| Oracle® Fusion 
					Applications Security Guide 11g Release 1 (11.1.1.5.0) Part Number E16689-01 |   Contents |   Previous | 
abstract role
A description of a person's function in the enterprise that is unrelated to the person's job (position), such as employee, contingent worker, or line manager. A type of enterprise role.
access control
A rule that identifies an entity, an action, and a resource to specify if an action is allowed.
accounting flexfield
The chart of accounts that determines the structure, such as the number and order of individual segments, as well as the corresponding values per segment.
action
The kind of access named in a security policy, such as view or edit.
application identity
Predefined application level user with elevated privileges. An application identity authorizes jobs and transactions for which other users are not authorized, such as a payroll run authorized to access a taxpayer ID while the user who initiated the job is not authorized to access such personally identifiable information.
application role
A role specific to applications and stored in the policy store.
BPEL
Business Process Execution Language; a standard language for defining how to send XML messages to remote services, manipulate XML data structures, receive XML messages asynchronously from remote services, manage events and exceptions, define parallel sequences of execution, and undo parts of processes when exceptions occur.
business object
A resource in an enterprise database, such as an invoice or purchase order.
business unit
A unit of an enterprise that performs one or many business functions that can be rolled up in a management hierarchy.
condition
An XML filter or SQL predicate WHERE clause in a data security policy that specifies what portions of a database resource are secured.
data dimension
A stripe of data accessed by a data role, such as the data controlled by a business unit.
data instance set
The set of human capital management (HCM) data, such as one or more persons, organizations, or payrolls, identified by an HCM security profile.
data role
A role for a defined set of data describing the job a user does within that defined set of data. A data role inherits job or abstract roles and grants entitlement to access data within a specific dimension of data based on data security policies. A type of enterprise role.
data role template
A template used to generate data roles by specifying which base roles to combine with which dimension values for a set of data security policies.
data security
The control of access to data. Data security controls what action a user can taken against which data.
data security policy
A grant of entitlement to a role on an object or attribute group for a given condition.
database resource
An applications data object at the instance, instance set, or global level, which is secured by data security policies.
duty role
A group of function and data privileges representing one duty of a job. Duty roles are specific to applications, stored in the policy store, and shared within an Oracle Fusion Applications instance.
enterprise role
Abstract, job, and data roles are shared across the enterprise. An enterprise role is an LDAP group. An enterprise role is propagated and synchronized across Oracle Fusion Middleware, where it is considered to be an external role or role not specifically defined within applications.
entitlement
Grants of access to functions and data. Oracle Fusion Middleware term for privilege.
flexfield
Grouping of extensible data fields called segments, where each segment is an attribute added to an entity for capturing additional information.
flexfield segment
An extensible data field that represents an attribute on an entity and captures a single atomic value corresponding to a predefined, single extension column in the Oracle Fusion Applications database. A segment appears globally or based on a context of other captured information.
function security
The control of access to a page or a specific widget or functionality within a page. Function security controls what a user can do.
HCM data role
A job role, such as benefits administrator, associated with specified instances of Oracle Fusion Human Capital Management (HCM) data, such as one or more positions or all persons in a department.
HTTP
Acronym for Hypertext Transfer Protocol. A request and response standard typical of client-server computing. In HTTP, web browsers or spiders act as clients, while an application running on the computer hosting the web site acts as a server. The client, which submits HTTP requests, is also referred to as the user agent. The responding server, which stores or creates resources such as HTML files and images, may be called the origin server. In between the user agent and origin server may be several intermediaries, such as proxies, gateways, and tunnels.
identity
A person representing a worker, supplier, or customer.
Java EE
An abbreviation for Java Platform, Enterprise Edition. A programming platform used as the standard for developing multi-tier Java enterprise applications.
job role
A role for a specific job consisting of duties, such as an accounts payable manager or application implementation consultant. A type of enterprise role.
offering
A comprehensive grouping of business functions, such as Sales or Product Management, that is delivered as a unit to support one or more business processes.
personally identifiable information
Any piece of information that can potentially be used to uniquely identify, contact, or locate a single person. Within the context of an enterprise, some PII data can be considered public, such as a person's name and work phone number, while other PII data is confidential, such as national identifier or passport number.
PL/SQL
Abbreviation for procedural structured queried language.
privilege
A grant or entitlement of access to functions and data. A privilege is a single, real world action on a single business object.
reference data set
Contains reference data that can be shared across a number of business units or other determinant types. A set supports common administration of that reference data.
role
Controls access to application functions and data.
role hierarchy
Structure of roles to reflect an organization's lines of authority and responsibility. In a role hierarchy, a parent role inherits all the entitlement of one or more child roles.
role mapping
A relationship between one or more job roles, abstract roles, and data roles and one or more conditions. Depending on role-mapping options, the role can be provisioned to or by users with at least one assignment that matches the conditions in the role mapping.
role provisioning
The automatic or manual allocation of an abstract role, a job role, or a data role to a user.
security profile
A set of criteria that identifies one or more human capital management (HCM) objects of a single type for the purposes of securing access to those objects. Security profiles can be defined for persons, organizations, positions, countries, LDGs, document types, payrolls, and payroll flows.
security reference implementation
Predefined function and data security in Oracle Fusion Applications, including role based access control, and policies that protect functions, data, and segregation of duties. The reference implementation supports identity management, access provisioning, and security enforcement across the tools, data transformations, access methods, and the information life cycle of an enterprise.
segregation of duties
An internal control to prevent a single individual from performing two or more phases of a business transaction or operation that could result in fraud.
SQL predicate
A type of condition using SQL to constrain the data secured by a data security policy.
supplier administrator
An internal job role responsible for maintaining supplier profile data and provisioning supplier contact user accounts.
trading partner
An external party, such as a supplier, in the Oracle B2B application for which electronic documents are sent or from which documents are received. A trading partner in Oracle B2B corresponds to a supplier site.
transaction
A logical unit of work such as a promotion or an assignment change. A transaction may consist of several components, such as changes to salary, locations, and grade, but all the components are handled as a unit to be either approved or rejected.
URL
Abbreviation for uniform resource locator.
XML filter
A type of condition using XML to constrain the data secured by a data security policy.