Skip Headers

Oracle Human Resources Management Systems Configuring, Reporting, and System Administration Guide
Release 12.1
Part Number E13509-13
Go to Table of Contents
Contents
Go to previous page
Previous
Go to next page
Next

Security Rules

Security Overview

Defining which records and information users can access is fundamental to HRMS security.

As part of your implementation plan, you identify who will use Oracle HRMS, what information they require, and how they use it. You can control a user's access to database elements such as records, fields, forms, and functions, and you can also control a user's access to other user records and data.

All Oracle Applications users access the system through a responsibility that is linked to a security group and a security profile. The responsibility is the primary means of defining security. The security group determines which business group the user can access. The security profile determines which records (related to organizations, positions and payrolls) the user can access within the business group. For example, you can restrict a manager's security permissions so that the manager can only access the person records for those employees and workers within a supervisor hierarchy. This restriction enables secure, reliable data access and ensures that only people with the correct permissions can access personal data.

See: Responsibilities

Security and Business Groups

In general, a user can only view the records for one business group at a time. However, depending on the value of the HR:Cross Business Group Profile option, you can view specific information across business groups. See: User Profiles

See also: Single and Multiple Business Groups, Oracle HRMS Enterprise and Workforce Management Guide

Within a business group you can control:

See: Menus

See: Defining Menu Functions

Key Concepts

For more detailed information on security concepts, see:

Security Rules

You can set up and maintain security of access for different classes of users. Once you have identified who will use Oracle HRMS, what information they require, and how they will use it, you can group together users with similar requirements and give them the same view of the system.

AuditTrail is an Oracle HRMS system administration task which enables you to track and record changes to your data.

In what ways can you use security of access for different users?

You can set up menus using structures and names that make sense to the users. You can also restrict the data users can view and edit in certain windows, so they only see what they need to see.

This provides security for your data and an efficient interface designed for your users' needs.

How does Oracle HRMS allow data restriction for display in a window?

If you want different users to view the same window for different purposes, you can restrict their views in different ways. For example, you can:

How does Oracle HRMS enable users to view multiple business groups?

Oracle HRMS is installed with two security models, each enabling you to set up security for an enterprise which uses multiple business groups. Using either model you can only view records for one business group at any one time, except in cases where the HR:Cross Business Group user profile allows access to specific fields across all business groups. See: User Profiles.

The difference between the models is as follows:

What does AuditTrail provide?

AuditTrail provides a flexible approach to tracking the changes to your data. It enables you to keep a history of changes to your important data: what changed, who changed it, and when. With AuditTrail, you can easily determine how any data row or element obtained its current value. You can track information on most types of fields, including character, number and date fields.

Can you link windows together?

Yes. Oracle recognizes that to complete many tasks, you need to use more than one window. You can link these windows together in a task flow so that you can choose a button to bring up each window in turn without returning to the menu.

Security in Oracle HRMS

Key Concepts

The following definitions describe the key concepts in Oracle HRMS security.

Menu Structures

Using menu structures, you can limit the functions a user can access. You can also restrict access to information types by choosing which information types a user can view.

You can also create multiple versions of the same form, each one used for just one task. This approach restricts the list of values on certain fields and therefore provides for faster data entry. It also enables you to limit access to certain types of information.

Reporting Access

You can set up access restrictions for employees who never use the product's windows and do not change database information, but do access the database.

Request Groups

You can specify which processes and reports a reporting user can run by setting up request groups. Within the request group, you use security profiles to restrict the records accessed by the reporting user, who may run reports against the system without having online access through the system's forms.

Responsibility

The responsibility is your primary means of defining security. Business groups, menu structures, task flows, and information types are linked to a responsibility.

Security Groups

Security groups are a method of partitioning data. If you are using the Security Groups Enabled security model, you can manage information for multiple business groups using one responsibility. This is particularly useful if you are a Service Center. Security Groups Enabled security is also useful for organizations using Oracle Self Service HR and organizations with employees that must access and manage records from different business groups.

Security Models

The two security models, Standard HRMS Security (Security Groups Disabled) and Security Groups Enabled security (formerly called Cross Business Group Responsibility Security), both control security by restricting who and what the user can see. What differs is how you set up security, menus and how users log in. For more detailed information about each of the security models, see Security Models.

Security Processes

System security processes enable you to:

Security Profiles

By defining security profiles, you can control access to records of employees at or above a certain level in an organization. For example, you can give a department's administrator access to all department employee records except those of the manager and assistant manager.

User Profiles

A user profile is a set of changeable options that affects the way your application runs. You can set user profile options at site level, application level, responsibility level and user level.

You can restrict access to query-only for all or a selection of your HR and Payroll forms using a user profile option and the parameter QUERY_ONLY=YES at form function level.

Security Models

Oracle HRMS provides two different security models which enable you to set up security specifically for your enterprise: Standard HRMS security and Security Groups Enabled security (formerly called Cross Business Group Responsibility Security).

Note: If you want to set up security for employees who can access the database, but do not change database information, see: Reporting Access and Setting Up Reporting Users.

A further option exists which enables users to simultaneously view selected fields from all business groups in your organization regardless of the security model. For more information see HR: Cross Business Group Profile option.

Standard Security Model

Standard HRMS security restricts access to your enterprise's records and data. To set up Standard HRMS Security, you first create responsibilities and then define the windows, menus items, workflows, data and records the user can access. The System Administrator then assigns users to as many of these responsibilities as is required to complete their business tasks.

If you are using Standard HRMS Security, you must ensure that the Enable Multiple Security Groups profile option is set to the default value No. You must then create a security profile for each distinct security grouping of employees your enterprise requires.

You then create a responsibility for each user type you require, for example HR Manager, Branch Manager and Salesperson, and link the security profile and responsibility to a business group. These three elements create a security grouping to which you assign employees.

Assigning Users to a Responsibility, Security Profile, and Business Group

the picture is described in the document text

Note: Each security grouping you create restricts access to the business group to which the security profile and responsibility are assigned.

By assigning users to the security grouping, you grant them access to the records, menus and data defined in the security profile and responsibility. You can add further users to this security component, but you cannot re-use the security profile and responsibility within another business group.

Your enterprise can also set up request groups to restrict user access to reports and processes. The request group is associated with a security profile which defines the data a user can view, and is then assigned to a responsibility. It is also possible to set up reporting only request groups for users who access the database, but who are not permitted to change any of the records within the system.

For more information, see Setting up Standard Security.

Access to Multiple Business Groups using Standard Security

In Standard HRMS Security, you can grant users access to more than one business group within your enterprise. To do this, you must create security profiles and responsibilities and assign them to each additional business group. If a user's responsibility is assigned to more than one business group, they will not be able to view data from more than one business group at any time.

Note: The HR: Cross Business Group Profile option enables users to view some limited information across all business groups within an enterprise. For more information, see HR: Cross Business Group Profile option.

Standard HRMS Security (Security Groups Disabled) is commonly used in organizations which operate within a single legislation and a single business group.

Important: After setting up Standard HRMS Security, you can switch to the Security Groups Enabled security model. You cannot, however, to revert back to Standard HRMS Security after this change has been made.

The Completed Standard HRMS Security Model

the picture is described in the document text

Security Groups Enabled Model

The main difference between the two security models is that the Security Groups Enabled model enables your enterprise to share security profiles and responsibilities between users and business groups. This reduces the set up time, and also increases the flexibility of this security model. The key to re-usability is the relationship between the security elements and the users that you create during the set up process.

Important: Once you have set up Security Groups Enabled security, you cannot revert to Standard HRMS Security.

Access to Multiple Security Groups using Security Groups Enabled Model

The Security Groups Enabled security model enables you to assign a single responsibility to more than one business group, and hence enable users to access records from numerous business groups, although users cannot view information from different business groups simultaneously.

To set up Security Groups Enabled security, you set the Enable Security Groups Profile option to Yes, and run the Enable Multiple Security Groups process. These steps in combination create a Security Group which has the same name as the business group from which it was created. For more information, see Security Groups.

Note: To make the administration of your security setup easy to maintain, it is recommended that you leave the names of the Security Groups the same as your business groups.

Like Standard HRMS Security, your enterprise must create Security Profiles for each distinct security grouping within your enterprise. Security Profiles function slightly differently in the Security Groups Enabled model than they do in Standard HRMS security. Rather than one security profile being assigned to one responsibility, Security Groups Enabled security enables your enterprise to assign numerous security profiles to a responsibility. For example, an HR Manager and an Assistant HR Manager may be able to access the same menus and windows, but may be able to view different data. The following example illustrates the benefits of this function.

Assigning Multiple Security Profiles to a Responsibility

the picture is described in the document text

Note: The limitation of this is that a user can only be assigned one Security Profile per responsibility.

The functionality of responsibilities is also enhanced in the Security Groups Enabled security model. Increasingly, users require access to the records in more than one business group. To accomplish this, you can assign a responsibility to multiple business groups when you use Security Groups Enabled. The records, forms and type of data a user can access will be the same in each of the business groups to which they have access.

Note: When a responsibility is assigned to more than one business group, the user can only view records from one business group at any time.

The ability to assign one responsibility to multiple business groups makes the set up of security quicker and more efficient.

Note: The HR: Cross Business Group Profile Option enables users to view some information across all business groups within an enterprise. For more information, see HR: Cross Business Group Profile option.

Assigning a Responsibility to Multiple Security Groups

the picture is described in the document text

As with Standard HRMS Security, you can set up a request group to restrict user access to reports and processes. The request group is associated with a responsibility which defines the data a user can view. It is also possible to set up reporting only request groups for users who access the database, but who are not permitted to change any of the records within the system.

Once your enterprise has defined the security profiles and responsibilities, you must assign them to the relevant security groups. The final stage is to assign users to this group of information. The example below illustrates how the final security set up may look within your enterprise.

For more information see Setting Up Security Groups Enabled Security.

The Completed Security Groups Enabled Model

the picture is described in the document text

Three distinct enterprise types can benefit from the functionality offered by the Security Groups Enabled model; Service Centers, Multinationals and SSHR enterprises. Of course, the simplified set up and maintenance is of benefit to any enterprise.

Typically, Service Centers create a new business group for each customer they serve. Furthermore, Service Centers only require one responsibility and security profile to enable users to access and change data within the system. As the Security Groups Enabled model enables sharing of security profiles and responsibilities, the security set up process for Service Centers becomes quicker and more efficient.

In the case of Multinational enterprises, it is common to create a business group for each country in which the enterprise operates, and for each legislation the enterprise uses. Using the Security Groups Enabled model enables users to share records and data across business groups and countries.

For enterprises that use SSHR within a global implementation, the advantages of using Security Groups Enabled include quicker set up and easier maintenance. An additional benefit is that transferring employees or employee information between business groups is simplified.

Security Groups (Security Groups Enabled Model Only)

When you use the Security Groups Enabled security model (formerly called Cross Business Group Responsibility security), a security group is automatically created for each business group when you run the Enable Multiple Security Group Process. Because security groups are tied to business groups by set up, partitioning data using this method is the same as partitioning data by business group. See: Setting Up Security Groups Enabled security.

Important: Security groups are only used if you have set up your enterprise using the Security Groups Enabled security model.

Security groups are the key component in Security Groups Enabled security. They enable you to set up one responsibility and link this to a number of different business groups.

Before you can start using this security model you ensure that HRMS is set up to use security groups. To do this you set the Enable Security Groups profile option to Yes and run the Enable Multiple Security Group process.

Important: You can change from Standard HRMS security to Security Groups Enabled security, however, you cannot switch from Security Groups Enabled security back to Standard HRMS security. See: Updating the Security Model.

Once you have set up your enterprise to use security groups, Oracle HRMS automatically creates a security group when you set up a business group. The security group has the same name as the business group. For example, if you create a business group called UK Headquarters, Oracle HRMS automatically creates a security group called UK Headquarters. The Setup Business Group, however, uses the predefined security group Standard.

Note: If you change the name of your business group, the security group name is not updated. To make the maintenance of your security setup easier, Oracle recommends that you leave the names of the security groups the same as the business groups from which they are created.

Using the Assign Security Profile window you link the user, responsibility and business group to a security profile. By entering a business group you are automatically linking the responsibility to the security group.

You then log on using the responsibility and security group pairing. As security groups are automatically linked to a business group, you can then view and manage the records for that business group.

When you log on, Oracle HRMS displays all the pairings you have created between business groups and responsibilities. You could have the same responsibility listed twice with different security groups and therefore business groups. By looking at the security group you can select the correct responsibility for the business group you want to access.

To ensure the integrity of your business data, you can only view records for one business group at any time. To view records from a different business group you must switch to an alternative responsibility and business group pairing.

Important: Security groups are automatically created for you when you use Oracle HRMS. Do not use the System Administrator's Security Groups window to add security groups as these will not be linked to your business groups.

End-Dating Unwanted Responsibilities

When you first enable security groups and run the Enable Multiple Security Groups concurrent process, the process creates two sets of records for existing user/responsibility pairs:

If you are updating from Standard security, there may be many such records. For each existing user responsibility with a security group value of 'Standard', you need to decide whether or not the user requires access to the responsibility. Users who may need to update global lookup codes need access to the Standard security group.

In most cases, users will not require access to the Standard security group. In this case, enter an end date to remove access to the responsibility. This reduces the number of responsibilities the user sees on logging in, and prevents users from accidentally entering data into the wrong business group.

Note: By default, the Standard security group is associated with the Setup business group.

Example

If your user is set up with a responsibility called HRMS Manager you could link this to:

Using the same responsibility (HRMS Manager), you could also link to a different business group:

Therefore, you only need to set up one responsibility (HRMS Manager) but you can enable two business groups (UK Headquarters and Canadian Headquarters).

When the business group UK Headquarters was set up, a security group UK Headquarters was automatically created. When you linked the business group to the user's responsibility, the security group UK Headquarters would also be linked.

To view the records for business group UK headquarters you would select the HRMS Manager responsibility and the UK Headquarters security group.

If you then wanted to view the records for the Canadian Headquarters business group you would switch responsibility and security group pairing, selecting the same responsibility (HRMS Manager) and the Canadian Headquarters security group.

Categorizing Information By Security Groups

Important: You can only categorize information by security groups if you are using Security Groups Enabled security.

You can categorize the following information within your enterprise using security groups:

Note: You do not have to enter a security group against all the concurrent programs. Concurrent programs which are not linked to a security group display for all security groups/business groups.

See: Concurrent Parameters Program window, Oracle Applications System Administrator's Guide.

Reporting Access

Oracle HRMS enables you to set up reporting users who can query and report on the information in the database, but cannot insert, update or delete information. Reporting users can use Oracle tools, or other tools connected to the Oracle database, to report on information. Regardless of the tools used to access the database, reporting users can only read information, they cannot update information.

Using Oracle HRMS you can set up similar security restrictions to users who can update, insert or delete information. This ensures reporting users can only query and report on appropriate records.

All secure users connect to the APPS ORACLE ID. This is created when the system is installed. However, for reporting users, you should create one or more new reporting user ORACLE IDs. By associating these with a restricted security profile you can control whose records a reporting user can access.

You can make any of your restricted security profiles available not only for regular users, but also for reporting users. The security profile restricts a reporting user's access to employee records in exactly the same way as it limits regular users' access.

Reporting users can see all the details about the records they can access. To restrict the access of what a reporting user can view you must use view-based accesses. To support this need of reporting users you can use third party reporting tools to create business views.

For information about how to set up database access without on-line access, see: Setting Up Reporting Users.

Security Processes

There are four system security processes:

You run these processes using an HRMS responsibility from the Submit Request window.

Enable Multiple Security Groups Process (HRSECGRP)

You must run the Enable Multiple Security Groups process if you set the Enable Security Groups profile option to Yes. This process must be run when:

Note: To avoid errors when running the Enable Multiple Security Groups process, make sure that you set the Enable Security Groups profile option to Yes at the Application level.

Generate Secure User Process (SECGEN)

This process grants permissions to new reporting users. It grants the "hr_reporting_user" role to the REPORTING_ORACLE_USERNAME specified in the security profile.

Run this process when you have created a new security profile that references a reporting user. In the Submit Requests window, select the name of the new security profile. This is the only parameter for the process.

Security List Maintenance Process (PERSLM)

This process maintains the lists of organizations, positions, employees, contingent workers and applicants that security profile holders can access. You should schedule it to run every night to take account of changes made during the day to security profiles, organization and position structures, and person records. If a disruption, such as a power cut, occurs while the process is running, you can manually restart it from the Submit Request window.

Note: The PERSLM process replaces the earlier LISTGEN and GLISTGEN processes.

See also Running the Security List Maintenance Process

Important: The Security List Maintenance process should normally run when there are no users logged on to the system. Users attached while this process is running may experience unexpected results; for example, additional employees may become visible or previously visible employees may disappear from view.

Grant Permissions To Roles Process (ROLEGEN)

All reporting users in the system share access to a set of public synonyms for tables and views. Reporting users are granted permissions to make them usable. The Grant Permissions To Roles process creates these public synonyms and grants permissions to them.

Important: The Grant Permissions to Roles process is unrelated to setting up workflow roles for Oracle products that support security by workflow.

This process runs automatically as part of the autoinstall process when you install HR, or when you upgrade the system.

The process creates public synonyms for each of the required HR objects and then grants SELECT permissions to the role 'hr_reporting_user'. Permissions are not granted on the secured tables, but only on the secure views of those tables. All permissions previously granted to the role are revoked before the new grants are made. This ensures that the correct grants exist for the valid HR objects.

Setting Up Standard HRMS Security

Use the following setup steps if your enterprise sets up a different responsibility for each business group.

To set up users for Standard HRMS security:

  1. Ensure that the Enable Security Groups profile option is set to No at site and application level, using the System Profile Values window.

    If this option is set to Yes then you are not using Standard HRMS security.

    See: System Profile Values, Oracle Applications System Administrator's Guide.

  2. Define a Security Profile

    Note: For each restricted security profile you create that references a reporting user, you must run the Generate Secure User (SECGEN) process. This is a one-off process that is not required for view-all security profiles.

  3. Ensure that the required functions or menus are set up.

    This is required for the responsibility. For menu functions calling configured forms or task flows, you must enter a parameter in the Parameter field of the Form Functions window.

    See: Defining Menus

    See: Set Up Menus

  4. Ensure that the required request group is set up.

    You can define the groups of standard reports and processes that a user can run from the Submit a New Request window. Every responsibility can have access to one request group.

    Use the Request Groups window.

    See: Request Groups window, Oracle Applications System Administrator's Guide

  5. Define a responsibility using the Responsibility window.

    See: Responsibilities Window, Oracle Applications System Administrator's Guide

  6. Set the HR User Profile Options for the new responsibility using the System Profile Values window. You must set up the:

    See: System Profile Values Window, Oracle Applications System Administrator's Guide

  7. Create the username and password using the User window.

    Link the user to as many responsibilities as they need using the User window.

    Important: Do not use the HRMS Assign Security Profile window if you are setting up Standard HRMS security.

    See: Users Window, Oracle Applications System Administrator's Guide

  8. Run system security process using the Submit Request window:

    See: Running the Security List Maintenance Process

Setting Up Security Groups Enabled Security

Use the following setup steps if your enterprise wants to enable many business groups for one responsibility.

Note: You only need to perform steps 1 and 2 when you first implement Oracle HRMS security. You can perform the other steps at any time.

You can update your security model from Standard HRMS Security to Security Groups Enabled security by following these steps.

Important: Once you have changed to Security Groups Enabled Security you cannot revert to the Standard Security model.

To set up users for Security Groups Enabled Security:

  1. Set the Enable Security Groups Profile Option using the System Profile Values window.

    Ensure the Enable Security Groups profile option is set to Yes at the application level for Oracle Human Resources.

    Note: If this option is set to No then you are not using Security Groups Enabled security.

    See: System Profile Values, Oracle Applications System Administrator's Guide.

  2. Run the Enable Multiple Security Group Process using the Submit Request window.

    You must run the Enable Multiple Security Group process to set up Oracle HRMS to use security groups.

    See: Submitting a Request, Oracle Applications System Administrator's Guide

    Warning: The creation of security groups is more complex with Oracle HRMS 11.5.10 and later releases. For this reason, the Enable Multiple Security Group process may appear slow, particularly if you have a large number of business groups.

    The Enable Multiple Security Group process sets the Enable Security Groups profile option to Yes for all HRMS applications. We strongly recommend that you do not change the value of this profile option to another value.

  3. Define a Security Profile.

    Note: For each restricted security profile you create that references a reporting user, you must run the Generate Secure User (SECGEN) process. This is a one off process that is not required for view all security profiles.

  4. Ensure that the functions or menus you require are set up.

    This is required for the responsibility. For menu functions calling configured forms or task flows, you must enter a parameter in the Parameter field of the Form Functions window.

    See: Set Up Menus.

    See: Defining Menus.

  5. Ensure that the request group you require is set up.

    You can define the groups of standard reports and processes that a user can run from the Submit a New Request window. Every responsibility can have access to one request group.

    Use the Request Group window.

    See: Request Group window, Oracle Applications System Administrator's Guide

  6. Define a responsibility using the Responsibility window.

    See: Responsibility Window, Oracle Applications System Administrator's Guide

  7. Set the HR User Profile Options for the new responsibility using the System Profile Values window. You must set up the HR: User Type option.

    You can also set the HR:Cross Business Group Profile option. This enables you to view some information across all business groups within your enterprise. See HR:Cross Business Group Profile option for more information.

    Note: For Security Groups Enabled security donot set up or amend the HR:Security Profile profile option or the HR: Business Group profile option using the System Profile Values window. To set up or change this profile option use the Assign Security Profile window.

    You can set also set up other User Profile Options.

    See: System Profile Values Window, Oracle Applications System Administrator's Guide

  8. Create usernames and passwords using the User window.

    Important: Do not link responsibilities and security groups (business groups) to users in this window. Instead, use the Assign Security Profile window. If you do enter a responsibility and security group in this window, you still need to use the Assign Security Profile window, to link your user to a responsibility and security profile. If you do not use the Assign Security Profile window, the default view-all security profile is used and your user will be able to see all records in the business group.

    See: Users Window, Oracle Applications System Administrator's Guide

  9. End-date unwanted user responsibilities linked to Standard security group

    When you first enable security groups and run the Enable Multiple Security Groups concurrent process, the process creates two sets of records for existing user/responsibility pairs:

    Note: By default, the Standard security group is associated with the Setup business group.

    Use the Users window.

    See: Users Window, Oracle Applications System Administrator's Guide

  10. Assign Security Profiles.

    Associate a security profile with a user, responsibility and business group using the Assign Security Profile window.

  11. Run system security process using the Submit Request window:

Setting Up Security for Applications Using Some HRMS Windows

If you are setting up an Oracle application that uses HRMS windows (such as Organization or Position), you need to set up some features of HRMS security.

Note: If you have licensed Oracle HRMS, do not follow these setup steps. Instead, follow the steps in Implementing Oracle HRMS.

Using the following procedure you can either set up a responsibility that can view all records in the Business Group, or restrict access to the records for selected organizations or positions. You can also set up organization security for Financials and Manufacturing business views.

Organization Security for Financials and Manufacturing Business Views

You can set up security for Oracle Financials and Manufacturing applications that use organizations and organization hierarchies in their business views.

To do this, you create a single security profile that secures data either by single operating unit or by operating unit and inventory organizations, as required. You must also set the MO:Security Profile profile option at site or application level, to point to this new security profile.

To establish multi-operating unit access for some business view users, you can create for each type of user a security profile that secures organizations by organization hierarchy, using the security profile functionality. You can then set the MO:Security Profile option at responsibility level for these users.

The show_bis_record function secures data according to the definition of the security profile that is referenced by the MO:Security Profile profile option. If this profile option is not set, the HR:Security Profile profile option is used. This function is called by financials and manufacturing business views.

Single Operating Unit Security

In the Organization Security tab of the Security Profile window, select the Secure organizations by single operating unit option from the Security Type poplist. The operating unit is determined using the operating unit specified in the MO:Operating Unit profile option.

Single Operating Unit Plus Inventory Organizations

In the Organization Security tab of the Security Profile window, select the Secure organizations by operating unit and inventory organizations option from the poplist. The operating unit is determined using the operating unit specified in the MO:Operating Unit profile option. The inventory organizations you wish to include must exist within this operating unit.

Impact on Security Implementations

Financial and manufacturing business view users who have not created security profiles have unrestricted access to their data.

Financial and manufacturing business view users can secure their business view data by security profiles identified by the HR:Security Profile profile option, as long as they have not set the MO:Security Profile profile option. If this has been set, they must modify their security setup to reflect the fact that the financial and manufacturing business views secure data using the MO:Security Profile profile option.

HRMS security is not affected by these options. The HRMS business views and forms secure data according to the setting of the HR:Security Profile profile option.

To set up security

  1. If you are setting up a restricted access responsibility, create a restricted security profile to define the organizations or positions the responsibility can access.

    Note: Ensure your Application supports restricted access security. Not all Oracle Applications support this type of security.

    If you are setting up a responsibility which can view all the records in the Business Group, you do not need to set up a security profile.

    Note: A view-all security profile is automatically created when you set up a Business Group. The view-all security profile always has the same name as the Business Group.

    See: Defining a Security Profile

  2. Define a responsibility using the Responsibility window.

    See: Responsibilities Window, Oracle E-Business Suite System Administrator's Guide - Security

  3. Select a security profile for the new responsibility.

    In the System Profile Values window, enter a security profile at the responsibility level for the HR:Security Profile profile option.

  4. Create a new user and link the user to a responsibility using the User window.

    See: Users Window, Oracle E-Business Suite System Administrator's Guide - Security

  5. If you are setting up restricted access security, run the Security List Maintenance Process (PERSLM) from the Submit a New Request Window. If you are setting up view-all security you do not need to run the Security List Maintenance process.

    This process maintains the list of organizations, positions, employees and applicants that security profile holders can access. You should schedule it to run every night to take account of changes made during the day.

    See: Running Reports and Programs, Oracle E-Business Suite User's Guide

Setting Up Reporting Users

Reporting users do not have online access to the database through system forms. They use reporting tools to prepare reports on the information their security profiles grant.

All secure users connect to the APPS ORACLE ID. This is created when the system is installed. However, for reporting users, you should create one or more new reporting user ORACLE IDs and associate each with a restricted security profile. Only users that have been registered as Restricted Oracle Users are available for selection as reporting users in the Security Profile windows.

The first step in this procedure is the job of the ORACLE database administrator. The other steps are normally completed by the system administrator.

To set up a new reporting user

  1. Create a new reporting user ORACLE ID.

  2. Register the new ORACLE ID with Application Object Library using the Oracle Users window, selecting Restricted in the Privilege field.

  3. Define a security profile for the new ORACLE ID.

    See: Defining a Security Profile

  4. Run the HR security processes using the Generate Secure User Process.

    See: Running Reports and Programs, Oracle E-Business Suite User's Guide

Defining a Context for Mass Actions

The Contexts window determines what information the user can view, enter, and change based on the Application, Legislation, and Responsibility.

A predefined global Context contains the default attribution that appear on the forms. When you create a new Context, these attributes serve as a basis for selecting which attributes to include as display, change, and criteria attributes.

The predefined global Context does not specify values for Application, Legislation, or Responsibility. You can restrict who can process mass actions by specifying these attributes. The system always applies the most defined Context, so as soon as you define these fields, the system applies the new Context instead of the global one.

You define a new context in the Contexts window.

To define a Context

  1. Choose New from the File menu.

  2. In the Context field, enter a name.

  3. In the Transaction Name field, choose the Transaction Category to affect.

  4. In the Application field, select an application.

  5. Optionally, choose one or more of the following fields to restrict a user's ability to view and change data:

  6. Choose the Find Attributes button.

    The system displays the attributes from the global Context window on the Display and Change List tabbed regions.

  7. Choose the Display tab and select those items to display on the Columns portion of the transaction template.

  8. Choose the Change List tab and select those items to display for the Change List values.

  9. Choose the Criteria tab and select the items you want to have appear on the Other Criteria list of values in Selection Criteria block on the Original tab.

  10. Choose the Compile button to save your work and compile the flexfield definitions.

  11. Save your work.

Setting Up the Security Performance Enhancement Feature

Typically, most of the Oracle HRMS products use the security mechanism that Oracle HRMS provides. Defining which records and information users can access is fundamental to HRMS security. To enhance product performance when person security evaluation happens during processing of voluminous data, Oracle HRMS provides the security performance enhancement feature. You can set up this feature, if required, based on your business needs.

To set up the security performance enhancement feature

Complete the following steps to set up the security performance enhancement feature.

  1. Run the Synchronize Security Performance Tables process to synchronize the PER_ALL_ASSIGNMENTS_F_PERF table with the PER_ALL_ASSIGNMENT_F table.

    The PER_ALL_ASSIGNMENTS_F is the base table, which Oracle HRMS uses to evaluate person security. The PER_ALL_ASSIGNMENTS_F_PERF table is a performance table and includes the following columns from the PER_ALL_ASSIGNMENTS_F table:

    1. ASSIGNMENT_ID

    2. EFFECTIVE_START_DATE

    3. EFFECTIVE_END_DATE

    4. PERSON_ID

    5. POSITION_ID

    6. PAYROLL_ID

    7. ORGANIZATION_ID

    8. SUPERVISOR_ID

    9. SUPERVISOR_ASSIGNMENT_ID

    10. BUSINESS_GROUP_ID

    11. ASSIGNMENT_TYPE

    12. ASSIGNMENT_STATUS_TYPE_ID

    13. PRIMARY_FLAG

    See: Running the Synchronize Security Performance Tables Process

  2. Make sure that the PER_ASG_PERF_TRG trigger on the PER_ALL_ASSIGNMENTS_F table is enabled all the time as this trigger is responsible for the incremental refresh of the PER_ALL_ASSIGNMENTS_F_PERF table whenever there is a DML operation on the PER_ALL_ASSIGNMENTS_F table.

  3. Set the HR: Security Performance Enhancer profile option at the responsibility level, so that Oracle HRMS retrieves information from the assignment records in the PER_ALL_ASSIGNMENTS_F_PERF table during person security evaluation. This ensures that the person security data retrieval is faster.

Troubleshooting security performance enhancement issues

If you encounter any security performance enhancement issues, then complete the following steps:

  1. Run the Synchronize Security Performance Tables process:

    Verify if there is any difference in the row count between PER_ALL_ASSIGNMENTS_F and PER_ALL_ASSIGNMENTS_F_PERF tables. If there is any difference between the two tables, then run the Synchronize Security Performance Tables process to synchronize data in the two tables.

  2. Reset the HR: Security Performance Enhancer profile option:

    If the difference in the row count between PER_ALL_ASSIGNMENTS_F and PER_ALL_ASSIGNMENTS_F_PERF tables still exists after you run the Synchronize Security Performance Tables process, then reset the HR: Security Performance Enhancer profile option to Null and retest the issue.

You cannot use the security performance enhancement feature if your enterprise uses custom security. When the system administrator creates custom security mechanism, the administrator can make use of any of the columns in the PER_ALL_ASSIGNMENTS_F table to define security restrictions. However, the PER_ALL_ASSIGNMENTS_F_PERF table contains data from only 13 columns of the PER_ALL_ASSIGNMENTS_F base table. See list of columns. If you use any column other than the columns in the PER_ALL_ASSIGNMENTS_F_PERF table, set the HR: Security Performance Enhancer profile option and define custom security, then this feature as well as the general Oracle HRMS security mechanism will not work.

Running the Synchronize Security Performance Tables Process

The Synchronize Security Performance Tables is a process which deletes the rows from the PER_ALL_ASSIGNMENTS_F_PERF performance table and inserts data from the PER_ALL_ASSIGNMENTS_F base table to the PER_ALL_ASSIGNMENTS_F_PERF table. Run this process if you want to use the security performance enhancement feature. For more information, see: Setting Up the Security Performance Enhancement Feature

You run this process from the Submit Request window.

Prerequisites

To run the Synchronize Security Performance Tables process

  1. In the Name field, select Synchronize Security Performance Tables.

  2. Select ASG_PERF, which is the Assignment Performance Table (PER_ALL_ASSIGNMENTS_F_PERF) table.

  3. Click OK and submit the process.

Verify if there is any difference in the row count between PER_ALL_ASSIGNMENTS_F and PER_ALL_ASSIGNMENTS_F_PERF tables. If there is any difference between the two tables, then rerun the Synchronize Security Performance Tables process to synchronize data in the two tables.

Security Profiles

Security Profiles

The security profile determines which applicant, employee, contingent worker and other person type records are available to holders of the responsibility the profile is linked to.

If you are using HRMS Standard security, you link a security profile to one responsibility using the HR:Security Profile profile option.

If you are using Security Groups Enabled security, you link a security profile to the user's responsibility and business group using the Assign Security Profile window. You can also link more than one security profile to a responsibility, as long as the user is different. This saves you setting up a new responsibility for each security profile you use.

Note: If you are using the Security Groups Enabled security model you must not use the HR:Security Profile profile option. This is automatically set up when you assign security profiles using the Assign Security Profile window.

See also Defining a Security Profile

Restricting Access to Records

You set up a security profile by identifying records of employees, applicants, contingent workers, and candidates in the system which you want users to be able to access. You identify the records by selecting work structures or other criteria in the application to which employees, applicants, contingent workers, or candidates are attached. For example, you could give users access only to the records of employees, applicants, contingent workers, or candidates in a single organization.

You can also create restrictions on records with a person type of "Other". This includes contacts for employees or applicants, and any other people with a person type in the category of "Other". You do this using the "View Contacts" option.

You can combine different types of restriction to create a set of rules giving exactly the security access permissions you require.

When you create a business group a view-all security profile is automatically created. This has the same name as the business group. The security profile provides access to all employee, contingent worker, and applicant records in the business group. The system administrator links this view-all profile to users who are setting up the system. They in turn can set up security for other users.

The criteria you can use to identify records are:

Tip: Oracle recommends that you use either a supervisor or position hierarchy for Self-Service Human Resources (SSHR).

For more information on hierarchies in SSHR, see: People in Hierarchy, My List, and Search Pages, Oracle SSHR Deploy Self-Service Capability Guide.

Internal Organizations and Organization Hierarchies

Organizations include structures like departments, sections, groups and teams. You can restrict access to a single organization, a list of organizations, or an organization hierarchy. If you restrict on an organization hierarchy, you can exclude specific organizations that are in the hierarchy, or add other organizations that are not in the hierarchy.

Positions and Position Hierarchies

Positions are jobs performed within specified organizations. The position is derived from an organization and a job, for example, you may have a position of Shipping Clerk associated with the organization Shipping and the job Clerk.You can define security restrictions based on a position hierarchy.

Payrolls

You can restrict access to employee records by payroll. For example, you can give payroll staff who work on the payroll at a particular location access to records of employees on this payroll only.

Controlling security by payroll assignment limits the employee records users can see and update on employee-related windows, such as those for employee information, and element entry.

Of course, if an employee assignment does not include a payroll, payroll security cannot apply to this assignment. Payroll security also applies to applicants if they are assigned to a payroll.

Additional Information: Payroll security is not available for contingent workers since they are not assigned to a payroll.

The windows for compensation definition are unrelated to any particular employee records or payroll assignments. Therefore limiting access by payroll does not affect users' access to these windows.

Supervisors and Supervisor Hierarchies

The supervisor for an employee, applicant or contingent worker is the person identified in the Supervisor field in HRMS applications. Supervisor profiles are dynamic, in that they do not have to specify a particular person or hierarchy level. You can therefore set up a single security profile and use it for multiple users, who will each be able to access a different set of records depending on their own location in the hierarchy.

Note: If you choose to use supervisor hierarchy, you must also set the HR: Supervisor Hierarchy Usage profile option. This profile defines how supervisor hierarchies are built. You can choose whether to create person-based or assignment-based supervisor hierarchies.

Person-based supervisor hierarchy

A person-based supervisor hierarchy is a hierarchy based on a person's supervisor and direct reports.

Assignment-based supervisor hierarchy

As an alternative to the person hierarchy, you can choose to build a hierarchy based on the supervisor assignment. In this case, you also specify the supervisor assignment number for a person and the security processes use this assignment to generate an assignment-based supervisor hierarchy. As for the other supervisor-based hierarchy, the assignment-based hierarchy is dynamic and this security profile can be used for multiple users.

Note: When you set up security based on supervisor hierarchies, the list of employees visible to a user is usually generated at the start of the session. Therefore, for profiles that only restrict access by supervisor there is usually no need to run the Security List Maintenance process. However, for supervisors with a large number of subordinates (for example, at higher management levels) this may result in a delay in generating the list. You can improve performance by limiting the number of hierarchy levels a supervisor can access or by using the Static Lists functionality to store the security permissions in a list.

For more information, see Static Lists.

Alternatively, for the highest levels of management, consider setting up security using organization hierarchies.

Custom Restrictions

You can set up your own restrictions using SQL statements (for example, you might want to create a restriction allowing users access only to temporary part-time employees). Your custom restriction statements are automatically validated by the system. Valid restrictions are incorporated in the security profile, further restricting the list of employees, applicants and contingent workers specified using any of the other methods mentioned above.

Since you are defining additional restrictions using SQL, you need to ensure your SQL statements are tuned for performance. Otherwise, they will have an adverse effect on the time it takes to execute the Security List Maintenance process.

Important: Custom restrictions directly restrict employees, applicants and contingent workers only; you cannot create custom restrictions on people with a system person type of Other. However, if you add custom restrictions on employees, applicants or contingent workers, related people with a system person type of Other are restricted according to the setting of the "View Contacts" option.

As for other forms of security set-up, you can choose whether to enable user-based custom security. This means that Oracle HRMS uses your custom rules to evaluate security permissions for a user when that user logs on to the HR application. The alternative is to use static lists to store the security information for users or to run the Security List Maintenance process to regularly update the permissions.

Assignment-Level Security

Assignment-level security enables you to restrict security access based on individual assignments. This means that the security processes evaluate permissions on an individual assignment basis, rather than displaying all assignments if a manager has access to one assignment.

For more information, see: Assignment-Level Security.

User-Based Security

With user-based security, the application evaluates the security rules and permissions for the user logged on to the application. For example, if Bob Wright logs on to Self-Service Human Resources (SSHR), his access to organizations, positions, people, and assignments is based on his personal assignment details. The advantage of user-based security is that you can use one user-based security profile for multiple users. User-based security is available for security profiles based on organizations, positions, and supervisors, and can also be used in conjunction with custom security.

HR users can access ex-employee and future-dated records. For more information, see: Access to Ex-Employee and Future-Dated Employee Records

For more information on user-based security, see the individual sections in Defining a Security Profile.

Static Lists

Static lists enable you to choose whether to assess security permissions for a user when that user logs on (dynamically) or whether to store the permissions in static lists. The advantage of using static lists is that Oracle HRMS can quickly retrieve the permissions when the user logs on as the data is already available. A typical use of static lists may be for a senior manager who has access to many people.

When a user is in the static list, security permissions remain frozen until the next time you run the Security List Maintenance process. You can choose how often to run the Security List Maintenance process and schedule the process to run frequently if users' permissions are likely to change frequently.

A static list can contain any number of users. You can run the Security List Maintenance process for all users in the static list or use the Process in Next Run option on the Static Lists tab of the Security Profile window to select a specific user or group of users. You use this option in conjunction with the Security List Maintenance parameters; you can run the process for either all users in the static list or only users you select using the Process in Next Run option. By selecting specific users for inclusion in the run, you reduce the time and resources required to run the Security List Maintenance process.

See: Running the Security List Maintenance Process

The choice of whether to use static lists instead of dynamic security assessments depends on several factors, including:

Global Security Profiles

You can create global security profiles that enable users to work on organizations in multiple business groups.

You do this by setting up a global hierarchy, which can contain organizations from any business group on your database, and associating it with a global security profile. This enables you to create a security hierarchy that gives users access to organizations across business groups.

If you want to read more information about organization hierarchies, see: Organization Hierarchies, Oracle HRMS Enterprise and Workforce Management Guide

If you use the Oracle HRMS Forms Interface, you cannot access data across business groups using one responsibility, even if you associate a global security profile to your responsibility. Your access is limited to organizations in the business group defined in the HR:Business Group profile option. However, you can use people management templates to query and update worker information across business groups.

Access to Ex-Employee and Future Dated Employee Records

If you use user-based security profiles either based on organization, position, or custom security, then you can enable HR users to access ex-employee and future-dated employee records using the HR: Access Non-Current Employee Data profile option. If you enable this profile option, then HR users can access ex-employee records, for example, to manage retirement benefits. HR users can update future dated records.

Note: The HR: Access Non-Current Employee Data profile option does not apply to security profiles based on the supervisor hierarchy.

See: User Profiles

Related Topics

Security Processes

Running the Security List Maintenance Process

Assignment-Level Security

The security features in Oracle HRMS enable you to restrict security access based on individual assignments. The security processes evaluate permissions on an assignment-by-assignment basis, rather than displaying all assignments if a manager has access to any assignment.

For example, without assignment-level security, a manager with access to an employee's primary assignment would also have access to the employee's other assignments even though the supervisor for the other assignments may be a different manager. To allow supervisors to view only the relevant employees and assignments, you can enable assignment-level security in the Security Profile window. You use this functionality in conjunction with your security profile settings (for example, organization, position, supervisor security).

The following examples show how a manager's access to person records differs when assignment-level security is enabled and when it is disabled for a supervisor hierarchy, organization hierarchy, and position hierarchy.

Supervisor Hierarchies and Assignment-Level Security

The graphic below shows the direct reports for Sam Taylor and Sally Jones. The subsequent examples show how the managers' access to the direct reports varies with the different security configurations.

Supervisor Hierarchy

the picture is described in the document text

Example 1: Assignment-Based Supervisor Hierarchy (No Assignment-Level Security)

If you set up a supervisor hierarchy that is based on the supervisor assignment, Sam can see the direct report for Bob's first assignment (Jane). Because there is no assignment-level security, Sam can also see Bob's second assignment, however, Sam cannot access the direct reports for the second assignment. Sally Jones can see Bob's first assignment but cannot see the direct reports for this assignment (Jane). The following graphic illustrates the new hierarchy for Sam Taylor:

Assignment-Based Hierarchy for Sam Taylor (No Assignment-Level Security)

the picture is described in the document text

Example 2: Assignment-Based Supervisor Hierarchy (Assignment-Level Security)

With assignment-level security, Sam can only see Bob's first assignment and the direct reports for this assignment (Jane). Sally can see Bob's second assignment and Maria's assignment and the direct reports for these assignments. The following graphic illustrates the hierarchy with assignment-level security for Sam:

Assignment-Based Hierarchy with Assignment-Level Security

the picture is described in the document text

Note: If you are using an assignment-based hierarchy, it is advisable to use assignment-level security.

Organization Hierarchies and Assignment-Level Security

The graphic below shows two organization hierarchies. Within the first hierarchy (Eastern Region Sales) there is an employee with multiple assignments. The subsequent examples show how the hierarchy changes with assignment-level security disabled and enabled.

Organization Hierarchy

the picture is described in the document text

Organization Hierarchy (No Assignment-Level Security)

In this situation, Sam can see the people within the Accounts and Presales organizations. He can also see the people in organizations below Presales in the organization hierarchy (Team 1 and Team 2). Bob Wright has a second assignment in a different organization (Western Region Sales/Presales). Because assignment-level security is disabled, Sam can see this assignment (if a manager can access one assignment, he can access them all). Sam cannot see the organizations below the organization for Bob's second assignment. The following graphic illustrates the hierarchy without assignment-level security for Sam Taylor:

Organization Hierarchy (No Assignment-Level Security)

the picture is described in the document text

Organization Hierarchy (With Assignment-Level Security)

In this situation, Sam can see all people within the Accounts and Presales organizations. However, Sam cannot see Bob's second assignment (Western Region Sales/Presales) because the organization for the second assignment is not within the organization hierarchy to which Sam has access. The following graphic illustrates the hierarchy with assignment-level security for Sam Taylor:

Organization Hierarchy (With Assignment-Level Security)

the picture is described in the document text

Position Hierarchies

the picture is described in the document text

The graphic above shows two position hierarchies. Within the first hierarchy (Sales Research Director) there is an employee with multiple assignments. The following examples show how the hierarchy changes with assignment-level security disabled and enabled.

Position Hierarchy (No Assignment-Level Security)

In this situation, Tom can see the position below him in the hierarchy (Associate Sales Research Director). He can also see the reporting positions (Sales Research Specialists and Sales Research Technical Support Staff). Helen Richie has a second assignment for a different position (Regional Sales Director). Because assignment-level security is disabled, Tom can see this assignment (if a manager can access one assignment, he can access them all). Tom cannot see the positions below the position for Helen's second assignment. The following graphic illustrates the hierarchy without assignment-level security for Tom Yorke:

Position Hierarchy (No Assignment-Level Security)

the picture is described in the document text

Position Hierarchy (With Assignment-Level Security)

In this situation, Tom can see the position below him in the hierarchy (Associate Sales Research Director). However, Tom cannot see Helen's second assignment (Regional Sales Director) because the position for the second assignment is not within the position hierarchy to which Tom has access. The following graphic illustrates the hierarchy with assignment-level security for Tom Yorke:

Position Hierarchy (With Assignment-Level Security)

the picture is described in the document text

Implementing Assignment-Level Security

You enable assignment-level security in the Security Profiles window. To enable assignment-level security, select the Restrict on Individual Assignments option.

For more information, see: Defining a Security Profile

Assignment-level security is available for several areas of Oracle HRMS. The areas that currently support assignment-level security are:

Security Profiles by Supervisor Hierarchy

You can set up a security profile that permits access to a supervisor hierarchy. This means that when a manager logs on to Oracle HRMS, the application uses assignment or supervisor attributes to build a person tree with the manager at the top level. The person tree shows the direct reports for the manager and also any direct reports at lower levels of the hierarchy to which the manager has access.

The structure of the person tree depends on whether you are using an assignment-based or person-based supervisor security profile. The following examples highlight the differences between the two types of supervisor security:

Supervisor Hierarchies

the picture is described in the document text

Person-Based Supervisor Hierarchy

This type of security uses the Supervisor field in HRMS applications to generate a supervisor hierarchy. When a manager logs on to the HRMS application, the application assesses security permissions for the manager (user) and builds a hierarchy showing the manager's direct reports and, if applicable, additional subordinate levels of employees. In this case, a manager can see all assignments for the direct reports. In the example, Sam Taylor can see both assignments for Bob Wright (assignments 1 and 2) and both direct reports for these assignments (Jane Lewis and Tom Acland).

Assignment-Based Supervisor Hierarchy

This type of security also uses the Supervisor field in HRMS applications but when the user enters the supervisor information, he or she can also select a particular assignment for the supervisor. When the supervisor logs on to Oracle HRMS or Oracle SSHR, the supervisor hierarchy is based on the supervisor's assignment.

Note: You should only use an assignment-based supervisor hierarchy if you have enabled multiple assignments in your organization.

In the example, Sam Taylor's access to person records depends on whether assignment-level security is enabled. If it is enabled, Sam can only access the records for Bob Wright's first assignment and direct report. If assignment-level security is not enabled, Sam can access the records for both of Bob's assignments and also for the direct report for the first assignment.

For more information, see Assignment-Level Security in Security Profiles.

HR: Supervisor Hierarchy Usage Profile Option

You use this profile option to specify the behavior of the supervisor hierarchy in HRMS applications by specifying whether the supervisor hierarchy is assignment or person-based.

Security Profiles by Organization and Organization Hierarchy

To set up a security profile that permits access to employee records of certain organizations only, you make use of organization hierarchies. You can build any number of additional hierarchies to meet your security requirements. There are two ways of doing this: either with or without user-based security.

For example, suppose you build this Sales Organization hierarchy:

Sales Organization Hierarchy

the picture is described in the document text

Without User-Based Security

You can create a security profile that permits access to employee records throughout the sales organization. This profile references the Sales Organization hierarchy. It names the Sales Department as the highest organization in the hierarchy through which profile holders have access to employee records.

Next, you want the directors of the two sales regions to have access to all employee records in their region only. You create Eastern and Western Sales Director security profiles. These profiles also reference the Sales hierarchy. But, they name the Eastern and Western Regions, respectively, as the top organizations for these profiles' access to employee records.

When you name an organization as the top organization, you specify whether it is inclusive or not. You must include the top organization if you want holders of the profile to access records of people assigned to the top organization.

With User-Based Security

If you are using user-based security, you can choose to use the organization linked to the user's assignment as the top organization. The top organization is then determined dynamically when the user logs on or when the Security List Maintenance process is run. To illustrate the advantage of using user-based security in this way, take the above example. Instead of having to create two security profiles so that the two regional sales directors can only access the records for the employees in their regions, you would only need to create one security profile which would identify the top organization based on the user's assignment. In the example, the security process would identify that the top organization for one director is Eastern Region Sales and for the other director it is Western Region Sales.

If a user has multiple assignments, the application builds a hierarchy for each assignment, using each assignment's organization as the top organization. The user can then see the people and assignments in any of their assignments' subordinate organizations.

Security Profiles By Position and Position Hierarchies

After establishing limits on record access using organization hierarchies, you can further restrict access by means of position hierarchies.

Suppose, for example, within the Sales Department, you want to give the Sales Research Director access to her subordinates' records only. There are two ways of doing this: either with or without user-based security.

You can start by building the following Sales Positions Hierarchy:

Sales Positions Hierarchy

the picture is described in the document text

Without User-Based Security

Create the Sales Research Director security profile. This profile references the Sales Positions hierarchy and names the Sales Research Director as the top position for access to employee records.

Security Profile: SALES RESEARCH DIRECTOR
Organization Hierarchy: Sales Organization
Top Organization: Sales Department
Position Hierarchy: Sales Positions
Top Position: Sales Research Director
Include Top Position: Yes

When you give the Sales Research Director a responsibility including this security profile, she can access the records of her subordinates. But, she cannot access records of the:

As with organization hierarchies, you can specify that profiles do not include access to the top position.

With User-Based Security

If you are using user-based security, you can choose to use the position linked to the user's assignment as the top position. The top position is then determined dynamically when the user logs on or when the Security List Maintenance process is run. To illustrate the advantage of using user-based security in this way, take the above example. Instead of having to create a separate security profile for each position hierarchy, for example, a Sales Research Director profile and an Associate Sales Research Director profile, you could create one security profile which would identify the top position based on the user's assignment. In the example, the security process would identify that the top position for the Sales Research Director is different from the top position for the Associate Sales Research Director and build the position hierarchy accordingly.

If a user has multiple assignments, the application builds a hierarchy for each assignment, using each assignment's position as the top position. The user can then see the people and assignments in any of their assignments' subordinate position hierarchies.

Defining a Security Profile

You can define security profiles in the Security Profile window (to give access to a single business group) or the Global Security Profile window (to allow users to access records from more than one business group).

See also: Security Profiles

Note: Using the Global Security Profile window does not give Oracle HRMS users access to records from multiple business groups within the same responsibility; users must still switch responsibilities to see records from different business groups. However, HRMS users can see a restricted set of information in records from more than one business group within a single responsibility if the HR:Cross Business Profile profile option is set to Yes. In addition, you can use people management templates to query and update worker information across business groups using a single responsibility.

If you want to associate a reporting user with the new security profile, the ORACLE database administrator must create a new reporting user ORACLE ID. The system administrator must register the new ORACLE IDs as restricted privilege users with the Application Object Library.

See: Setting up Reporting Users

To define a security profile

  1. Enter a name for the security profile.

  2. If you are using the Security Profile window, select a business group. Users will have access only to records within this business group. This does not need to be the business group associated with your responsibility.

    If you are using the Global Security Profile window, users will have security access to records from all business groups, subject to other restrictions you set up.

  3. If you want reporting users to be able to use this security profile, select the Reporting User name for the ID set up by the database administrator (this option is not available when setting up Global Security).

    Applying Restrictions by Person Type

  4. You can choose to apply the security restrictions you set up to employees, applicants, contingent workers, contacts, candidates or any combination of these.

    Note: You can only restrict access to candidates if you have iRecruitment installed. If you do not have iRecruitment, the application uses the default setting of All for the View Candidates box.

    For example:

    You can set the View Applicants, View Contingent Workers, and, if you have iRecruitment, View Candidates, options independently, giving different security access to employees, applicants, contingent workers, and candidates using the same security profile.

    For contacts, or other people of person type Other, you can choose one of two options:

    Allowing Access to Granted User Records (SSHR only)

  5. Select the Allow Granted Users option to allow a self-service user with this security profile to access the records of other self-service users, provided that the other users grant them access using the self-service application.

    Note: This setting applies to the self-service application only and has no effect on users of Oracle HRMS.

    Restricting Access by Individual Assignment

  6. Select the Restrict on Individual Assignments option to build security hierarchies based on a person's individual assignments. Oracle HRMS builds the security hierarchy and assesses each individual assignment. The hierarchies generated by the security process will then only contain the particular assignments to which the manager has access. If you do not select this option, a manager who can see one assignment for a person can see all other assignments.

    For more information on restricting by individual assignment and securing your forms, see: Assignment-Level Security.

    Restricting Access by Organization

  7. In the Organization Security tabbed region:

    Note: The Secure organizations by single operating unit and Secure organizations by operating unit and inventory organizations options are for use by non-HRMS users, and have no effect on the HRMS application.

  8. By default, the Exclude Business Groups check box is unchecked, giving users access to the business groups themselves, and therefore to employees or applicants who have the business group(s) as their organization. Check the box to prevent access to the business group(s) and the employees or applicants attached to them (for example, to prevent users from seeing new starters and other employees who have been assigned to the business group by default).

    Restricting Access by Position (not Global Security)

  9. In the Position Security tabbed region, deselect the View All Positions option. Select a position hierarchy, and a top position. Check the Include Top Position check box if you want to allow access to this position.

    If you are using user-based security, you can choose to use the position linked to a person's assignment as the top position by selecting the corresponding option. In this case, the security process identifies the position linked to the user when the user logs on (or when the Security List Maintenance process is run).

    Restricting Access by Payroll (not Global Security)

  10. In the Payroll Security tabbed region:

    Restricting Access by Supervisor

  11. In the Supervisor Security tabbed region, you can further specify how to create your supervisor hierarchy. You can either create a hierarchy based on a person's supervisor assignment or based on a person's supervisor.

    For more information, see: Security Profiles for Supervisor Security.

    Select either the person-based or assignment-based option and enter the number of levels of access you want to allow the supervisor to see in the Maximum Hierarchy Levels box (or leave the field blank to allow access to all levels).

    Note: When you set up security based on supervisor hierarchies, you can choose to generate the list of employees visible to a user at the start of the session (user-based security). For supervisors with a large number of subordinates (for example, at higher management levels) leaving the Maximum Hierarchy Levels box blank may result in a delay in generating the list. You can improve performance by limiting the number of hierarchy levels a supervisor can access or by using the Static List functionality.

    For more information, see: Static Lists.

    Alternatively, for the highest levels of management, consider setting up security using organization hierarchies.

  12. If you are using person-based supervisor security, you can choose whether to display multiple assignments in the supervisor hierarchy. By default, the Primary Assignments Only option is not selected, which gives users access to people who report to them in any assignment. If you only want to give users access to people who report to them in their primary assignment, select this option.

    Miscellaneous Restrictions

  13. The list of people whose records are accessible using a security profile can change with the user name of the person who logs in (if you are using user-based security). If you want the application to evaluate permissions based on a specific person (and not vary depending on the user name of the person who logs in) enter a name in the Named User field. For example, to set up supervisor-based security for reporting users who do not have any association with employees, enter the name of a person at the required supervisory level.

    To prevent users from seeing their own records, check the Exclude User check box (if you have entered a name in the Named User box, users will be prevented from seeing the records of the named user rather than their own records).

    Note: This functionality is not supported in Self-Service Human Resources (SSHR).

    Restricting Access by Custom Security

  14. In the Custom Security tabbed region, select the custom restriction option. The options are as follows:

  15. Enter a valid SQL WHERE clause fragment to select a group of records. For example, to add a restriction that assignments must be based in either London or Paris, add the following SQL fragment:

    ASSIGNMENT.location_id in (select LOC.location_id
    					from hr_locations_all LOC
    					where LOC.location_code
    					in ('London','Paris'))
    

    Alternatively, you could create custom code to use user-specific variables. The following example illustrates the use of user-specific variables:

    In this example, the custom code creates a rule whereby a user can display employees or contingent workers whose last name begins with the same letter as their own. The security profile is called "Same first letter of last name".

    substr(person.last_name,1,1) =
    	(select substr(i.last_name,1,1)
    	from per_all_people_f i
    	where i.person_id = fnd_global.employee_id
    	and trunc(sysdate) between i.effective_start_date and i.effective_end_date)
    

    Note: In addition, the View Employees or View Contingent Workers option is set to Restricted, and the "Restrict the people visible to each using this profile" option is set on the Custom Security tab.

    If the clause is valid, it is automatically incorporated in an SQL select statement that the system generates to restrict access to records, based on the restrictions you have set up in the other tabbed regions. The list of employees, contingent workers, and applicants specified by these other restrictions is therefore further restricted by the custom restriction.

    The clause fits into the system-generated statement in the following way (this statement is not visible on screen):

    select 1
    	from per_all_assignments_f ASSIGNMENT,
    		per_all_people_f PERSON,
    	per_person_type_usages_f PERSON_TYPE
    	where ASSIGNMENT.assignment_id=:asg_id
    and:effective_date betweeen ASSIGNMENT.effective_start_date
    			and ASSIGNMENT.effective_end_date
    	and PERSON.person_id=ASSIGNMENT.person_id
    	and :effective_date between PERSON.effective_start_date
    			and PERSON.effective_end_date
    	and PERSON.person_id=PERSON_TYPE.person.id
    and :effective_date between PERSON_TYPE.effective_start_date
    			and PERSON_TYPE.effective_end_date
    		and {your custom where clause fragment goes here}
    

    Important: Custom restrictions directly restrict employees, contingent workers, and applicants only; you cannot create custom restrictions on people with a system person type of Other. However, if you add custom restrictions on employees, contingent workers, or applicants, related people with a system person type of Other are restricted according to the setting of the "View Contacts" option.

  16. Choose the Verify button to check that the clause you have entered is valid. If it is invalid, an error message appears explaining the reasons.

    Using Static Lists

  17. Static lists enable you to assess security periodically and store the data. You add users to the static list and their security permissions are evaluated when the Security List Maintenance process is run. Oracle HRMS stores the permissions for quick retrieval when the user logs on and freezes the permissions until you run the Security List Maintenance process again.

    To specify which users to include in a static list, enter the user ID in the field.

  18. To include a specific user or group of users in the next Security List Maintenance run, select the Process in Next Run option for those users.

  19. Save your work.

When you have modified or created new security profiles, it may be necessary to run security processes to activate your changes.

See: Security Processes

See: Running the Security List Maintenance Process

Assigning Security Profiles

Use the Assign Security Profile window to link user names, and security profiles to responsibilities. Only use this window if you are using Security Groups Enabled security (formerly called Cross Business Group Responsibility security).

Important: When using Security Groups Enabled security even if you have linked a user to a responsibility using the User window, you must still link your user to responsibility and security profile using the HRMS Assign Security Profile window. If you do not use the Assign Security Profile window, HRMS uses the default view-all security profile for the Business Group and the user will see all records for the Business Group.

The Assign Security Profile window is an essential part of setting up and maintaining HRMS security for Security Groups Enabled security. You must use this window to update your security profile assignment. Any changes entered for the security profile assignment are also shown on the User window. However, if you end date a user's responsibility using the User window, this is not shown on the Assign Security Profile window.

When you navigate to the Assign Security Profile window, the Find Security Profile Assignments window displays automatically. Select New to create a new assignment. For information about querying existing security profile assignments, see Using the Find Security Profile Assignment window.

To assign a new security profile

  1. Enter the user name you want to link to a responsibility.

  2. Enter the application and responsibility you want to link to the user.

  3. To assign a local security profile, select a business group to assign to the user's responsibility. The local security profile for the business group is automatically entered when you click in the Security Profile field.

  4. To assign a global security profile, first select the security profile to assign to the user's responsibility, then select a business group.

    Note: If you enter a value in the Business Group field first, the list of security profiles is filtered and does not display security profiles for any other business groups.

    You can link more than one security profile to a responsibility as long as the user is different.

  5. Enter the time period of security profile assignment.

    You must enter a start date. Optionally, enter an end date if you want the security profile assignment to end on a particular date.

  6. Save the security profile assignment.

To end a security profile assignment

You cannot delete security profile assignments. If a user no longer needs an assignment you must enter an end date.

  1. Query the security profile assignment you want to end.

  2. Enter an end date. The user cannot use this responsibility, Business Group and security profile from this date.

Using the Find Security Profile Assignment window

This window enables you to search for security profile assignments that have already been set up. You only use security profile assignments if you are setting up Security Groups Enabled security.

If you want to set up a new security profile assignment select the New button. For more information on setting up new security profile assignments, see Assigning Security Profiles.

Note: When you navigate to the Assign Security Profiles window, the Find Security Profile Assignment window automatically displays.

To query a security profile assignment

  1. Enter a full or partial query on one, a selection or several of the following:

    Note: If you enter a value in either the Business Group or the Security Profile field, any value entered in the other field is blanked out if it is not valid to select both. For example, you cannot select both business group A and a security profile which is specific to business group B.

  2. Check the Retrieve Only Active Assignments check box if you want to query security profile assignments that are active as of today's date. Uncheck the Retrieve Only Active Assignments check box if you want to query security profile assignments which are no longer active or assignments which will be available in the future.

  3. Choose the Find button.

    The security profile assignments found by the query are displayed in the Assign Security Profile window.

Running the Security List Maintenance Process

You run the Security List Maintenance (SLM) process to update the lists of organizations, positions, employees and applicants that security profiles can access. You should run this process regularly, for example nightly, to take account of changes made during the day.

See Security Processes

You run the Security List Maintenance process from the Submit Requests window.

To run the Security List Maintenance Process

  1. In the Name field, select Security List Maintenance.

  2. In the Parameters window, enter the date for which you want to run the report in the Effective Date field. If you do not enter a date the process runs for the current system date.

  3. In the Generate lists for field, select the range of security profiles for which you want to run the process. You can choose to update:

  4. If you have selected All Security Profiles in One Named Business Group, select a business group.

  5. If you have selected One Named Security Profile, select a security profile.

  6. If you have selected One Specified User in One Named Security Group, select a security profile and the user name.

  7. In the Process field, select the type of people to be processed. You can choose from the following values:

  8. In the Static User Processing field, choose whether to run the process for all static users or only those users selected for inclusion in the next processing run (selected on the Static Users tab of the Security Profile window).

    Note: You can use this parameter only if you have chosen a processing option other than One Specified User in One Named Security Group.

  9. In the Use Temporary Space field, select Yes to store data in the PER_PERSON_LIST_STAGE table when the SLM process runs. PER_PERSON_LIST_STAGE is a temporary staging table and the data is stored temporarily. If the data is stored in the temporary table, then this action avoids locking the records of active users in the PER_PERSON_LIST actual table when the SLM process runs. During the final stages of the SLM process, the application copies data from the PER_PERSON_LIST_STAGE table to the PER_PERSON_LIST table.

    Note: You can use this parameter only if you have chosen 'One Named Security Profile' as the processing option

  10. Choose OK.

  11. Complete the batch process details and choose the Submit button.

Running the Change Candidate Access for Security Profiles Process

This process enables you to change candidate access settings for your security profiles. This process is intended for use only if you use iRecruitment.

Warning: The process changes the candidate access settings for all security profiles except the default View All security profiles that the system creates automatically when you create a business group. You should be aware of this before you run the process.

System Implications

With the introduction of Candidate Security, the default setting for the View Candidates box in the Define Security Profiles window is All. However, if you use both Oracle HRMS and iRecruitment, you will generally have some security profiles that should allow access to candidates and some that should not allow access. In this case, you can run the Change Candidate Access for Security Profiles process to override the security settings.

For example, if the majority of your security profiles should allow access to candidates, you can run the process with the View Candidates parameter set to All. This would reset the candidate access for all security profiles. Then, you could manually change the View Candidates setting to None for those security profiles that should not allow candidate access using the Define Security Profiles window.

See: Defining Security Profiles

You run the Change Candidate Access for Security Profiles process from the Submit Requests window.

Prerequisites

To run the Change Candidate Access for Security Profiles process

  1. In the Name field, select Change Candidate Access for Security Profiles.

  2. In the View Candidates field of the Parameters window, select one of the following values:

  3. Choose OK and submit the process.

Running the Purge Security Profiles Process

Run the Purge Security Profiles process to remove security profiles that are not in use from database. Run this program to first identify security profiles that are not used and then purge all the unused security profiles or any specific security profile that is not required.

For information on security profiles, see: Security Profiles

You run this process from the Submit Request window.

Prerequisites

To run the Purge Security Profiles process

  1. In the Name field, select Purge Security Profiles.

  2. Select Yes in the List Unused Security Profiles field if you want to view a list of security profiles that are not in use. Click OK and then Submit. Navigate to the Find Requests window, search for your request ID, and then view log of the request. Review the list of unused security profiles. Based on your analysis, you can perform step 3 or 4.

    Note: You can directly purge all unused security profiles or a specific security profile, if required, without performing step 2. You must set the mandatory parameter List Unused Security Profiles to No to perform step 3 or 4.

  3. Select Yes in the Purge all Unused Security Profiles field to remove data of security profiles that are not in use.

  4. Enter the name of the specific security profile that you want to purge in the Security Profile Name field. This security profile must be one of the security profiles list generated in step 2.

  5. Click OK and submit the process.

User Profiles

User Profiles

A user profile is a set of changeable options that affects the way your application runs. You can set user profiles at different levels. The levels below are used by the standard Security hierarchy type:

Values set at a higher level cascade as defaults to the lower levels. Values set at a lower level override any default from a higher level.

Levels For Setting User Profile Options

the picture is described in the document text

Tip: Set site-level options first to ensure that all options have a default. If a profile option does not have a default value, it might cause errors when you use windows, run reports, or run concurrent requests.

There are two other Hierarchy Types that are used by some profile options: Organization hierarchy type, and Server hierarchy type. These hierarchy type values also cascade as defaults from Site down to User level. They have the following levels:

The Organization hierarchy type enables you to set profile options for users in different operating units that are used by other applications, particularly Financials. These are not used by HRMS at all.

The Server hierarchy type should only be used by Database Administrators. It enables you to set values for a particular server on which you are running the application.

For more information on these hierarchy types see: Profiles Window, Oracle Applications Developer's Guide

You use the System Profile Values window to set profile options at each level for your user community. If you change a user profile option value, your change takes effect as soon as your users log on again or change responsibilities.

See: System Profile Values Window, Oracle Applications Developer's Guide

Application users can use the Personal Profile Values window to set their own profile options at the user level. Not all profile options are visible to users, and some profile options, while visible, cannot be updated by end users. Any changes users make to their personal profile options take effect immediately.

See: Defining Preferences with User Profile Options, Oracle Applications User's Guide

Profile Options Summary

The table below indicates whether users of the system can view or update the profile option, and at which System Administrator levels (either user, responsibility, application, or site) the profile options can be updated. These System Administrator levels are included in the table as Site, App, Resp, and User.

For the User column, Yes indicates that you can update the profile, View Only indicates that you can view the profile but you cannot update it, and No indicates that you can neither view nor update the profile.

A "Required" profile option requires you to provide a value. Otherwise the profile option already provides a default value, so you only need to change it if you do not want to accept the default.

For details of profile options applicable to all Oracle Applications, see: Profile Options in Oracle Applications Object Library, Oracle Applications Developer's Guide

Summary of Profile Options
Profile Option Admin UpdateLevels User Required Default Value
Apply Assessment Competencies to Person Site No No No
AME:Installed App Yes No NA
AuditTrail:Activate AppSite No No No
BEN:BEN HOURLY ANNUALIZATION FACTOR SiteAppResp Yes No 2080
BEN:Benefits Preferred Currency SiteAppRespUser Yes No NA
BEN: Carry Forward Certification SiteAppRespUser No No No
BEN: Check Enrollment Limits Site No No No
BEN:Compensation Manager SiteAppRespUser Yes No NA
BEN:Comp Objects Display Name Basis SiteApp No No Session
BEN: Cross Business Group for Plan Design Copy SiteAppResp Yes No Yes
BEN: CWB Approval Mode Site No No Submission at any time
BEN: CWB Allocation as Percent of Eligible Salary Decimals        
BEN: CWB Budget as Percent of Eligible Salary Decimals        
BEN: CWB Budget Rows Displayed SiteAppRespUser      
BEN: CWB Download Expire Seconds SiteAppRespUser Yes No 60
BEN:CWB Display Currency Type SiteAppRespUser Yes No Corporate Currency
BEN: CWB Encrypt/Decrypt Key SiteAppRespUser No No NA
BEN: CWB Estimated Market Price SiteAppRespUser Yes No NA
BEN: CWB History Type Display SiteAppResp Yes No Basic Stock History
BEN: CWB Home Plans Displayed SiteAppRespUser Yes No NA
BEN: CWB Layout Lock Time SiteAppRespUser Yes No 10
BEN: CWB Maximum Number of Layouts SiteAppRespUser Yes No 10
BEN: CWB Plan Context for Reporting Site Yes No Plan
BEN: CWB Spreadsheet Version SiteAppRespUser      
BEN:CWB Summary Level SiteAppRespUser Yes No NA
BEN:CWB Table Population SiteAppRespUser Yes No  
BEN: CWB Valid Grade Filtering SiteAppRespUser Yes No Yes
BEN: CWB Validate Performance/Assignment Changes Online SiteAppRespUser Yes No No
BEN: CWB Wizard Compratio Range SiteAppRespUser Yes No 5
BEN: CWB Wizard Years Worked Range SiteAppRespUser Yes No 1
BEN: CWB Worksheet Rows Displayed SiteAppRespUser      
BEN:Designation No Change SiteAppResp Yes No No
BEN:Eligible Profile Rule SiteAppResp Yes No AND
BEN: Enable Absence Plans Functionality SiteAppResp Yes No No
BEN:Enable Quartile in Grade Life Event SiteAppResp Yes No Yes
BEN:Imputed Income Post Tax Deduction SiteAppRespUser Yes No No
BEN:Max Extract Line Size SiteAppRespUser Yes No 10000
BEN:VAPRO Rule SiteAppResp Yes No AND
DateTrack:Date Security SiteAppRespUser Viewonly No NA
DateTrack:Delete Mode - - Not in use  
DateTrack:Enabled

Note: This profile option applies to Full HR only.

App Viewonly No Yes
DateTrack:Login Date (YYYY/MM/DD) SiteAppRespUser Viewonly NA NA
DateTrack:Override Mode - - Not in use  
DateTrack:Reminder SiteAppRespUser Yes No No
DateTrack:Update Mode - - Not in use  
Disable Self-Service Personal SiteAppRespUser Yes No No
Display Messages SiteAppRespUser Yes    
Employer Payment Summary (EPS) Approval SiteAppRespUser Yes No Null
Enable Security Groups SiteApp No Yes Security groups are not enabled
Flexfields:Open Descr Window SiteAppRespUser Yes Yes Yes
Flexfields:Open Key Window SiteAppRespUser Yes Yes Yes
Help Localization Code RespUser Yes Yes, by HRMS The Responsibility is associated with the Global set of help files rather than a localized or verticalized set.
HR: Absence Duration Auto Overwrite SiteResp No No No
HR: Absence Start Date SiteAppRespUser No No The start date of the Absence being recorded on the Absence form
HR: Absence View Layout SiteAppRespUser Yes No FORM or TABLE
HR: Access Non-Current Employee Data SiteResp No No No
HR: Accrual Plan Element Set Displayed to User SiteAppRespUser Yes No Null
HR:Action Parameter Group Name SiteAppRespUser Yes    
HR: Actions - Validation SiteAppRespUser Yes No Validate all Functions
HR:Allow Approver Updates to Self Service Actions Site No No No
HR:Allow Concurrent Self Service Actions Site No No No
HR:Allow Concurrent Self Service Actions Site No No No
HR:Allow Concurrent Self Service Actions Site No No  
HR:Allow Functions Access During Hrglobal Run View only Viewonly No No
HR:Allow Online W-2 Viewing as of (MM/DD) SiteAppRespUser Yes    
HR:Allow Processing of Ineligible Self Service Actions Site No No No
HR:Allow Use of Eligibility for Self Service Actions Site No No No
HR: Applicant Assignment Cleanup Run Mode Site No No In Patch Process
HR: Applications View Layout SiteAppRespUser Viewonly No FORM or TABLE
HR: Appraisal Template Lov SiteAppRespUser Yes No No
HR: Appraisee Can Add Participants SiteAppRespUser No No Yes
HR: Assignment ID - - Internal use only.  
HR: Authoria Integration Enabled SiteAppRespUser Yes Yes (if linking to Authoria HR) No
HR: Authoria UK URL Site No Yes (if linking to Authoria HR)  
HR: Authoria US URL Site No Yes (if linking to Authoria HR)  
HR: Auto Apply Collective Agreement Entitlements SiteAppResp Yes Yes No
HR: Auto Evaluate Collective Agreement Entitlements SiteAppResp No Yes No
HR: Automatically synchronize single GL company cost centers with HR Site Yes Yes No
HR: Base Salary Required Site No No Null
HR: BIS Job Hierarchy - Job Grouping Level 1 Site No No Null
HR: BIS Job Hierarchy - Job Grouping Level 2 Site No No Null
HR: BIS Reporting Hierarchy - - Obsolete.  
HR:Blank Effective Date SiteAppRespUser Yes No No
HR:Business Group SiteResp Viewonly Yes Default Setup Business Group at Site level.
HR: Cancel Application SiteAppResp Viewonly No Default is Null. This is interpreted by the system as No.
HR: Check Entitlement Cache SiteAppResp No Yes Yes
HR: Collective Agreement Logging SiteAppRespUser Yes Yes Low
HR:Contingent Worker Manager Actions Menu SiteAppRespUser Yes Yes Contingent Worker Manager Actions Menu
HR:Contingent Worker Personal Actions Menu SiteAppRespUser Yes Yes Contingent Worker Personal Actions Menu
HR: Copy period details for budget SiteAppRespUser Yes No Default is No.
HR:Cross Business Group Site AppResp Viewonly NA Default is No.
HR: Cross BG Duplicate Person Check SiteAppResp No No Yes
HR: CWK in Head Count Reports SiteAppRespUser Yes No Yes
HR: Data Exchange Directory SiteAppResp Viewonly No  
HR: Data Migrator Business Group Lockout Site No NA NA
HR:Data Pump Action Parameter Group SiteAppRespUser Yes No Null
HR: Date From - - Internal use only.  
HR:Default Assignment Costing SiteAppRespUser Yes No .
HR:Default Check/Cheque Number Method SiteAppRespUser Yes No Null
HR: Default Correspondence Language SiteAppRespUser Yes No No default.
HR: Default Full Name Format SiteAppRespUser Viewonly No Surname Prefix Initials Prefix (Partner) Surname (Partner)
HR: Default Nationality SiteAppRespUser Yes No NA
HR: Defer Update After Approval SiteAppRespUser Yes Yes Yes
HR: Disable Ethnicity Tab SiteAppRespUser Viewonly No Enabled
HR: Disallow Template Reference SiteAppRespUser Yes    
HR: Display All Candidate Offers - - Obsolete.  
HR:Display Competencies SiteAppresp Yes    
HR:Display Brief Person Name Site No No No
HR:Display Person Name SiteAppRespUser Yes No Brief Name
HR:Display Person Search SiteAppRespUser Yes No Yes
HR: Display Position Hierarchy Site No No No
HR:Employee Directory Global Menu Site No No Employee Directory Global Menu
HR: Employment View Layout SiteAppRespUser Yes No FORM or TABLE
HR:Enable Bank Branch Validation SiteAppRespUser Yes No Null
HR: Enable Initiator to Delete a Pending-Approval Transaction SiteAppRespUser Yes No No
HR:Enable Multiple Assignments for Payroll Simulation SiteAppRespUser Yes Yes  
HR:Enable Payroll Simulation SiteAppRespUser Yes Yes  
HR:Enable Security for Batch Element Entry SiteAppRespUser Yes Yes
HR: Enable DTW4 defaulting

Note: This profile option is US legislation specific profile related to tax rules and works with Full HR only.

Site Viewonly No Yes
HR:Enable Multiple Assignments in SSHR SiteAppRespUser Yes No No
HR:Enforce Costing Mandatory Segment Check at Data Entry SiteAppRespUser Yes   Default is Null. This is interpreted by the application as No.
HR:Execute Legislative Check Formula within Run SiteAppRespUser Yes No NA
HR: Expand Role of Contingent Worker Site Yes Yes Default is Null. This is interpreted by the application as No.
HR: Extension Agent SiteUser No No  
HR: Extension Agent Client Timeout   Yes No NA
HR: Extension Agent Enabled Site No Yes (if using Info online) No
HR: FastFormula Debug Level SiteAppRespUser Yes NA NA
HR: Free text school name allowed in Self Service SiteAppRespUser Yes No Null
HR:French HRMS check mandatory payroll assignment attributes exist SiteAppRespUser Yes   Yes
HR: FTE Factor        
HR: GL Cost Center Org Classifications Site Viewonly Yes (if you want to use Auto Orgs to synchronize GL cost centers with HR) None
HR: GL Cost Center Synchronization Options Site Viewonly No - This profile option is obsolete. NA
HR: GL Organization Name Format Site Viewonly Yes (if you want to use Auto Orgs to synchronize GL cost centers with HR) NA
HR:Global Competence Flex Structure Site Viewonly Yes (if you want to create global competencies) NA
HR:Grade Key Flex-Identify 1st Segment SiteAppResp Yes No NA
HR:Grade Key Flex-Identify 2nd Segment SiteAppResp Yes No NA
HR:HR/Payroll Representative Source Site Viewonly No No default
HR:Hide Work Phone on Person   - Obsolete.  
HR:IE P35 Reporting Year Site Yes Yes NA
HR: Info Online: Open in New Window   No No  
HR: Info Online: RIA Password SiteAppRespUser Yes    
HR: Info Online: RIA Username SiteAppRespUser Yes    
HR: Info Online Toolbar Icon NA NA No  
HR: Info Online: Use Field Context SiteAppRespUser Yes    
HR: Informal Name Format Site No No NA
HR:Job Key Flex-Identify 1st Segment SiteAppResp Yes No NA
HR:Job Key Flex-Identify 2nd Segment SiteAppResp Yes No NA
HR: Job Level SiteAppResp No No NA
HR: KI Framework Version SiteAppRespUser Yes Yes Default is Null. This is interpreted by the system as Version 1.
HR: KI Maximum Topics and Integrations SiteAppRespUser Yes No Default is Null. This is interpreted by the system as Version 3.
HR: Class Name to Fetch KI Data Site No Yes (if linking to Enwisen) Default is Null.
HR: KI Providers Enabled SiteRespUser Yes No Default is No.
HR: KI User Options Enabled SiteRespUser Yes No Default is No.
HR: KI Topics Enabled SiteRespUser Yes No Default is Null. This is interpreted by the application as Yes.
HR: Enwisen Login URL Site No Yes (if linking to Enwisen) Default is Null.
HR: Local or Global Name Format SiteAppRespUser Yes No Local Format
HR: Localization in SSHR - - Valid for SSHR 3.4 only.  
HR: Location ID - - Internal use only.  
HR: Local Nationality - - - No default value exists, and the system administrator can set the value at any level.
HR:Manage Self Service Actions When Future-Dated Changes Exist Site No No Stop with an Error
HR:Manager Actions Menu SiteAppRespUser Yes Yes Manager Actions Menu
HR: Manager Appraisals Menu SiteAppRespUser Yes No Manager Appraisals Menu
HR: Mask Characters SiteAppRespUser No    
HR: Metalink Integration Application SiteAppRespUser Yes No Human Resource Management Systems
HR: Metalink Integration Enabled SiteAppRespUser Yes No Yes
HR:Monitor Balance Retrieval SiteAppRespUser Yes No  
HR:NI Unique Error or Warning SiteResp No No NA
HR:National Identifier Validation SiteAppRespUser No No Error on Fail
HR:Non-Updateable Element Set SiteAppRespUser Yes No NA
HR: Number Separator Site No No NA
HR:OAB New Benefits Model SiteAppRespUser Yes No NA
HR: Offers - Hiring Manager Initiation - - Obsolete  
HR:Online Tax Forms Update Method SiteUser Viewonly No All
HR: Organization ID - - Internal use only.  
HR: Override Grade Defaults SiteAppRespUser Yes No Defaults to Yes
HR:Payroll Payments Self-Service Enable Multiple Assignments SiteAppRespUser Yes No No
HR:Payroll Payments Self-Service Payment Function SiteAppRespUser Yes No  
HR:Payroll Payments Self-Service Payments List Mode SiteAppRespUser Yes No Null
HR:Performance View Layout SiteAppRespUser Yes No FORM or TABLE
HR: Person ID - - Internal use only.  
HR:Personal Actions Menu SiteAppRespUser Yes Yes Personal Actions Menu
HR:Personal Info Check Pending - - Obsolete.  
HR: PL NI Unique Error or Warning SiteAppRespUser Yes Yes Warn
HR:Position Key Flex-Identify 1st Segment SiteAppResp Yes No NA
HR: Position Default Options for SSHR SiteAppRespUser Yes Yes Default with User Decision
HR:Position Key Flex-Identify 2nd Segment SiteAppResp Yes No NA
HR:Propagate Data Changes Site Yes No Default is Null. This is interpreted by the application as No.
HR:Purge Element Entry Permission SiteAppRespUser Viewonly NA NA
HR:Query Only Mode SiteAppRespUser Viewonly No NA
HR: Refresh Self Service Actions with Data from Intervening Actions No No No No
HR: Restrict Letter by Vacancy or Event Site Viewonly No Default is Null
HR:Restrict Transactions across Legislations for SSHR SiteResp No No No
HR: RIA Integration Enabled SiteAppRespUser Yes No Yes
HR:Run BENMNGLE When Processing a Self Service Action Site No No No
HR:Salary View Layout SiteAppRespUser Yes No FORM or TABLE
HR: Save and Stay in Appraisals Page SiteUser Yes No Yes
HR: Schedule Based Absence Calculation SiteResp No    
HR: Security Profile SiteResp No Yes Default view-all security profile at Site level
HR: Security Performance Enhancer Responsibility No No No
HR: Self Service HR Licensed Site No No Defaults to No
HR:Self Service Hire and Placement Default Values SiteAppRespUser No   Yes
HR:Self-Service Save for Later Site No No Yes
HR: Servlet Timeout SiteAppRespUser Yes No Default is Null. This is interpreted by the system as 40 (seconds).
HR: SM Employee Find Work Opp Menu Resp No Yes HR_SM_EMP_PERSONAL_FUNCTIONS
HR: SM Manager Find Person Menu Resp No Yes HR_SM_MANAGER_FUNCTIONS
HR: SM Manager Find Work Opp Menu Resp No Yes HR_SM_PERSONAL_FUNCTIONS
HR:Subrogation SiteAppRespUser Yes No No
HR: Supervisor Hierarchy Usage Site Yes No  
HR:TCA Unmerge Options Site No No In Patch Process
HR:Training View Layout SiteAppRespUser Yes No FORM or TABLE
HR: US Address Line Length SiteAppRespUser Yes Yes NA
HR: Use Fast Formula Based PTO Accruals Site No Yes No
HR:Use Global Applicant Numbering Site Viewonly Yes No
HR:Use Global Contingent Worker Numbering Site Viewonly Yes No
HR:Use Global Employee Numbering Site Viewonly Yes No
HR:Use Grade Defaults SiteAppRespUser Viewonly   Defaults to Yes
HR:Use Standard Attachments SiteAppRespUser No Yes Yes at Site Level, No at Seeded Responsibility Level
HR:User Type AppResp Viewonly Yes NA
HR: Use Title in Person's full name Site No NA Yes
HR: Verification External Node SiteResp No Yes No default value
HR: View Payslip From Date for WEB (MM/DD/YYYY) SiteAppRespUser Yes Yes 01/01/1997
HR:View Unpublished Employee 360 Self Appraisal SiteAppResp Yes No Default value is Null
HR: Views Layer Size SiteAppRespUser Yes Yes 300 pixels
HR:Webapps Tips Test Mode User Yes No No
HR: Web Proxy Host   No    
HR: Web Proxy Port   No    
HR: Worker Appraisals Menu SiteAppRespUser No Yes Employee Appraisals Menu
HR: ZA Nature of Person Mandatory at Person Level SiteAppRespUser Yes No  
HRI: Collect Manager Snapshots Site No Yes Yes
HRI: Collect Open Enrollment in Progress Site No Yes No
HRI:DBI Chief HR Officer Named User Site No Yes No
HRI:DBI Force Foundation HR Processes Site No Yes No
HRI:DBI Link to Transaction System Site No Yes Disable Link
HRI:Enable Benefits Collections and Event Queue Site No Yes Yes
HRI:Enable Captured Events Archive Site No Yes No
HRI:Enable Detailed Logging Site No Yes No
HRI: Manager Snapshot Threshold Site No Yes 2500
HRI:Multithreading Chunk Size Site No Yes 200
HRI:Number of Threads to Launch Site No Yes 8
HRI:Period of Service / Placement Date Start Source Site No Yes Start Date
HRI:Populate Assignment Events Queue Site No Yes Yes
HRI:Populate Supervisor Hierarchy Events Queue Site No Yes Yes
HRI:Populate Supervisor Status History Events Queue Site No Yes Yes
HRI: Workforce in Period Calculation Method Site No No Null
HZ: Protect HR Person Information Site No No No
IN: Projection on Projected Termination Date SiteAppRespUser Yes No No default value exists, and the system administrator can set the value at any level.
Limit By Persons Organization SiteAppRespUser Yes No No
OAB: Enable Self-Service Benefits Trace   Yes No Null
OAB:Self Registered User Responsibility SiteAppRespUser Yes No Self Registered Employee Default responsibility
OAB:User to Organization Link SiteAppRespUser Yes No Null
OAB:User to Payroll Link SiteAppRespUser Yes No Null
PAY: Enable Workflow for Assignment Costing SiteAppRespUser View only No Null. A system administrator can set the value at any level.
PAY: Display Reset Years in Payroll SiteAppRespUser Yes No No
PAY: Generate Periods for Tax Year SiteAppRespUser Yes    
PAY:Statement of Earnings User Category SiteRespUser Yes    
PER:Automatic Save Site Yes    
PER:Navigation Site Yes    
Personalize Self-Service Defn SiteAppRespUser Yes No No
PO: Services Procurement Enabled Site Viewonly No No
Performance Management Source Type Site No Yes (if you enable automatic update of competency profiles) NA
RTI Uptake SiteAppRespUser Yes No Null
Workforce Measurement Type Site No Yes  

Profile Options

Apply Assessment Competencies to Person

Controls whether HRMS updates an appraisee's competency profile automatically when an appraisal is complete. Set this option to Yes to enable automatic update of competency profiles.

AME:Installed

Determines whether Oracle Approvals Management (AME) is installed. Integrating applications such as Internet Expenses or iProcurement use this profile option to indicate if AME is installed.

AuditTrail:Activate

Determines whether the AuditTrail functionality is enabled or disabled.

When you enter or update data in your forms, you change the database tables underlying the forms you see and use. AuditTrail tracks which rows in a database table were updated at what time and which user was logged in using the form(s).

You can turn AuditTrail on or off (Yes or No). The default setting is No. You must set this option to Yes before you can audit any Oracle Applications table.

BEN:BEN HOURLY ANNUALIZATION FACTOR

Determines how to convert an hourly rate to an annual rate, and vice versa, if you want to use the Hourly activity reference period for Compensation Workbench plans. The default value is 2080 hours (8 hours * 5 days * 52 weeks).

BEN: Carry Forward Certification

Determines if benefits administrators can carry forward interim and suspended coverage created due to coverage restrictions configured for a life event when subsequent life events do not have coverage restrictions.

BEN:Benefits Preferred Currency

Controls the preferred currency in which a manager views and enters budget and worksheet distributions for the Compensation Workbench. Actual amounts are paid in the currency of the Compensation Workbench plan, not the preferred currency.

BEN: Check Enrollment Limits

Determines if the application should execute the check for minimum and maximum Plan Type in Program when an event is processed and the person cannot make elections.

BEN:Compensation Manager

Gives access to features in the Compensation Workbench that are available only to Compensation Managers.

BEN:Comp Objects Display Name Basis

Determines whether the compensation object names displayed in various application windows (both in the professional and self-service user interfaces) are based on the user's session date or the life event occurred on date.

BEN: Cross Business Group for Plan Design Copy

Controls whether a user can copy plan design data between business groups using the Plan Design Copy function. The default value for the profile option is 'Y.' If you set the value to 'N,' the user will only be able to export a plan design or copy the plan design within the business group attached to their responsibility.

Ben: CWB Approval Mode

Controls CWB Approval behavior. If you set the value to 'Y,' then the CWB Approval Mode enables you to enforce the submission and approval of all lower-level manager worksheets before higher-level managers may submit their worksheets for approval. The default approval mode allows the submission of a worksheet by a higher-level manager at any time regardless of the status of the lower-level manager worksheets.

BEN: CWB Allocation as Percent of Eligible Salary Decimals

Determines if the application displays decimals for percent of eligible salary based on allocated amounts.

BEN: CWB Budget as Percent of Eligible Salary Decimals

Determines if the application displays budgets as percent of eligible salary

BEN: CWB Budget Rows Displayed

Controls the number of rows available for display on budgetsheets, for example, if you set the profile option to 10, then managers and compensation administrators can choose to display between 1 and 10 rows on their budgetsheets.

Note: This profile option is available only in Oracle Applications Release 12

BEN: CWB Download Expire Seconds

Specifies the length in seconds available to download worksheets. The default value is 60 seconds. Increase this value if you have problems downloading large worksheets.

BEN:CWB Display Currency Type

Determines the last selected currency in Compensation Workbench for each manager. The application displays this value the next time managers log into CWB.

BEN: CWB Encrypt/Decrypt Key

Determines the key the application uses to decrypt security key information for downloaded Compensation Workbench worksheets. You can modify this key to any characters, however you must not change the key between a download and an upload.

BEN: CWB Estimated Market Price

This profile controls the estimate market price that the application uses to calculate the walk-away value of stock option grants. This is the default value of the market price that displays on the Extended Stock Option History page and Employee Stock Option History Report. Managers can override the value in CWB, which is retained for the session. However, the value defaults to the profile value upon re-login or session loss.

BEN: CWB History Type Display

Set this profile option to Extended Stock Option History for use with the Employee Stock Options Total Position Report. If you load stock history from a third party administrator into Oracle HRMS, you can use the Grant Detail Report Style of the Total Position Report to view details about grants held by individual employees.

BEN: CWB Home Plans Displayed

This determines how many plans the application displays on the home page before table navigation links display. The recommended value is 5 or more.

BEN: CWB Layout Lock Time

BEN: CWB Maximum Number of Layouts

BEN: CWB Plan Context for Reporting

Determines the Plan Name and Period that the application uses to obtain the Manager Hierarchy and Employee Information for the Reports available from the CWB Home Page. If you do not specify a Plan Name and Period, then the application uses the latest plan for which the manager is a participant. The Employee Stock Option History, and Employee Compensation History use this profile option.

BEN: CWB Spreadsheet Version

Controls the versions of MS Excel available for download of spreadsheets from CWB.

Note: This profile option is available only in Oracle Applications Release 12.

BEN:CWB Summary Level

Determines the last viewed display of the worksheet summary for each manager. The application displays this value during the next session. By default, this is set to Direct Employees.

BEN:CWB Table Population

Determines the last selected population filter on the worksheet. The application displays this value during the next session. By default, this is set to Direct Employees.

BEN: CWB Valid Grade Filtering

Determines if the application validates grades. If you set this profile to Yes (default), then the application displays only valid grades for a proposed job/position within the business group. If you set this profile to No, then the application displays all grades for the business group.

BEN: CWB Validate Performance/Assignment Changes Online

Determines if the application validates assignment changes online. If you set the profile option to Yes, then you enable assignment API edits for the worksheet and the application enforces the integrity between jobs, positions, and grades. If you set this profile option to No (default), then API edits are not online and the Compensation Workbench Post Process validates all assignment changes.

BEN: CWB Wizard Compratio Range

Determines the incremental range that displays on all pages using comparatio criteria. For example if you use 5, then the application displays comparatios in 5% ranges. The Allocation Wizard criteria option, the Employee Stock Option History report, the Employee Compensation History report, and the Summary By Directs report use this profile option. The default value is 5.

BEN: CWB Wizard Years Worked Range

Determines the incremental range that displays on all pages using Years Worked criteria. For example if you use 5, then the application displays the Years Worked in 5 Year Ranges. The Allocation Wizard criteria option, the Employee Stock Option History report, Employee Compensation History report, and the Summary By Directs report use this profile option. The default value is 1.

BEN: CWB Worksheet Rows Displayed

Controls the number of rows available for display on worksheets, for example, if you set the profile option to 10, then managers and compensation administrators can choose to display between 1 and 10 rows on their worksheets.

Note: This profile option is available only in Oracle Applications Release 12.

BEN: Designation No Change

Determines the contents of the Dependent Eligibility Audit log. If you set the profile option to No (the default value), the audit log returns information only for dependents with eligibility changes. If you set it to Yes, the audit log returns all dependents, even if they have no eligibility change.

BEN:Eligible Profile Rule

Controls how FastFormula rules are evaluated in an eligibility profile. The default value is AND. This means that a participant must satisfy all the rules you attach to an eligibility profile. If you set the profile option to OR, the participant need only satisfy one of the rules.

BEN:Enable Absence Plans Functionality

Displays the Enroll Absences button on the Absence Detail window. If you set this profile option to Yes for the users or responsibilities who will enter absences for absence benefit plans, they can run the Participation Process to process the absence life events.

BEN:Enable Quartile in Grade Life Event

Detemines whether the system triggers the Quartile in Grade Life Event when a change in a person's grade, salary basis, or salary moves them into a new quartile in grade. If you set this profile option to Yes, these conditions trigger the Quartile in Grade life event. If you set this profile option to No, the system never creates a Quartile in Grade potential life event.

BEN:Imputed Income Post Tax Deduction

Controls whether after-tax employee contributions are deducted from the imputed income total for a benefits plan subject to imputed income. If you set this profile set to N (the default value) the application assumes that the employer pays 100% of the given benefit.

BEN:Max Extract Line Size

Sets the maximum length of a record generated by the Extract Write Process for compensation and benefits system extracts.

BEN:VAPRO Rule

Controls how FastFormula rules are evaluated in a variable rate profile (VAPRO). The default value is AND. This means that a participant must satisfy all the rules you attach to a variable rate profile. If you set the profile option to OR, the participant need only satisfy one of the rules.

DateTrack:Date Security

Controls the way users can change their effective date:

The meaning of Past and Future here is with respect to the user's login date, which is usually today's date, but may be set to another value by the DateTrack:Login Date profile option.

See: How DateTrack Works, Oracle HRMS Implementation Guide

DateTrack:Enabled

Controls whether the DateTrack functionality is enabled. Set to Yes at the Application level for Oracle HRMS.

Important: This profile option applies to Full HR only. If you are installing Shared HR, the profile option value must be set to No.

See: How DateTrack Works, Oracle HRMS Implementation Guide

DateTrack:Login Date (YYYY/MM/DD)

Defines the log-in date for a user. Normally a user logs onto the system with an effective date of today's date. Use this profile option to change a user's default date to another date. This profile option works in conjunction with DateTrack:Date Security. For example, if a user has DateTrack:Date Security set to Future and DateTrack:Login Date set to 1900/01/01, they can change their effective date to any date after January 1 1900, but not before.

DateTrack:Reminder

Determines whether the Decision window appears when you open a window in which you can enter, update, or delete datetracked information. Notice that the Decision window never appears on windows where you can query datetracked information but not update it. There are three possible values:

Disable Self-Service Personalizations

Controls whether personalizations created for self-service functions using the Personalization Framework are applied. If the profile option is Yes, no personalizations are applied and only the original definition of each self-service page is displayed.

This profile option is used in SSHR.

Employer Payment Summary (EPS) Approval

Set this profile value to No if you do not want the approval process to take place for Employer Payment Summary submission. The EPS process skips the part of the process that sets the EPS record status to 'completed' and there is no approver interaction required. When you submit the record, it is set to 'verified' directly. The default value is Yes. If it is left as the default , then the EPS submit process sets the EPS record status to 'completed', sends it to the approver, and when the approver submits the record, EPS process sets the status to 'verified' which subsequently is picked up for EDI file creation process.

This profile option is for users of the UK legislation only.

Enable Security Groups

Controls whether you use multiple security groups. There are three possible values for the profile:

Change the profile option to Yes at application level only if your enterprise is implementing a Security Groups Enabled system (multiple security groups). If you change the profile option to Yes, you must run the Enable Multiple Security Groups process. See Security Models.

Important: Once you have changed to Security Groups Enabled Security you cannot revert to the Standard Security model.

Note: Non-HRMS applications do not support multiple security groups in Release 11i.

Flexfields:Open Descr Window

Determines whether a descriptive flexfield window automatically opens when you navigate to the corresponding field.

Set the profile option to Yes if you want the flexfield to pop open automatically. If you set this option to No, you can open the flexfield by choosing Edit Field from the Edit menu or pressing CTRL+L.

Flexfields:Open Key Window

Determines whether a key flexfield window automatically opens when you navigate to the corresponding field.

Set the profile value to Yes if you want the flexfield to pop open automatically. If you set this option to No, you can open the flexfield by choosing Edit Field from the Edit menu or pressing CTRL+L.

Help Localization Code

Controls which set of help files are linked to each responsibility. If you accept the default value, then the set of help files for Global HRMS will be associated with the responsibility. However, if you want to specify a legislative or vertical variant of HRMS, then you must set the Help Localization Code as shown in the following table:

Help Localization Code Localization
AE UAE
AU Australia
BE Belgium
CA Canada
CN China
DE Germany
DK Denmark
ES Spain
FD US Federal
FI Finland
FR France
HK Hong Kong
HU Hungary
IE Ireland
IN India
IT Italy
JP Japan
KR Korea
KW Kuwait
MX Mexico
NL Netherlands
NO Norway
NZ New Zealand
PL Poland
RU Russia
SA Saudi Arabia
SG Singapore
SE Sweden
UK UK
US US
ZA South Africa

Note: These entries must be in upper case.

HR: Absence Duration Auto Overwrite

Controls whether the absence duration formula automatically recalculates the duration of an absence when the date or time of the absence is changed. Set the profile option to Yes if you have created an absence duration formula (or one is supplied by your localization team) and you want absence durations to be recalculated automatically.

See: Absence Recording, Oracle HRMS Compensation and Benefits Management Guide

HR: Absence View Layout

Controls whether a manager sees the Detail Summary View in a Form or Tabular Format.

This profile option is used in SSHR.

HR: Access Non-Current Employee Data

Controls the display of records of ex-employees and future dated employees. Set the profile option value to Yes to enable HR users to view data of ex-employees and future dated employees if you are using user-based security.

Note: This profile option does not apply to security profiles based on the supervisor hierarchy. You can use this profile option if your security profiles are based on user-based organization security, or user-based position security, or user-based custom security. For information on user-based security, see: Security Profiles

HR: Accrual Plan Element Set Displayed to User

Enables the display of accrual balances in the SSHR Leave of Absence page, when you attach the required element set to this profile at the appropriate levels.

See: Viewing Accrual Balances in SSHR, Oracle SSHR Deploy Self-Service Capability Guide

HR:Action Parameter Group Name

Identifies the set of action parameter values for all payroll processes supported by the Action Parameter group. You use action parameter values to control the process run, for example, to enable parallel processing, to control the number of API batch calls, and to specify the number of errors allowed before the process run fails.

See: Maintaining Parameters and Parameter Groups for Payroll Processes, Oracle HRMS Implementation Guide

HR: Actions - Validation

Controls the point at which the application runs validation checks for Pending workflow transactions within SSHR. The validation can be carried out using one of the following options:

This profile option is used in SSHR.

HR:Allow Approver Updates to Self Service Actions

Controls whether an approver can make updates to self-service actions. The self-service actions functionality uses Oracle Approvals Management (AME) to determine the list of approvers for the action. If you set this profile option to No, the approver can approve or reject the action or return the action to a previous approver on the chain after receiving the workflow notification. If you set this profile option to Yes, the approver can also update the action, for example, change the effective date.

See: Approving a Self-Service Action, Oracle SSHR Deploy Self-Service Capability Guide

This profile option is used in SSHR.

HR:Allow Concurrent Self Service Actions

Controls whether Oracle SSHR can process multiple actions on a selected person at the same time. If you set this profile option to No, the Pending column is displayed on the Actions page. This indicates to the user whether pending transactions are present. The user can then review the pending transaction. If you set the profile option to Yes, you allow multiple simultaneous self-service actions. This means that the Pending column is not displayed, and users can perform actions against all assignments. On final approval, each action takes effect on its own effective date, superseding any actions with a previous effective date.

See: Managing Conflicting Actions, Oracle SSHR Deploy Self-Service Capability Guide

This profile option is used in SSHR.

HR: Allow change Hire beyond Payroll actions

Enables payroll users to move the hire date beyond payroll actions. Along with this profile option, you must set the AMEND_HIRE_WITH_PAYACT legislation rule value to Y to enable this functionality. For more information on how to use the profile option and set the legislation rule, refer to note IDs 822228.1 and 1160327.1 on My Oracle Support.

HR:Allow Functions Access During Hrglobal Run

Set this profile option to Yes to enable access to HRMS responsibilities during an hrglobal run.

HR:Allow Online W-2 Viewing as of MM/DD

Enables your employees to view and download their online W-2 statements as PDF files. You specify the month and day from when the employees can view the W-2 statements for the current year.

See: Tax Information Form (W-2) (US), Oracle SSHR Deploy Self-Service Capability Guide

This profile option is used in SSHR.

HR:Allow Processing of Ineligible Self Service Actions

Controls whether self-service users, usually managers, can process ineligible self-service actions. If you set the profile option to Yes, users can process actions for which a selected person is not eligible. They may wish to do this if the action will become eligible by its effective date.

Note: This option depends on also enabling the profile option HR:Allow Use of Eligibility for Self Service Actions in order to display ineligible actions in the first instance.

See: HR:Allow Use of Eligibility for Self Service Actions

See: Set Up Eligibility Processing, Oracle SSHR Deploy Self-Service Capability Guide

This profile option is used in SSHR.

HR:Allow Use of Eligibility for Self Service Actions

Controls whether the Eligibility column is displayed on the Actions page for self-service actions. If you set this profile option to Yes, both eligible and ineligible actions are displayed on the Actions page along with the Eligibility column. The Eligibility column distinguishes between eligible and ineligible actions.

If you set this profile option to No, the Actions page only displays eligible actions and the Eligibility column is not displayed.

Note: Managers will not be able to process ineligible actions unless the profile option HR:Allow Processing of Ineligible Self Service Actions is also set to Yes.

See: HR:Allow Processing of Ineligible Self Service Actions

See: Set Up Eligibility Processing, Oracle SSHR Deploy Self-Service Capability Guide

This profile option is used in SSHR.

HR: Applicant Assignment Cleanup Run Mode

Controls how the HR Applicant Assignment Cleanup script (delivered in PER Family Pack J) is run.

See: Guide to the HR Applicant Assignment Cleanup Process (available on My Oracle Support Note ID 295319.1)

HR:Applications View Layout

Enables a manager to see the Detail Summary View in a Form or Tabular Format.

This User Profile Option is used in SSHR.

HR: Appraisal Template LOV

Controls whether the Appraisal Template field in V3.4 of the SSHR Appraisals function is available as a list of values (LOV) or a poplist. Set this profile option to Yes to display the field as an LOV or set it to No to display the field as a poplist.

This profile option is used in SSHR 3.4.

HR: Appraisee Can Add Participants

Controls whether appraisees can add participants to their appraisals. If yu set this profile option to Yes (the default value), appraisees can add participants. If you set this profile option to No, appraisees cannot add participants.

See: Appraisals (Self-Service), Oracle SSHR Deploy Self-Service Capability Guide

HR: Authoria Integration Enabled

Controls whether conext-sensitive links to the third-party information product Authoria HR are enabled. If you are using context-sensitive links from a button on the Oracle toolbar to Authoria HR, set this profile option to Yes to enable the integration, or No to disable the integration. If you set this option to No, the 'Info Online' toolbar button does not link to Authoria HR from the applicable windows, and hyperlinks do not appear in the applicable self-service pages.

See: Info Online Links to Authoria HR

HR: Authoria UK URL

Defines the URL of the Authoria HR engine providing UK-related content if you are using context-sensitive links from a button on the Oracle toolbar to the third-party information product Authoria HR.

See: Configuring Links Between Oracle Standard and Advanced Benefits and Authoria HR

HR: Authoria US URL

Defines the URL of the Authoria HR engine providing US-related content if you are using context-sensitive links from a button on the Oracle toolbar to the third-party information product Authoria HR.

See: Configuring Links Between Oracle Standard and Advanced Benefits and Authoria HR

HR: Auto Apply Collective Agreement Entitlements

Controls whether values calculated for a collective agreement during the entitlement evaluation process are applied automatically to an employee. For each entitlement item, the most beneficial value that the employee is entitled to is applied. Instances where the application cannot automatically establish the most beneficial value are noted in the log file and you can manually make a selection using the Collective Agreement Entitlements window.

See: Collective Agreement Administration, Oracle HRMS Enterprise and Workforce Management Guide

HR: Auto Evaluate Collective Agreement Entitlements

Controls whether the entitlement evaluation process is run automatically when an employee is first placed on a collective agreement.

See: Collective Agreement Administration, Oracle HRMS Enterprise and Workforce Management Guide

HR:Automatically Synchronize Single GL Company Cost Centers with HR

Controls whether the Synchronize Single GL Company Cost Centers with HR concurrent program runs automatically following the creation of a new GL account code combination. You use this profile option if you have set the HR: Generate Organizations from GL profile so that organizations are automatically created in HR based on GL cost centers.

See: Implementing Automatic Company Cost Center Creation, Oracle HRMS Enterprise and Workforce Management Guide

HR: Base Salary Required

Controls whether the Description and Salary fields are mandatory if a person's assignment has a salary basis assigned but no pay proposal. If you set this profile option to Yes, the fields are mandatory. The user must enter values for these fields.

HR: BIS Job Hierarchy - Job Grouping Level 1

Defines the value set that represents the first level job grouping in the Job Hierarchy. Ensure that the value set you select is associated with a Job Key Flexfield structure, otherwise the Job Hierarchy will not use it.

See: Structuring the Job Hierarchy, Oracle HRMS Deploy Strategic Reporting (HRMSi)

HR: BIS Job Hierarchy - Job Grouping Level 2

Defines the value set that represents the second level job grouping in the Job Hierarchy. Ensure that the value set you select is associated with a Job Key Flexfield structure, otherwise the Job Hierarchy will not use it.

See: Structuring the Job Hierarchy, Oracle HRMS Deploy Strategic Reporting (HRMSi)

HR:Blank Effective Date

Controls the default value of the effective date field on the Effective Date page that appears at the start of a self-service action. When you set this profile to Yes, the effective date field is blank. When you set it to No, the page displays the default date.

The default date can differ, depending on:

The default date is usually the system date. The default date is the effective date of the future change if (1) you do not enable managing actions and (2) future-dated changes exist.

HR:Business Group

This profile option determines the business group linked to a responsibility. The Setup Business Group is defaulted at Site level.

If you use Standard HRMS security this option is automatically set up when you enter the HR: Security Profile profile option, except in cases where you are using a global security profile (that is, a security profile that does not specify a business group). In this case, you must specifically set up this option for each responsibility.

If you use Security Groups Enabled security, this option is not user-configurable. The business group is determined when you create a security profile assignment using the Assign Security Profile window.

HR: Cancel Application

This profile option enables you to delete an applicant's record that has been entered in error. The default value is set to Null, this is interpreted as No and the function will not work.

HR: Check Entitlement Cache

This profile option is supplied primarily for Oracle Development or Third Party Suppliers to use. It currently has no impact on delivered functionality.

This profile option enables you to control whether the entitlement evaluation process first looks to see if a value for a particular entitlement exists in the cache before re-evaluating.

HR: Collective Agreement Logging

This profile option enables you to control whether the log file generated during the entitlement evaluation or entitlement population processes shows high or low detail. This profile only affects the processed that run from the Entitlement Results window, The log generated when you run the Collective Agreement Entitlement Evaluation process from the Submit Requests window always displays high detail and is not affected by this profile option.

HR:Contingent Worker Manager Actions Menu

Controls which Manager Actions menu SSHR displays for managers who are also contingent workers. If you create a custom Manager Actions menu for contingent workers, you must change this profile option to point to your custom menu.

See: Actions, Oracle SSHR Deploy Self-Service Capability Guide

HR:Contingent Worker Personal Actions Menu

Controls which Personal Actions menu SSHR displays for users who are also contingent workers. If you create a custom Personal Actions menu for contingent workers, you must change this profile option to point to your custom menu.

See: Actions, Oracle SSHR Deploy Self-Service Capability Guide

HR: Copy Period Details for Budget

You use this user profile option for HRMS budgets. When you set the profile option to Yes, the application copies all budget details (budget periods, budget sets, and funding sources) to a new budget worksheet when the worksheet is a copy of an existing budget version.

HR:Cross Business Group

Controls whether users of some HRMS windows can see certain information for more than one business group.

For example, when defining contacts, you can see contacts in one business group, even if they have been created in another. Similarly, when nominating a supervisor for a person, you can select a supervisor from another business group.

In addition, if you set this option to Yes, it:

This profile option also controls the filtering of HRMS secure views. If you set this profile option to Yes, secure views display data across all business groups. If you set this profile option to No, the views filter data by the business group of the current security profile.

Note: If you have built custom code that references HRMS secure views, the setting of the HR: Cross Business Group profile option may affect the functionality of your code.

Set to Yes if users need to see this information across all business groups. Set to No if users only work with the information defined for one business group. The default is No.

HR: Cross BG Duplicate Person Check

Controls the duplicate person check functionality across multiple business groups in Oracle HRMS and Oracle SSHR. Set to Yes to enable the duplicate person check functionality across business groups. Oracle HRMS uses the global name format to search for duplicate person records across business groups.

Note: To use the HR: Cross BG Duplicate Person Check profile option, you must also enable the HR:Cross Business Group profile option.

For information about the global name format (Global List Name), see: Person-Name Formats, Oracle HRMS Workforce Sourcing, Deployment, and Talent Management Guide

The following table explains the searches that Oracle HRMS performs when you set up the HR: Cross BG Duplicate Person Check and HR:Cross Business Group profile options.

Value set for HR:Cross Business Group Value set for HR: Cross BG Duplicate Person Check Records that Oracle HRMS searches to identify duplicate person records
No No HR tables in a business group. The application uses the last name, first name, date of birth, or national identifier values to search in HR tables.
No Yes HR tables in a business group. The application uses the last name, first name, date of birth, or national identifier values to search in HR tables.
Yes Yes HR tables in all business groups and TCA (Trading Community Architecture) tables. The application uses the global name format to search in HR tables.
Yes No The application does not search for duplicate person records either across multiple business groups or in a single business group.

HR: CWK in Head Count Reports

Determines whether contingent workers are included in head-count reports. The default value is Yes. Set this option to No to exclude contingent workers from head-count reports.

HR: Data Exchange Directory

This profile option is used by Data Uploader and other areas of the system which need to read or import files. Set this profile to the full path for a directory accessible to the Oracle database. Files stored in this directory can then be accessed by Oracle HRMS.

HR: Data Migrator Business Group Lockout

This profile option is for a future release.

HR:Data Pump Action Parameter Group

Data pump may now be configured using action parameter groups instead of the default action parameters. This configuration enables data pump configuration to be separate to that of payroll processes that share action parameters (e.g. the THREADS action parameter) with Data Pump. You can use the HR:Data Pump Action Parameter Group profile option to specify the default action parameter group to use for Data Pump action parameters. HRMS also provides an extra concurrent program parameter to enable the action parameter group to be changed for the Data Pump run.

The default value for this profile option is Null and it is treated as Null in the code (the default action parameter group).

HR:Default Assignment Costing

Set this profile option to Yes to enable default costing for position assignments. For position control budgets, the default value is the proportional value for the budget. You can write a FastFormula to override the budget value with other costing segments and proportions.

HR:Default Check/Cheque Number Method

Use this profile option to set the automatic check/cheque number process. You can set this profile with the Organization Payment Level value to enable automatic check/cheque numbering. This profile option is for US and Canadian Payroll only.

HR: Default Correspondence Language

Specifies a default language for the Correspondence Language field.

This profile option is for users of the Italian legislation only.

HR: Default Full Name Format

Controls the default value for the full name format.

This profile option is for users of the Dutch legislation only.

HR: Default Nationality

Defines the default nationality for a user. When a new person is entered in the People window, the nationality entered here is automatically displayed in the Nationality field.

HR: Defer Update After Approval

Defers save of SSHR transactions after the final approval. The transaction is saved automatically when the Workflow Background Proces runs.

This applies to Self Service.

HR: Disable Ethnicity Tab

Enables you to disable the ethnicity tab in the People window.

This profile option is for users of the Dutch legislation only.

HR:Display Competencies

Controls the display of competencies in an Advanced Search. It is used to control the display of skill categories in:

This User Profile Option is used in SSHR.

HR:Display Brief Person Name

By default this profile option is set to Brief Name, which means that on the Enter Process pages, employee names are displayed in brief format. If you prefer to see the full employee name, set this profile option to Full Name.

HR: Display Position Hierarchy

If set to Yes position hierarchy will be used in the HGrid on the Enter Process page in SSHR. By default the HGrid uses supervisor hierarchy.

HR:Employee Directory Global Menu

Enables you to specify a menu to provide global buttons in addition to the standard Self Service Global Menu buttons if a user accesses the Employee Directory anonymously. You can specify any menu with the menu type Global Menu.

See: The Employee Directory Module, Oracle SSHR Deploy Self-Service Capability Guide

HR: Employment View Layout

Enables a manager to see the Detail Summary View in a Form or Tabular Format.

This User Profile Option is used in SSHR.

HR:Enable Bank Branch Validation

Set this profile option to Yes to turn the Sort Code validation on and off. Sort Code will only appear for territories, for example GB, where branch code validation is supported. You disable the validation if you don't set this profile option or set it to N.

Note: Note: As this profile option is a global profile option, you should take care in a multi-territory Oracle HRMS implementation not to set it on with too wide a scope.

HR: Enable DTW4 defaulting

This profile option is for use by US and Canadian customers who use Vertex geocodes data to validate US and Canadian addresses. It enables or disables the defaulting of DTW4 employee tax data when an employee primary address or work address is changed. For example, set this option to No to prevent DTW4 data from being defaulted when an employee address is changed to an overseas address.

The default is Yes. This option can be set at site level only.

Important: This profile option is US legislation specific profile related to tax rules and works with Full HR only. If you are installing Shared HR, the profile option must be set to No.

HR: Enable Multiple Assignments in SSHR

Controls whether a manager can view and update multiple assignments for an employee in SSHR. If you set the profile option to Yes, all the assignments of a person are displayed on the Hierarchy page. If you set the profile option to No, only primary assignments are displayed.

See: People in Hierarchy, My List, and Search Pages, Oracle SSHR Deploy Self-Service Capability Guide

This profile option is used in SSHR.

HR: Enable Initiator to Delete a Pending-Approval Transaction

Determines whether managers or workers can delete any transactions that they have initiated before approval in Oracle SSHR. If you set this profile option to Yes, then the initiator of the transaction can view the transaction in the list of Pending-Approval action items or in the All Actions Awaiting Your Attention table, and use the Delete icon to remove that transaction. The default value is No.

For information about the delete transactions pending approval functionality, see: Self-Service Functionality, Oracle Self-Service Human Resources Deploy Self-Service Capability Guide

HR: Enable Multiple Assignments for Payroll Simulation

Enables you to choose the assignment for which you can run payroll simulation if you have multiple assignments by setting the profile option to Yes. If the profile option is set to No, then you can run the payroll simulation process only for the primary assignment.

HR: Enable Payroll Simulation

Determines whether a professional payroll user or employee can run payroll simulation. If you set the profile option to Yes, you can model the payslip/paycheck by changing the payroll information and generate a sample payslip.

HR: Enable Security for Batch Element Entry

Enables you to prevent unauthorized viewing and updating of batch lines for a confidential assignment by setting the profile option to Yes.

HR: Enforce Costing Mandatory Segment Check at Data Entry

Set this profile option to Yes to specify that users must enter a value for a mandatory costing segment at each costing level where it is qualified.

HR: Execute Legislative Check Formula within Run

Determines whether the legislation-specific check is performed during a payroll run.

HR: Expand Role of Contingent Worker

Determines whether you can select contingent workers to perform many of the roles fulfilled by employees. For example, if you set this option to Yes, you can select a contingent worker to be a supervisor in the Assignment window and an authorizer in the Absence window.

You can select a contingent worker to fulfill the following roles:

HR: Extension Agent

If you are using Info Online to allow users to access to information provider web sites from a button on the Oracle toolbar, use this profile option to launch dynamic content via a web server different from the one specified by the Applications Servlet Agent.

HR: Extension Agent Client Timeout

If you are using Info Online to allow users to access information provider web sites from a button on the Oracle toolbar, this profile sets the maximum time in seconds that the system waits to contact the web server mediating the connection to Authoria HR.

You should not set this value unless asked to do so by Support.

HR: Extension Agent Enabled

If you are using Info Online to allow users to access information provider web sites from a button on the Oracle toolbar, this profile option controls whether or not the feature is enabled for a user or group of users. Set to Yes to enable the feature and display the Info Online button on the Oracle toolbar. Set to No to disable the feature and hide the button.

This is similar to the way that Applications Help Web Agent acts as an override to the default.

HR: FastFormula Debug Level

Enables debugging information to be output from the FastFormula compiler and execution engine.

HR: Free text school name allowed in Self Service

If this profile option is set to No, the user will not be able to enter text freely for the school name. Instead their entry will be restricted to a list of values. If the profile option is set to Yes they can enter free text, or choose from the list of values.

HR:French HRMS check mandatory payroll assignment attributes exist

Determines whether to perform the mandatory checks for establishment, contract, and employee category attribution on payroll assignments when your business group is French.

HR: FTE Factor

Determines the FTE (Full Time Equivalent) factor that the application uses to calculate full-time annual pay. You can set the option to:

HR: GL Cost Center Org Classifications

This profile option defines which organization classifications are created when you synchronize your GL cost centers with your organizations in HRMS. It has the following settings:

HR: GL Cost Center Synchronization Options

This profile option is obsolete.

HR: GL Organization Name Format

This profile option enables you to define the name format for organizations created automatically in HRMS based on a GL cost center.

HR:Global Competence Flex Structure

Defines the competence key flexfield structure for use when creating global competencies. If you do not set this option, then you cannot create global competencies.

HR:Grade Key Flex-Identify 1st and 2nd Segments

These options are used to control which two segments of the key flexfields appear in Person Search.

This profile option is used in SSHR.

HR: HR/Payroll Representative Source

SSHR offers three methods for determining an organization's default payroll representative:

This profile option is used in SSHR.

HR:IE P35 Reporting Year

Determines the tax year for which you want to report the P35. If you do not set this option, you cannot report P35.

HR: Info Online: Open in New Window

If you are using Info Online to allow users to access information provider web sites from a button on the Oracle HRMS toolbar, this profile option controls whether the results are displayed in a separate browser window each time the user follows a link. Set to Yes to open a new window for each link followed; set to No to use the same window for each link.

HR: Info Online: RIA Password

If you are using Info Online to allow users to access the third party information product RIA from a button on the Oracle toolbar, this profile option controls the single sign-on capability between Oracle and RIA. Enter a valid password at user level.

Note: If you change your password on PCP then you must also update this user profile option.

HR: Info Online: RIA Username

If you are using Info Online to allow users to access the third party information product RIA from a button on the Oracle toolbar, this profile option controls the single sign-on capability between Oracle and RIA. Enter a valid username at user level.

HR: Info Online Toolbar Icon

If you are using Info Online to allow users to access information provider web sites from a button on the Oracle toolbar, you can optionally use this profile option to identify an alternative icon for the Info Online toolbar button.

The image file should be in GIF format with the following attributes:

Place the file in the virtual directory (relative to the web server used to start forms):

/OA_JAVA/oracle/apps/media

In most installations this would be the directory:

$JAVA_TOP/oracle/apps/media.

HR: Info Online: Use Field Context

If you are using Info Online to allow users to access information provider web sites from a button on the Oracle toolbar, this profile option narrows the search using predefined contexts associated with your current field and window.

Set to Yes to use the predefined contexts to narrow the search; set to No to display a list of all predefined options that are available from the selected window.

HR:Informal Name Format

Use this profile option to define the way a person's name appears in your workflow notifications. If you do not set the HR: Informal Name Format profile option, the application uses the default name structure.

Use the following values:

HR:Job Key Flex-Identify 1st and 2nd Segments

These options are used to control which two segments of the key flexfields appear in Person Search.

This profile option is used in SSHR.

HR: Job Level

The job level options are used to determine the seniority of a person's job. You can set a default for the job level at Site, Application and Responsibility level.

HR: KI Framework Version

If you are using Info Online to allow users to access information provider web sites, use this profile to set the version of Knowledge Integrator Framework.

HR: KI Maximum Topics and Integrations

If you are using Info Online to allow users to access information provider web sites, use this profile to set the maximum number of topics or providers to display in the Content Container before the More link appears.

HR: Enwisen Login URL

Defines the URL of Enwisen web site, a third-party information provider that end users can access from Oracle iRecruitment, Oracle Performance Management, Oracle SSHR, and Oracle Time and Labor pages.

See: Info Online Links to Information Provider Web Sites

HR: KI Providers Enabled

If you are using Info Online to allow users to access information provider web sites, then this profile option controls the Providers region in the Info Online content container. Set to Yes to display the Providers region.

See: Info Online Content Container

HR: KI Topics Enabled

If you are using Info Online to allow users to access information provider web sites, then this profile option controls the Topics region in the Info Online content container. Set to Yes to display the Topics region.

See: Info Online Content Container

HR: KI User Options Enabled

If you are using Info Online to allow users to access information provider web sites, then this profile option controls the User Options region in the Info Online content container. Set to Yes to display the User Options region.

See: Info Online Content Container

HR: Class Name to Fetch KI Data

Use this profile option to implement additional security when accessing Enwisen, a third-party information provider. The value for this profile option must be a fully qualified name of a Java class that implements Oracle's predefined Java interface: oracle.apps.per.ki.kiserver.KIDataFetcher. The Java class contains the method to retrieve login values when end users access Enwisen from Oracle HRMS product pages.

See: Configuring Links between HRMS Products and Enwisen

HR:Local Nationality

Use this profile to set a value for nationality. This profile option is for users of the Saudi Arabia Payroll only.

The system administrator sets this option at any level of standard Security hierarchy type - Site, Application, Responsibility, and User.

The system administrator must enter a nationality code, available in the user defined-lookup_type, NATIONALITY. You cannot run the payroll until you set this profile option. If you attempt to run payroll before setting this option, the application will display an error message.

HR: Localization in SSHR

Identifies the localization for SSHR. This profile option is only valid for SSHR releases prior to SSHR 4.0.

HR: Local or Global Name Format

Determines whether the user sees person names in local or global formats. The value Local Format enables users to display names in a character set appropriate to their legislation. The value Global Format enables users in multinational enterprises, which generally use multiple character sets, to display person names in a single (typically, Western) character set. This option applies to the supplied Display Name and List Name formats, to edited versions of those formats, and to user-defined format masks.

HR: Make National Identifier Optional

Enables recording employee information without entering the SOFI Number in the Person window, the People Management Templates, and the Self-Service page. To make entering the BSN/SOFI Number optional, set this option to Yes. To make it a mandatory field, set this option to No.

HR:Manage Self Service Actions When Future-Dated Changes Exist

Controls potential data conflicts if future-dated changes exist for self-service actions. If you have set the profile option HR:Allow Concurrent Self Service Actions to Yes, this profile option allows you to determine how SSHR processes the actions.

The default value for the profile option is Stop with an Error. This forces the user to choose an effective date subsequent to any future-dated change.

If you change the profile option to Allow Approval (Notify HR Rep), you allow the user to select a date prior to any future-dated changes. After final approval, the transaction is forwarded to an HR Representative for review and manual entry into the database.

Important: If you are setting this profile option to Allow Approval, and you have enabled HR:Allow Approver Updates to Self Service Actions, Oracle recommends that you also enable HR:Refresh Self Service Actions with Data from Intervening Actions.

See: Managing Conflicting Actions, Oracle SSHR Deploy Self-Service Capability Guide

This profile option is used in SSHR.

HR:Manager Actions Menu

Controls which actions menu is displayed for managers within SSHR. If you create a custom Manager Actions menu, you must change this profile option to point to your custom menu.

See: Actions, Oracle SSHR Deploy Self-Service Capability Guide

This profile option is used in SSHR.

HR: Manager Appraisals Menu

Controls the types of appraisal a manager can initiate (for example, Standard, 360 degree) from the Appraisals home page.

HR: Mask Characters

Use this profile option to set the number of characters or digits to display in numbers such as bank account or credit card numbers. Enter a positive number of digits to display from the back (for example, xxxx345) or a negative number of digits to display from the front (for example, 123xxxx).

HR: Metalink Integration Application

Use this profile option to select the first MetaLink page that appears when you choose the Info Online toolbar button in an HRMS window. You can select a page for a specific application (for example, Human Resources or Payroll), or you can add your own choice of pages to the list using the HR MetaLink Application lookup.

HR: Metalink Integration Enabled

Set this profile option to Yes to enable links from Oracle HRMS windows to MetaLink via the Info Online toolbar button. Set to No to disable the links.

HR:Monitor Balance Retrieval

This profile enables the Monitor Balance Retrieval Debug Tool, which allows you identify database items associated with the values held in the latest balance tables, in order to reference them in the formula called by the payroll run. Set to Yes to enable monitoring, or No to disable monitoring.

HR: NI Unique Error or Warning

Enables you to change the default warning to an error message.

If you want to warn users that the national identifier they have entered already exists, leave the default as warning. If you want to prevent a user entering the same national identifier more than once, you can change the message to an error. This stops the user entering the same national identifier.

HR: National Identifier Validation

Enables you to define the validation that is used for a national identifier. There are three possible values:

HR:Non-Updateable Element Set

Select a customization element set to define the element entry values that are view-only on the Element Entries window. Typically you use this user profile option to prevent updates to elements that are maintained using legislation-specific windows.

HR: Number Separator

Enables you to format integer, money and number values that are consistent with the ICX number format set at the Self-Service page. This profile has a value of either Yes or No. You can set it at the site level to ensure a consistent format across the application. The profile settings determine the group separator, decimal separator, and format of values. These settings will affect number formats on windows such as Element Entry, Element Description, Batch Element Entry, and User Tables.

HR: Online Tax Forms Update Method

Controls how SSHR processes multiple person assignments when dealing with tax information. SSHR supports multiple person assignments and keeps tax information for each assignment; however, since a person can file only one withholding form you must select one of the following options:

See: Tax Withholdings Form (W-4) (US), Oracle SSHR Deploy Self-Service Capability Guide

This profile option is used in SSHR.

HR: OAB New Benefits Model

Enables you to set up whether you are using the new benefits model, that is, Standard or Advanced Benefits. Enter Yes, if you are using the new benefits model. Enter No, if you are using the compensation and benefit models from previous releases.

HR: Override Grade Defaults

Controls whether the end user can override the default grade values when updating organization, position, or job information. If the profile option is set to No, the user can only select grade values from the defined list of values.

See: Assignment, Oracle SSHR Deploy Self-Service Capability Guide

This profile option is used in SSHR.

HR:Payroll Payments Self-Service Enable Multiple Assignments

This profile option is used by Payroll Payments Self-Service version 4. If it is set to No, employees can only specify payroll payments for their primary payroll assignment. If set to Yes, employees can specify payroll payments for additional payroll assignments. The default is No.

This profile option is used in SSHR.

HR:Payroll Payments Self-Service Payment Function

This profile option determines the defaults for the Organizational Payment Method (OPM). It operates differently depending on whether you have applied a foreign payment method enhancement.

Before Applying a Foreign Payment Method Enhancement:

After Applying a Foreign Payment Method Enhancement:

HR:Payroll Payments Self-Service Payments List Mode

If you set this profile option to Like, you can select the organization payment method name on the basis of it being like an entry in the payments list configuration attribute instead of an exact match. The setting of Like also enables you to perform an exact match. The default of this profile option is null, which performs an exact match.

HR: Performance View Layout

Enables a manager to see the Detail Summary View in a Form or Tabular Format.

This profile option is used in SSHR.

HR:Personal Actions Menu

Controls which actions menu is displayed for users within SSHR. If you create a custom Personal Actions menu, you must change this profile option to point to your custom menu.

This profile option is used in SSHR.

HR: PL NI Unique Error or Warning

Controls whether HRMS generates an error or a warning for duplicate PESEL values at the legal-employer level. Valid values are Error, Warn, and None. Set to None if no validation is required.

See: HR: NI Unique Error or Warning

HR: Position Default Options for SSHR

These options control whether or not the application displays default information based on the position you select for an assignment. You can set one of four values:

HR:Position Key Flex-Identify 1st and 2nd Segments

These options are used to control which two segments of the key flexfields appear in Person Search.

This profile option is used in SSHR.

HR: Propagate Data Changes

Controls the synchronization of person records for an individual in multiple business groups.

To propagate changes made to a person record in one business group to records for the same person in all business groups, set this profile option to Yes.

Note: You can propagate changes to only those business groups your security profile allows you to update.

HR:Purge Element Entry Permission

Controls whether users can purge element entries (irrespective of whether those entries have been processed by a payroll run). It does not affect a user's ability to perform datetracked deletions or updates. The possible values are:

Note: If you have installed a third party payroll interface, you cannot purge any element entries attached to the interface. If you are using a setting of All or Information, an error message to this effect appears when you attempt to purge an element entry.

HR:Query Only Mode

Set to Yes to restrict access to view-only for all HR and Payroll forms on a menu.

You can set this profile for individual responsibilities or users, or at the site or application level.

If you want to give query-only access to some forms and full access to other forms, set the HR:Query Only Mode profile to No and use the parameter QUERY_ONLY=YES at form function level to restrict access to individual forms.

Note: You can set the parameter QUERY_ONLY=YES for a form function that also launches a task flow. In this case, specify two parameters in the Form Function window:

QUERY_ONLY=YES

WORKFLOW_NAME="task flow name"

The entire task flow will be query-only, not just the first form.

See: Restricting Access to Query-Only Mode.

HR:Refresh Self Service Actions with Data from Intervening Actions

This profile allows you to control the effect of concurrent actions. If this profile is set to Yes, when a pending change is approved which affects the current transaction the application will display a warning message listing changed attributes and the data will be refreshed. If it is set to No, the default, the application will display a warning message and the transaction will fail.

Oracle recommends that this profile option is set to Yes if HR: Allow Approver Updates to Self Service Actions is also set to Yes.

Note: Oracle recommends that you enable this option if you have set the system profile HR:Manage Self Service Actions When Future-Dated Changes Exist to Allow Approval (Notify HR Rep). Otherwise you should disable this option.

HR: Restrict Letter by Vacancy or Event

This profile serves both HR and OTA letter requests. It enables you to generate separate letter requests for each event (OTA) and for each vacancy (HR).

If you set the profile to Yes, it displays the Vacancy Name field on the Request Letter window. Choosing a value in this field restricts the letter generation to applicants associated with the vacancy you choose in the Vacancy Name field.

HR:Restrict Transactions across Legislations in SSHR

If the HR:Cross Business Group profile is set to Yes, this profile can prevent SSHR managers from carrying out transactions on employees (within their supervisor hierarchy) who are from different legislations.

HR: RIA Integration Enabled

Set this profile option to Yes to enable links from Oracle HRMS windows to the web pages of third party information provider RIA via the 'Info Online' toolbar button. Set to No to disable the links.

HR:Run BENMNGLE When Processing a Self Service Action

In order to ensure that the list of eligible actions and sub-actions is up to date, you must periodically run the Participation Batch Process (Run Benefits Manage Life Events Process) for that individual. This can be set to run automatically every time a manager initiates an action by setting the profile option, HR:Run BENMNGLE When Processing a Self Service Action, to Yes.

HR: Salary View Layout

Enables a manager to see the Detail Summary View in a Form or Tabular Format.

This User Profile Option is used in SSHR.

HR: Save and Stay in Appraisals Page

Controls what happens when the user clicks Save as Draft in an SSHR Appraisals page. When this option is set to Yes, which is the default value, the user remains in the current page and can continue to edit the appraisal. When this option is set to No, the Appraisals home page appears.

HR: Schedule Based Absence Calculation

Set this profile option to Yes at the site level if you want the application to take into account the schedules and calendar events information from the worker's primary assignment to calculate the actual duration of an absence. The default is No. If you leave the default value for this profile, and have already created a basic formula for absence duration, the application calculates the absence duration on the basis of the absence start and end dates, without using the schedules and calendar events information.

HR: Security Profile

Restricts access to the organization, positions and payrolls defined in the security profile. This option is predefined at Site Level with the view-all security profile created for the Setup Business Group.

If you use Standard HRMS security you must set up the HR: Security Profile profile option for each responsibility.

If you use Security Groups Enabled security you must not set up the HR: Security Profile profile option. This is set up automatically when you assign security profiles using the Assign Security Profile window. You must only change the HR: Security Profile option by assigning a different security profile to a responsibility using the Assign Security Profile window.

HR: Security Performance Enhancer

Set this profile if you want to use the security performance enhancement feature. When you select Pick Performance Table(Assignment) as the value, the Oracle HRMS security mechanism retrieves information from the PER_ALL_ASSIGNMENTS_F_PERF performance table instead of the PER_ALL_ASSIGNMENTS_F base table when the person security evaluation happens and display of data is faster. You can set this profile option at the Responsibility level only.

See: Setting Up the Security Performance Enhancement Feature

Important: Before you set the profile option, you must run the Synchronize Security Performance Tables process. For more information, see: Running the Synchronize Security Performance Tables Process

HR: Self Service HR Licensed

Controls whether Self-Service HRMS (SSHR) is available. If the customer has obtained a license for SSHR, they must set this profile option to Yes at the site level.

This profile option is used in SSHR.

HR:Self Service New Hire Default Values

Specifies whether values for the new person record should be defaulted or not.

For the New Hire function, if the profile is set to Yes, then the following values are defaulted based on the primary assignment, as of the system date, of the person logged in:

The supervisor for the new person defaults to the person logged in. For both New Hire and Applicant Hire, this profile also controls which person type is defaulted.

This profile is used in SSHR.

HR:Self-Service Save for Later

This profile options allows the Save for Later button to be displayed on all transaction pages in Self Service. Set it to No to disable this feature.

HR: Servlet Timeout

If you are using Info Online to allow users to access information provider web sites, use this profile to set the maximum time in seconds that the system waits for a response from the web server mediating the connection to the integration partner.

HR: SM Employee Find Work Opp Menu

Controls suitability-matching functions for finding a work opportunity available to employees using the Employee Self-Service responsibility.

HR: SM Manager Find Person Menu

Controls suitability-matching functions available to managers using the HR Professional or Manager Self-Service responsibility for finding a person for a work opportunity.

HR: SM Manager Find Work Opp Menu

Controls suitability-matching functions available to managers using the HR Professional or Manager Self-Service responsibility for finding a work opportunity for a person.

HR: Subrogation

Use this profile option to set a value for subrogation. This profile option is for users of the French legislation only.

HR: Supervisor Hierarchy Usage

If you are using supervisor hierarchies for security within your organization, you use this profile option to specify whether the supervisor hierarchy is person-based or assignment-based.

HR: Training View Layout

Enables a manager to see the Detail Summary View in a Form or Tabular Format.

This profile option is used in SSHR.

HR:TCA Unmerge Options

The Trading Community Architecture (TCA) Unmerge function, which removes the records of people who are only contacts from the TCA party tables, is delivered in patch 3625452 and is part of the November 2003 Family Pack (PER Family Pack G). The TCA Unmerge function uses the TCA purge parties process, which checks references to party IDs throughout the E-Business Suite. This process can take a long time to complete. Patch 3621712 provides you with an alternative approach to the TCA Unmerge process. If you apply patch 3621712 prior to installing PER Family Pack G you can use this profile option to control how the unmerge process is run. Select one of the following options:

HR: US Address Line Length

This profile option, which specifies the maximum length of an address line, affects U.S. addresses only; it has no effect in other legislations. Oracle HRMS displays a warning message when you view or enter address lines longer than the value you specify here. The value of this profile option overrides any maximum address line length specified in the Personal Address Information descriptive flexfield for the current local U.S. address style.

HR: Use Fast Formula Based PTO Accruals

This user profile option is disabled.

HR: Use Global Applicant Numbering

Enables the global sequence for applicant-number generation. This sequence is shared among all business groups.

To set this profile option, you run the process "Change automatic person number generation to global sequencing". You cannot set this option in the System Profile Values window.

HR: Use Global Contingent Worker Numbering

Enables the global sequence for contingent-worker-number generation. This sequence is shared among all business groups.

To set this profile option, you run the process "Change automatic person number generation to global sequencing". You cannot set this option in the System Profile Values window.

HR: Use Global Employee Numbering

Enables the global sequence for employee-number generation. This sequence is shared among all business groups.

To set this profile option, you run the process "Change automatic person number generation to global sequencing". You cannot set this option in the System Profile Values window.

HR:Use Grade Defaults

This profile option allows you to restrict the list of values for the grade to include only those values permitted by the parent organization, job, or position.

This Profile Option is used in SSHR.

HR:Use Standard Attachments

Disables the facility to attach short text comments to records. Enables the attachment of multiple items of various types including OLE objects, Web pages, images, and word processed documents.

HR:User Type

Limits field access on windows shared between Oracle Human Resources and Oracle Payroll. If you do not use Oracle Payroll, it must be set to HR User for all responsibilities.

Note: You must set this profile option at responsibility level.

If you do use Oracle Payroll, you can give each responsibility one of the following user types, depending on the work role of the holders of the responsibility:

The windows that are dependent on the setting of this profile option are as follows:

Form Profile Setting Behavior
Define Element Classification (PAYWSDEC) HR User You cannot create secondary element classifications.
Define Element Type (PAYWSDET) HR User Some payroll fields are not available.
Define Payroll (PAYWSDPG) HR User The Statutory Information field is not visible.

Note: Statutory Information is not available at payroll level for all localizations, for example, it is not available for the UK.

Element Entries (PAYWSMEE) HR User The Processing Priority field in the Element Entry Values window is not available.
Define Assignment Status (PERWSDAS) HR User You cannot use the Payroll Status as a query criterion in Enter Query mode.
Define Benefit Contributions (PERWSEBC) Payroll User You cannot change the coverage type or contribution amounts for an existing benefit contributions record.
You cannot create benefit contribution records.
SSP/SMP (SSPWSENT) (UK Only) HR User You must enter the average earnings amount for your employee before you can calculate their entitlement to statutory payments.
SSP/SMP (SSPWSENT) (UK Only) Payroll User or HR with Payroll User You can derive the average earnings automatically.
Employee Assignment (PERWSEMA) HR User Payroll field is display only.
Employee Address and Define Location (US Federal Only) HR User The default address style is United States (International).
Employee Address and Define Location (US Federal Only) Payroll User or HR with Payroll User The default address style is United States.
Define Element Type (US Federal Only) HR User The application uses the predefined Federal element names.
Define Element Type (US Federal Only) HR with Payroll User The application uses the element names you define for the Federal elements.
Terminate (US Federal Only) HR with Payroll User You can update the Final Process Date.

HR: Use Title in Person's full name

Enables you to remove title from a person's full name so that it does not appear in person search lists, such as the Find window on the Person window.

This user profile option is only effective when you insert new records or update existing records. To remove title from existing records without updating them you should run the Remove Title from Person's Full Name concurrent process.

HR: Verification External Node

Defines the URL for the external node for the Employment Verification function. The node redirects the access request from outside the security firewall to the HTML page containing the released employment information.

This profile option is used in SSHR.

HR: View Payslip From Date for WEB

Limits the number of pay periods an employee can view.

This profile option is used in SSHR.

HR: Views Layer Size

Enables you to set the width of the Employee Name and Employee Number floating layer to the longest name and number you have.

This profile option is used in SSHR.

HR:View Unpublished Employee 360 Degree Self Appraisal

Enables a manager to view employees' unpublished 360 Degree appraisals. (This option does not affect self appraisals.) Set this option to Yes to view employees' unpublished 360 Degree appraisals. The default value is Null.

HR:Webapps Tips Test Mode

Forces all tip icons in SSHR to be displayed whether tip text is defined or not.

This User Profile Option is used in SSHR.

HR: Web Proxy Host

This option is used as part of the Knowledge Management which allows the Proxy Host to be used when accessing an external site.

HR: Web Proxy Port

This option is used as part of the Knowledge Management which allows the Proxy Port to be used when accessing an external site.

HR: Worker Appraisals Menu

Controls the types of appraisal a worker can initiate. The default value is Employee Appraisals Menu.

HR: ZA Nature of Person Mandatory at Person Level

Set this profile option to Yes to make the Nature of Person mandatory at the Person level. This ensures the application validates the Nature of Person during data entry. If you set this profile option to No, then Nature of Person is optional at the person level, and the application performs validations only when you run the Tax Year End Validation report. You must run the Generic Upgrade Mechanism process using the South Africa: Populate Nature of Person at the Person Level parameter to display the Nature of Person details at the person level for existing employees.

HRI: Collect Manager Snapshots

If you turn this profile option on, the DBI for HRMS collection process collects an additional summary layer for managers who have more staff than a specified number reporting to them. The default value is No. Use in conjunction with HRI: Manager Snapshot Threshold.

HRI: Collect Open Enrollment in Progress

Determines the enrollment data that DBI for HRMS collects. Set this profile option to Yes to collect data for the current open enrollment period. To collect historic data of enrollments along with the open enrollment data, set the profile option to No.

HRI:DBI Chief HR Officer Named User

Enables users of the Chief HR officer responsibility to access the Chief HR Officer dashboards effectively as the CEO of the enterprise.

Note: You must have successfully run an Initial Load before you set this profile option.

Select the name of the user from the profile option list. The list of managers shown for the profile is only those at level 1 (the top of the hierarchy). To turn this profile off, set the profile option value to No.

Note: This new profile option only affects the Chief HR Officer responsibility.

HRI:DBI Force Foundation HR Processes

Determines whether the HRI Collection Programs run in Foundation HR mode (on a Full HR Installation). The Foundation HR mode only collects data as of the system date; it does not maintain historical data. If you are an HRI DBI customer, you must set this profile option to No.

Non-DBI for HRMS customers, who do not require any more than the basic data collected in a Foundation HR implementation, can set the HRI:DBI Force Foundation HR Processes profile option to Yes. This setting reduces the amount of data collected and improves load times.

HRI:DBI Link to Transaction System

Enables users of DBI for HRMS to drill from detail reports to employee records in the HR Self Service Employee Directory.

Set this profile option to HR Employee Directory to turn this feature on. The default value is Disable Link.

HRI:Enable Benefits Collections and Event Queue

Enables managers to view the life event statuses for participants in the open enrollment period. Set this profile option to display the life event statuses in the DBI for HRMS Enrollment Process Status report.

HRI:Enable Captured Events Archive

Controls the archive mode for the events capture process in DBI for HRMS. Set this option to Yes to archive all events that trigger incremental processing.

HRI:Enable Detailed Logging

Enables you to include a debug message in the concurrent manager log to troubleshoot errors during the HRI data collection process. Set the HRI:Enable Detailed Logging profile option to Yes. The default is No.

Caution: Only set this profile option to Yes if you encounter an error. Debugging the collection process impacts the collection timings.

HRI: Manager Snapshot Threshold

Determines the minimum number of staff required to enable snapshot collection for a manager. The default is 2500. Use this profile in conjunction with HRI: Collect Manager Snapshots.

HRI:Multithreading Chunk Size

Determines the number of objects processed at one time during the DBI for HRMS collection phase. The default value is 200. You can change this to a value between 1 and 16000. However, you should avoid processing a large numbers of objects, as the default value is the result of benchmark tests. If you receive the error "Oracle exception: cannot extend rollback segment" during the collection process, then reduce the value for this profile option.

HRI:Number of Threads to Launch

Determines the number of threads, or sub-processes, that run in parallel on multi-processor machines. If you have already installed PYUGEN on your system, then set this profile option to equal the THREADS parameter defined for PYUGEN. The default value for this parameter is 8.

Caution: Your Applications System Administrator must define the concurrent manager to allow the required number of sub-processes to run in parallel.

HRI:Period of Service / Placement Date Start Source

Determines how DBI for HRMS calculates the employee's periods of service. The default value is Start Date. With this setting, DBI for HRMS calculates periods of service from the beginning of employees' current period of service.

To calculate the employee's period of service from the beginning of their first period of service, change the value to Adjusted Service Date.

Caution: HRMS also uses the Adjusted Service Date to calculate benefits. You must therefore consider the effect on benefits if you use this feature.

HRI:Populate Assignment Events Queue

Determines whether the events collection process in DBI for HRMS populates the incremental update queue for the assignment events collection process. If you never run the assignment events process, set this profile option to No to reduce the load times of other processes. If you are a DBI for HRMS customer, you must set this profile option to Yes.

HRI:Populate Supervisor Hierarchy Events Queue

Determines whether the events collection process in DBI for HRMS populates the incremental update queue for the supervisor hierarchy collection process. If you never run the supervisor hierarchy process, set this profile option to No to reduce the load times of other processes. If you are a DBI for HRMS customer, you must set this profile option to Yes.

HRI:Populate Supervisor Status History Events Queue

Determines whether the events collection process in DBI for HRMS populates the incremental update queue for the supervisor status history collection process. If you never run the supervisor status history process, set this profile option to No to reduce the load times of other processes. If you are a DBI for HRMS customer, you must set this profile option to Yes.

HRI: Workforce in Period Calculation Method

Determines the calculation that DBI reports use in averaging values over a period, for example, workforce turnover or average employee absence. Select from:

The default is null, which means that the calculation will use the headcount at the end date of the reporting period

HZ: Protect HR Person Information

Controls the synchronization of common data between Oracle HRMS and Oracle Student System (OSS). By default (when this option is set to No) data synchronization is enabled.

IN: Projection on Projected Termination Date

Set the profile option IN: Projection on Projected Termination Date to Yes to calculate tax using the projected termination date. If it is set to No, then the application uses the actual termination date to calculate the tax.

Limit by Persons Organization

Set this profile option to Y to limit the Compensation Objects selected by the Participation Process to only those linked to the employee's organization.

OAB:Self Registered User Responsibility

Identifies the responsibility to be granted to new users who successfully self-register in SSHR using the New User Registration processes. This profile option is seeded at site level with the seeded responsibility Self Registered Employee Default Responsibility. You can set this profile at responsibility level if you have created several responsibilities for different groups of users to use after initial registration.

This profile option is used in SSHR.

OAB:Enable Self-Service Benefits Trace

This profile option enables to you to generate a PYUPIP trace file for a particular Self-Service Benefits user that you select. Use this profile option to debug Self-Service Benefits election problems.

This profile option is used in SSHR.

OAB:User to Organization Link

In the self-service New User Registration processes, links the responsibility you give to new users to register on SSHR with the organization to which they belong.

This profile option is used in SSHR.

OAB:User to Payroll Link

In the self-service New User Registration processes, provides a default employee payroll linked to the responsibility you give to new users to register on SSHR.

This profile option is used in SSHR.

PAY: Enable Workflow for Assignment Costing

Enables the user to toggle between the two processes of using with or without the workflow option. If the profile is set to Yes, the application saves the data on approval. If the rule is set to No, the application saves the data immediately. The default is No.

PAY: Generate Periods for Tax Year

Since the lunar month has only 28 days, the yearly start date of a period would be always less than the legislation specific start date. This profile option enables you to reset the generated payroll period start date back to the legislation start date. You should set the profile option to Yes to display Reset Years in the Payroll window. The default value is No.

PAY:Statement of Earnings User Category

You use this profile when setting up a global statement of earnings to be viewed online. It enables you to select user category when setting up the global statement of earnings.

PER:Automatic Save

You use this profile when setting up iRecruitment. Set the profile option to Y to enable an automatic Save For Later operation when users navigate to a new web page.

PER:Navigation

You use this profile when setting up iRecruitment. Set the profile option to Y if you want the application to validate data on the current web page when users navigate to a new page (Next or Previous).

Personalize Self-Service Defn

This profile option enables or disables the global Personalize link and Personalize Region link that appear on self-service functions from SSHR 4.0 and above.

This profile option is used in SSHR.

PO: Services Procurement Enabled

Controls the availability of purchase-order information from Oracle Services Procurement to Oracle HRMS. If you use Oracle Services Procurement to provide purchase order information for contingent worker assignments, you must set this profile option to Yes.

Performance Management Source Type

Enables you to select a default value from the "PROFICIENCY_SOURCE" (Source of Proficiency Rating) user lookup. HRMS uses this value when updating a person's competency profile automatically after an appraisal.

Note: This profile option was previously known as Talent Management Source Type.

Workforce Measurement Type

Determines how DBI for HRMS measures the size of your workforce. The application currently only supports the value of Headcount.

RTI Uptake

Use this profile if you are not yet on RTI or migrating PAYE schemes to RTI in batches. This profile enables you to continue to use the existing BACS file creation functionality that does not generate the random number which is required to accommodate the HASHing requirement within RTI. Additionally, if you are migrating in batches, then you have this option for the non-RTI PAYE schemes. This profile has the following values:

Ensure that you set the correct option prior to submitting the BACS processes for the payrolls within the PAYE schemes after installing RTI functionality.

This profile option is for users of the UK legislation only.

Menus, Functions, and Responsibilities

Responsibilities

You can control users' access to human resources information by record, window and function.

The responsibility is your primary means of defining security. To define what a user can access you link a user, responsibility and Business Group to a security profile. Other important components of the responsibility are the menu structures, task flows and information types. These also help you limit the employee records a user can access.

Users can sign on to the system only through the responsibilities you give them. So their responsibilities control what they can see and do in the system.

Responsibility

A responsibility is linked to a security profile and composed of:

Responsibilities are also linked to business groups. However, depending on which security model you use, you link responsibilities differently.

Each model enables you to set up multiple responsibilities. You can assign multiple responsibilities to users who need to:

The Oracle HRMS responsibilities available globally include:

Note: You can access standard benefits features using the HR manager or HRMS manager responsibilities. Only use Super HRMS Manager if you have licensed Oracle Advanced Benefits.

Access Control Through Responsibility

The following key components help control user access to Oracle HRMS:

Important: If you do not associate any extra information types with a responsibility, a person assigned to this responsibility will not have access to any extra information types in the product.

For each responsibility, you must also define the user profile option HR:User Type.

Responsibility Ownership

If you are using Self-Service Human Resources (SSHR) you can use the Responsibility Ownership functionality to administer and control access to responsibilities by assigning an owner relationship. You can use the Responsibility Ownership functionality in SSHR to display a hierarchy of functions and menus attached to the responsibility and also display information on users of the responsibility. If appropriate, you can revoke access to a responsibility using the self-service interface.

See: Responsibility Ownership, Oracle SSHR Deploy Self-Service Capability Guide

Menu Structure

Users access standard windows, configured windows, and the first window in a task flow through the menu structure displayed in the Navigator window. Each responsibility includes a menu structure to restrict the windows users can access, and what they can do on these windows.

A function is a part of an application's functionality that is registered under a unique name for the purpose of assigning it to, or excluding it from, a responsibility. There are two types of functions: form functions, and non-form functions. For clarity, we refer to a form function as a form, and a non-form function as a subfunction, even though both are just instances of functions in the database.

Using Function Security system administrators can further restrict access to individual menu options. You can include:

By defining menus with function security for groups of users, you can:

Each responsibility you define must be linked to a root menu. The root menu lists the menu options when the Navigator window first opens.

The Default Menu Structure

The AutoInstall program creates a default menu structure for your HRMS product. This menu structure enables you to access all of the windows for your system. Normally, only a system administrator has access to the full default menu structure.

The supplied menus give you access to all of the available submenus. However, a number of predefined functions are not enabled on these menus. If your localization requires these menus, you need to add them for the responsibilities that should have access to these functions.

Caution: Oracle HRMS with DateTrack and task flows does not fully support multiple active windows. When you define a new menu for use with Oracle HRMS the top menu must include the following function as a separate menu option:

Disable Multiform

See: Disabling Multiple Windows

Request Groups

When you build a responsibility for employees who must initiate reports or processes, you can attach a request group to the responsibility. The request group lists a group of processes and reports its holders can run. Holders of responsibilities with no request groups cannot run any processes or reports.

The group Reports and Processes gives access to all predefined reports and processes.

Structuring Menus

Using function security and the Menus window, you can use the default menu for any number of responsibilities and restrict access to the default menu options. You can also define any number of new functions and menus to restrict the access of other users. To view the hierarchy of menus you have defined, you can run the Menu Structures report.

Caution: You should not modify the default functions and menus supplied with the system. On upgrade, these defaults will be overwritten.

If you want to add window configuration options or task flows you should define your own menus.

The supplied menus give you access to all of the available submenus. However, a number of predefined functions are not enabled on these menus. You need to add them for the responsibilities that should have access to these functions.

Structuring Menus

  1. Start by drawing it out on paper. This helps you to decide the best structure and the best prompts and descriptions.

  2. Decide how to structure your menus. Menus can be structured in different ways:

  3. Work from the lowest level of sub-menu to the highest and define the root menu as the last step in the sequence.

  4. Define as many submenus as you require under each menu option. We recommend that you restrict the number of menu levels to three because a menu structure with more levels is cumbersome to use.

Defining Menus

Use the Menus window to add predefined functions to a menu.

Caution: Oracle HRMS with DateTrack and task flows does not fully support multiple active windows. When you define a new menu for use with Oracle HRMS the top menu must include the following function as a separate menu option:

Disable Multiform

See: Disabling Multiple Windows

A number of predefined functions are not provided on the supplied menus. You can add them to your own menus. See: Menu Structure for a list of these functions.

To define a menu

  1. Query the menu onto which to add the function.

  2. Add a new line and select the function.

    For example, select Salary Administration: Approve to enable users to approve salary proposals.

  3. Save your changes.

    See: Menus Window, Oracle Applications System Administrator's Guide if you need further information about using the Menus window.

Disabling Multiple Windows

In most Oracle Applications, you can open multiple windows from the Navigator window without closing the window you already have open. HRMS, however, does not support Multiform functionality.

Important: You must disable this feature on menu structures that accesses Oracle HRMS windows.

To disable the Multiple Open Window feature

  1. Add a Function type menu entry to the top-level menu referenced by your new responsibility.

  2. Select the function whose User Function Name and Function Name are:

  3. Save your changes.

Defining Menu Functions

Use the Form Functions window to define your menu functions.

Function Security helps you to control the menu options you make available to each responsibility. When you define a responsibility you can restrict the submenus or functions for that responsibility using exclusion rules.

See: How Function Security Works, Oracle Applications Developer's Guide

Define Menu Functions

  1. Define your menu function using the Form Functions window.

    See: Form Functions Window, Oracle Applications Developer's Guide

  2. When you have created your custom functions, add them to a menu.

    See: Menus Window, Oracle Applications System Administrator's Guide

    Caution: You should not modify the default functions and menus supplied with the system. On upgrade, these defaults will be overwritten.

    If you want to add window configuration options or task flows you should define your own menus.

Restricting Access to Query-Only Mode

To restrict access to query-only mode for an individual form

  1. In the Form Functions window, select the form and specify the parameter QUERY_ONLY=YES. If you want to specify other parameters for this form function, separate them with a space.

  2. Enter a user function name to identify your new function, and save it.

  3. In the Menus window, select your new function instead of the supplied form function.

Using Parameters for HRMS Form Functions

To use parameters in Form Functions

For certain options you must define menu functions that include a parameter in the Parameters field of the Form Functions window, as follows:

If you need to specify more than one parameter for a form function, separate the parameters with a space.

For more information about using the Form Functions window see: Form Functions Window, Oracle Applications Developer's Guide

AuditTrail

AuditTrail Overview

The system administrator is responsible for performing AuditTrail on Oracle HRMS data.

Performing AuditTrail

AuditTrail provides a flexible approach to tracking the changes to your data. It enables you to keep a history of changes to your important data: what changed, who changed it, and when. With AuditTrail, you can easily determine how any data row or element obtained its current value. You can track information on most types of fields, including character, number and date fields.

You enable auditing for audit groups. These are groups of tables and columns you want to audit, where you do not necessarily need to include all the columns in a given table. You typically group together those tables that belong to the same business process, such as employee compensation tables.

During your AuditTrail implementation, you need to decide your audit requirements:

See: Oracle Applications System Administrator's Guide.

Audit Information Reports

The AuditTrail process creates a shadow table for each audited table, to hold the audit information.

For tables that are not datetracked, you can write a report that uses the views on the shadow tables to access the audit data. However, for datetracked tables, the information from the shadow tables must be extracted and written to the HR_AUDITS table and the HR_AUDIT_COLUMNS table before you can report on it.

The system's audit report performs this additional processing. You can use it as supplied or as an example of how to report on audit information. It can report on both datetracked and non-datetracked tables that have a numeric primary key.

Note: It can report on up to approximately 90 columns in datetracked tables and 80 columns in non-datetracked tables.

The report lists every change made to the table you select in the time period you specify when you run the report. You can restrict the reported changes to those made by a specified username. The changes are listed by date and time of the change. For each change, the report shows:

Table of Transaction Types in the Audit Report

The following table lists the 12 types of change and the information shown in the audit report for each type.

Type of Change Field Values Shown in the Report
Normal Insert
(creates a non-datetracked record)
The non-null values in the new record.
Normal Update
(updates a non-datetracked record)
The old and new values for all fields that changed.
Normal Delete
(deletes a non-datetracked record)
The non-null values in the record that was deleted.
DT First Insert
(creates a datetracked record)
The non-null values in the new record.
DT Update
(date-effectively ends the last row on a datetracked record and creates a new row)
The old and new values of all fields that changed, and the new effective end date on the old row.
DT Correction
(corrects a row of a datetracked record and does not change the effective dates)
The old and new values of all fields that changed, and the effective dates of the corrected row.
DT Replace
(creates a new row on a datetracked record that replaces all rows that start after its start date)
The non-null values in the rows that were deleted, the new effective end date on the row preceding the new row, and the old and new values of all fields that changed.
DT Insert
(creates a new row on a datetracked record that ends on the old effective end date of the preceding row)
The old and new values of all fields that changed, and the new effective end date on the row preceding the new row.
DT Purge
(deletes all rows of a datetracked record)
The non-null values in all rows of the record that was deleted.
DT End Date
(adds an effective end date to the last row of a datetracked record)
The new effective end date of the row.
DT All
(sets a new effective end date on a row of a datetracked record and deletes all following rows)
The non-null values in the rows that were deleted, and the new effective end date on the last row.
DT Next
(deletes a row of a datetracked record and uses its effective end date to set an new end date on the preceding row)
The non-null values in the row that was deleted, and the old and new effective end dates on the preceding row.

Custom Audit Reports

If you want to design your own audit report, you can copy the supplied report and use it as the basis of your own version. The supplied report uses a dynamic SQL structure to retrieve information for the report, and an Oracle Report to format it.

Dynamic SQL Structure

For a non-datetracked table, the dynamic SQL structure retrieves information and uses a private procedure to retrieve the new values for an update.

For a datetracked table, the dynamic SQL structure retrieves information from the function and procedure created for each datetracked table by the Audit Trail Update Datetracked Tables process:

The dynamic SQL structure comprises several character strings, which are concatenated into one long string, then parsed and executed using the dynamic SQL generator. If you change a string, you must ensure that you do not exceed the text space allocated to it, as listed in the package header.

The structure is built up by identifying the audited table column information, which is retrieved from the FND_AUDIT_COLUMNS table. The logic varies depending on the data type being audited.

The package for the dynamic SQL is called py_audit_report_pkg. It is found in the script pyadyn.pkh/pyadyn.pkb.

HR Audit Tables

The HR_AUDITS table holds audit information about the transaction. The HR_AUDIT_COLUMNS table holds the changed column information for that transaction.

HR_AUDITS Table

The following table shows the structure of the HR_AUDIT table:

COLUMN TYPE NULL
audit_id number(15) not null
commit_id number(9) not null
current_session_id number not null
primary_key varchar2(30) not null
primary_key_value number(15) not null
sequence_id number(9) not null
session_id number not null
table_name varchar2(30) not null
timestamp date not null
transaction varchar2(30) not null
transaction_type varchar2(30) not null
user_name varchar2(100) not null
effective_end_date date null
effective_start_date date null

HR_AUDIT_COLUMNS Table

The following table shows the structure of the HR_AUDIT_COLUMNS table:

COLUMN TYPE NULL
audit_id number(15) not null
column_id number(9) not null
column_name varchar2(30) not null
new_value varchar2(240) null
old_value varchar2(240) null

Setting Up AuditTrail

Setting up AuditTrail is usually a task for the system administrator.

The first six steps are required to enable auditing of any Oracle Applications table. They are explained in more detail in the Oracle Applications System Administrator's Guide. The final step is required only for tables in the HR application.

To set up AuditTrail

  1. Have your database administrator grant SELECT privileges on SYS.DBA_TABLES to the APPLSYS account. Normally this step will already have been done as part of your installation or upgrade.

    Using a System Administrator responsibility:

  2. In the System Profile Values window, set the AuditTrail:Activate profile option to Yes at Site or Application level.

  3. In the Audit Installations window, query the application(s) you want to audit, and check the Audit Enabled box next to the Oracle User Name.

  4. In the Audit Groups window, query the application and enter a name for the audit group, then select the tables you want to audit (using the User Table name). For a new audit group, select Enable Requested in the Group State field.

  5. In the Audit Tables window, query each table you want to audit, and select which columns in these tables you want to audit.

    Note: You cannot audit LONG, RAW, or LONG RAW columns.

  6. In the Submit Request window, run the AuditTrail Update Tables process. This process:

    Using an HR Manager responsibility:

  7. In the Submit Request window, run the AuditTrail Update Datetracked Tables process. For each datetracked table, this process:

    Important: You must rerun the AuditTrail Update Tables process and the AuditTrail Update Datetracked Tables process if you make any changes in the Audit Groups or Audit Tables windows.

Disabling AuditTrail

To disable AuditTrail

  1. You can disable the auditing of an audit group at any time by selecting a Disable state in the Audit Groups window.

    Tip: If you are planning high volume transactions on an audited table, such as loading a batch of information from another system, consider disabling auditing for the table's audit group. This will enable the batch loading to complete more quickly.

    Before you restart auditing, you should archive your audit data, according to your business needs, and purge the shadow tables. You purge the tables by setting the audit group to Disable - Purge Table and running the Audit Trail Update Tables report. To restart auditing, you set the audit group to Enable Requested and rerun the Audit Trail Update Tables process and the Audit Trail Update Datetracked Tables process.

Running the Predefined Audit Report

You can run an audit report using the system's predefined structure, or you can design your own audit report.

To run the predefined audit report

  1. Using an HR Manager responsibility, open the Submit Request window and select Audit Report in the Name field.

  2. Enter the Parameters field to open the Parameters window.

  3. Select an audited table (that is, one in an audit group) using the Table name.

  4. Select a value for the Initialization parameter:

  5. If you only want to report on the changes made by one user, enter the user name.

  6. Enter start and end dates to limit the time period for reporting audit information.

  7. Choose the Submit button.

    You can use the View Requests window to check the progress of the report.