fusion Applications security reference implementation to access the data necessary for setting up the HCM structures of the enterprise.

Setting up the HCM structures includes the following.

These setup tasks are commonly done by application implementation consultants with administrator access, for example an HCM Application Administrator View All data role.

Note

Administrator and implementation roles of the Oracle Fusion Applications security reference implementation are defined to access all other elements of the enterprise that need to be set up, such as the following.

Creating a Data Role for Implementation Users

Create a Human Capital Management Application Administrator View All data role.

This data role is based on the Human Capital Management Application Administrator job role and extends that role with unrestricted access to data in the secured objects that the role is authorized to access. Users assigned to this data role can perform all of the HCM setup steps.

Caution

Once an implementation user with a View All data role has completed HCM security setup, it may be prudent to revoke the role and provision it only when specific HCM security setup changes are necessary. A View All data role grants broad access to all business units, reference data sets, and so on. Security setup in other offerings are not data security enabled and do not require a View All data role for enterprise setup.

In the security reference implementation, the IT Security Manager job role hierarchy includes the Data Role Management Duty role, which is entitled to create a data role for Human Capital Management Application Administrator (the entitlement is Manage HCM Data Role). This entitlement provides the access necessary to perform the Create Data Role for Implementation Users task in Oracle Fusion Global Human Resources.

Provisioning Roles to Implementation Users

Provision the implementation user with one or more roles by performing the Provision Roles to Implementation Users task in Oracle Identity Manager (OIM).

For example, assign a role to the implementation user that provides the access necessary for setting up the enterprise, such as an HCM Application Administrator View All data role. Depending on the implementation, provision the predefined Applications Implementation Consultant role or a product family-specific administrator role, such as the predefined Financials Applications Administrator, to the implementation user. These predefined roles are available for selection in OIM.

In the security reference implementation, the IT Security Manager job role hierarchy includes the Identity User Administrators and Role Administrators roles, which entitle you to provision users with roles. This entitlement provides the access necessary to perform the Provision Roles to Implementation Users task in OIM.